IoT
IoT
Cloud // Software as a Service
Commentary
9/16/2014
10:46 AM
0%
100%

Apple Watch And The Dark Side Of Wearables

Apple Watch and iPhone 6 provide two more powerful platforms to do things like record our voices with little disclosure. Customers deserve better.

 Apple's Next Chapter: 10 Key Issues
Apple's Next Chapter: 10 Key Issues
(Click image for larger view and slideshow.)

I admit it. I love my wearables. I love competing against my former CTO and out-walking him.  (It may be a rare day, but it’s a good one.) I love that my mother, who lives thousands of miles away, has the ability to call for help via her Lifeline. It’s one less worry in a sea of worries.

But my love, and patience, is being tested. With all the Apple Watch enthusiasm, and the blockbuster early sales of the iPhone 6, I find that there is a growing pit in my stomach. I find myself not laughing nearly as hard at the South Park episode where the "Apple Police" pursue Kyle for clicking on the iTunes Terms of Service (TOS).  When the grain of truth turns into a bushel, well, it’s just not funny.

During the last eight months, I have been working on a research project focused on the future of voice and communications. If there was one crystal clear finding thus far, it is that people loathe the idea of their voice being recorded -- particularly when they cannot opt out of it (e.g., customer service calls), delete it later or, worse yet, when they're unaware that it's even happening.

[Watch out for Trojans in the sky. Read: Dyre Straits: Why This Cloud Attack's Different.]

When it comes to privacy, people feel that their voice is a line in the sand. It’s one thing to take my metadata, but leave my voice the (insert expletive here) alone.

So why is it that Siri, the star of the Apple Watch, is allowed to record me unannounced? Search Apple’s terms of service, and you won't find details on the practice. Furthermore, Siri's FAQs fail to speak to voice recording at all. Thanks to Wired magazine, a reporter last year substantiated that Apple retains the recorded voice records for six months and then de-identifies the recordings and retains for another 18 months, purportedly for research purposes.

Although I cannot say what exactly "de-identifies" means, I can say this: Rest assured, your voice is being recorded and used to benefit Apple.

The violation here is subtle in interface, huge in practice. It sets a precedent for recording our words without the usual safeguards. 

Part of the problem is that Apple and other Over The Top (OTT) players -- meaning companies that deliver audio, video, and other media over the Internet without the involvement of a traditional distributor (e.g., Multi-System Operator or MSO) -- lump voice into the general data bucket. But voice is not data. Voice is a part of our identity in a way that text can never claim. It feels to us like the most personal of our Personally Identifiable Information (PII).

Now you may love to hate your local telecom provider, but safeguarding voice is a near religion for insiders with roots in the phone business. In the US, there is a long history of various telecoms vigorously appealing warrants to keep consumer voice private. In Germany, which has the strictest privacy laws globally, Deutsche Telekom was ranked as the country’s most trusted brand among Internet providers and mobile providers. 

We have laws in the US designed to protect consumers from unannounced recordings, and far stricter ones in the EU. So, how exactly is this unannounced recording possible? 

Voice interfaces are new, and we don’t necessarily recognize the difference of talking to rather than through a device. Talking to a device feels like talking to a person. Since the vast majority of our human-to-human conversations are ephemeral, we tend to think of this new conversational model the same way. And yet, it is not. Siri is not a person, of course, so it's not covered under laws related to conversations. We should be treating “her” like a recording device. This is where our humanness bites us. It’s way too easy to anthropomorphize her, particularly when she answers our knock-knock jokes.

The way Apple benefits from our recorded voice has me worried about other boundaries the Apple Watch might cross. It has access to our vitals too. One particular vital gives me real pause: Heart Rate Variability (HRV).  HRV is not only as unique as a fingerprint, but changes in it can signal elevated anxiety, Post Traumatic Stress Syndrome (PTSD), and, a pending heart attack.  

Thinking back to my mother, the Apple Watch could be far more helpful than the Lifeline in preventing a catastrophic outcome by calling 911 long before she realizes she is in danger. This would be a massive leap forward for healthcare and telemedicine, which I am eager to embrace. And yet, it also means that our most personal health data is being transmitted from our watch to our iPhone over Bluetooth. And sadly, far too few people understand just how hackable Bluetooth is.

With the speed of technological change fast approaching a blur, legislation cannot possibly stay in sync. As individuals, we need to make our concerns known and demand transparency around privacy practices. Given the asymmetrical power relationship between Apple and other OTT players (I'm looking at you, Google) and its end users, providing clear and well-summarized privacy policies and Terms of Service is the very least they can do. 

But since we are talking about identity here, I believe we need to go well beyond token policy improvements. We need the right to manage our own identity and ability to delete our data on our own terms. Google’s recent "Right to be Forgotten" mandate handed to it by the European Union court is a start in this direction. My key concern here is that this campaign will morph into privacy theater, which gives people the illusion of control without actually changing anything. (Pro tip: Deleting data off the Internet is very, very hard to do.)

Although the situation may feel overwhelming, let’s not pretend we are powerless. Bring Your Own Device (BYOD) has been a wakeup call as to the power of the end user. Continuing this theme, the emergence of Bring Your Own Identity (BYOID) holds a good deal of promise. BYOID started with some enterprises allowing users to log into their corporate networks with external credentials provided by LinkedIn, Facebook, even an external email account. This provides the end user with the relative ease of single sign-on and frees up the corporate helpdesk from password resets. By allowing users to take control of their credentials, this nascent trend has the potential to recalibrate the power asymmetry and eventually allow us to reclaim our identities.  Or, on a less optimistic note, allow a handful of social network providers to be the arbiters of our identities. (Hello, Facebook.) Personally, I’m rooting for the former.

So while we start searching for tools (e.g., Duck Duck Go, Bitcoin) and techniques (Incognito mode on the Chrome browser) to help us reclaim some control over our identities, we need to put pressure on our legislators to catch up with the necessary regulations and laws. Many of the top OTT players are US corporations and can be compelled to take voice, at very least, as seriously as telecom companies have.   

Before I end this rant, please don’t confuse me with some random anti-Apple hater. Not only do I live and work in an almost exclusively Apple environment, I'm a shareholder. I believe that Apple continues to set the bar on user experience and deserves credit for the concept of "user delight" being part of our common vocabulary. Thanks to their efforts, many product designers see this emotional state as the ultimate goal. We cannot ask for anything more than to be delighted as users, right?

And here, I disagree.

This newly emboldened end user wants more than delight. I want liberty. And while we are at it, stop calling me a "user." I’m not addicted to your products. I am, and for the time remain, your customer.

Today's endpoint strategies need to center on protecting the user, not the device. Here's how to put people first. Get the new User-Focused Security issue of Dark Reading Tech Digest today. (Free registration required.)

E. Kelly Fitzsimmons is a well-known serial entrepreneur who has founded, led, and sold several technology startups. Currently, she is the co-founder and director of HarQen, named one of Gartner's 2013 Cool Vendors in Unified Communications and Network Systems and Services, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ashu001
100%
0%
Ashu001,
User Rank: Ninja
9/22/2014 | 12:33:05 PM
Apple is a past master at Consuming Consumer Data .
Kelly,

If one looks at all those Revelations from the likes of Jacob Applebaum,Edward Snowden,Jonathan Zdiarski (and many more) closely you can easily identify the Obvious .

Every Single iPhone on the Planet ships Data first to the NSA and from there to the GCHQ(and other Components of the Five Eyes Network).

What Liberty are you talking about?

Why the Fake Sense of Outrage?

You think the Secret Service were crazy to deny Obama his Beloved iPhone once he became President?

You think the Russians and Chinese are mad to Ban all Government Officials from using Apple Devices?

Its an open Secret Globally (even NSA Employees Joke about it)-Any User Buying an Apple Device is basically telling the NSA that you can use all My Information Happily.

Definitely Not An Apple User.

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
9/22/2014 | 12:22:09 PM
Re: NY Times Take
Thomas,

Have to Agree wholeheartedly here.

You remember that Scene from the Transformers 3?

Where that Robot,transformed into a Watch which attached itself to Shia Le Bouf's hand and would'nt let go of him(it could sense every single thing he said,Felt and Did) till its Function was Accomplished?

That's where I fear all these Wearables are taking us today(and Also why I will very proudly be a late,Very Late Adopter in this area).

Being Hep and super-cool can definitely take a back seat as far as I am concerned.

 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
9/16/2014 | 6:25:00 PM
Re: NY Times Take
I wish I could be optimistic about the privacy implications of wearables. But privacy is the exception in the tech industry rather than the rule. I don't see that changing any time soon.
ChrisMurphy
50%
50%
ChrisMurphy,
User Rank: Author
9/16/2014 | 4:55:13 PM
NY Times Take
The New York Times just posted an editorial "Smartwatches and Weak Privacy Rules" on this topic: 

"The country should welcome innovative health devices but should also make sure that they do not becomes tools to invade individual privacy."
8 Steps to Modern Service Management
8 Steps to Modern Service Management
ITSM as we know it is dead. SaaS helped kill it, and CIOs should be thankful. Hereís what comes next.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.