Nivedit Majumdar Nivedit Majumdar

Quantified Self: Security and Privacy Concerns

Data is always important. Be it in the form of records or personal information, people always try and take steps to maintain a certain level of privacy when it comes to their data. And this is also the driving force behind the various security and privacy measures taken in the world of technology: be it in the form of cloud security, encryption rules or even antivirus algorithms: everything is aimed at protection of data.

Now with the rise in popularity of the Quantified Self movement, data is being generated from and monitored by the users in intervals of mere heartbeats. Data encompassing medical records, location and fitness stats are generated and are maintained by dedicated software suites. While we’ve always believed that the statistics must be as comprehensive and informative as possible, this also brings the question of security or the privacy of this data into question.

And that is the crux of my article here. The Quantified Self: in terms of privacy and security of data.

THE CONVENTIONAL SYSTEM, SO FAR.

Before getting an idea of what are the privacy concerns, let’s take a look at what the system of QS data gathering looks like, as of today.

emberify_conventional_process_of_information_Gathering_and_sync
(Terminology Credits: aaronparecki.com)

So first off, there’s the wearable itself, which tracks the user, collects the data on the basis of various APIs and then sends it to a centralised aggregator service, which then converts it into a suitable format which can be informative to the user.

Although this system is fairly simple to understand and implement, it does have quite a few drawbacks. Number one, there is the question of flexibility, as the user has to rely on aggregator services that are pre-decided. Number two, is the question of security. Hackers could work on the software structure of the aggregators and get the data of the user.

Not only that, most of the fitness trackers depend on Bluetooth Low Energy for data transmission. Hackers could simply put some intercepting devices that could pair through Bluetooth, to again procure the user’s vital statistics.

INFORMATION GENERATED

No, there aren’t any money transactions involved. And over some time, we’ve actually gotten accustomed to revealing a fair amount of personal information about ourselves, for example while signing up on a website. So what could be the data at stake here?

emberify_information_processing_cover

Again, with the Quantified Self, the definition of personal information has also been altered. Traditional Personally Identifiable Information has now gotten a QS makeover, and takes into consideration medical records, blood pressure statistics, fitness graphs, weight, calories, sleep patterns, moods and a whole lot more.

Why is this significant? This data, in the wrong hands, can reveal everything about a person. The purpose of QS is data analysis and insight for influencing future behaviour patterns, and these factors – if studied thoroughly – could provide a whole lot of personal (and I mean skin deep) information to anyone.

RISKS INVOLVED

LOCATION OF USER

What if the tracking device took into account the location of the user? For the user, it’s great: it’s a step towards more comprehensive QS. But put this information in the wrong hands, and you’ve got yourself a stalker.

IDENTITY THEFT

The best con men are the best at impersonating others, and this is the case here too. Getting hold of somebody’s personal statistics basically puts a criminal in the user’s shoes, and impersonating become all the more easier.

PROFILING

Many organizations already use profiling to target, exclude, or even discriminate against certain types of people based on personal information that they have collected about them. Details provided by users to self-tracking services could enable marketers and government agencies to organize and target certain types of users. This is a major human rights concern, and security measures on fitness trackers can put an end to it.

EFFECTIVE SOLUTION

The need of the hour is an effective flow path for the information collected, and that can be depicted from the following figure.

emberify_modified_process_of_information_Gathering_and_sync
(Terminology Credits: aaronparecki.com)

Here, the aggregator service has been replaced by a personal server that would house the user’s data. There would also be separate aggregator and analytical services that would assess the user’s data.

The advantage here? More flexibility, and the user is free to use any security algorithms according to his/her own liking. The user can also incorporate multi dimensional security algorithms to get a more enhanced sense of protection.

Moreover, the interfacing services could have added levels of security encryption algorithms, to enable a more secure approach to information gathering which is the focal point of the Quantified Self. Through these approaches, Quantified Self can become a more secure platform!

Sign up for our monthly mailing list