The increasing availability of personal activity monitors, tracking devices, wearable recording devices, and associated smartphone apps has given rise to a wave of Quantified Self individuals and applications. The data from these apps and sensors are usually collected by associated apps and uploaded to the software developers for feedback to the individual and selected partners. In this article we highlight the privacy risks associated with this practice, demonstrating the ease with which an app provider can infer an individual’s co-location and joint activities without having access to specific location data. We also highlight a number of potential solutions to the challenges that arise, with a view to minimising the privacy leakage from these applications.
Widening Reach and Widening Threats
The Quantified Self (QS) phenomena is currently at the centre of consumer interest and industry attention in the wearable tech industry. Many individuals are interested in understanding their own activity, emotions, sleep, and health patterns, while experimenting with their own bodies. There are an increasing number of QS sensors and complementary smart phone applications are available on the market today: sleep quality monitors, heart rate monitors, personal video recording devices such as Google Glass, skin conductance measurement sensors, accelerometers, pedometers and step counters, to mention a few. The new range of smartphones is designed to cater for continuous activity tracking.
One obstacle to adoption of activity trackers has been the loss of consumers’ interest after a period of use. Hence many developers have recently focused on correlating physical activity with other user-provided data such as calorie intake and mood, in order to draw more appealing inferences and provide visual feedback to the users. These apps include life logging apps (eg Saga) or location-mining apps (eg GoogleNow) which heavily rely on continuous reporting of the users’ location, all leading to major privacy concerns for the users and those associated with them. In addition to the increasing number of high precision sensors, the associated smartphone apps ask for an increasingly larger number of permissions in order to look for more signals and data to feed into their pattern-matching algorithms.
The availability of more data sources and feedback to the user is essential in usefulness and accuracy involved with the personal data ecosystem. In Living with Data: Personal Data Uses of the Quantified Self, Watson discusses some societal aspects of use of personal data for QS applications. Continuous reportage of health data to doctors and emergency services can have benefits for researchers. However, with the addition of personal data from a variety of linked sources, privacy issues start to emerge which need to be identified, presented to individuals, and addressed through technology and regulatory mechanisms.
Our research has highlighted the privacy threats posed by the use of activity monitors. In the paper arising from our research we discuss the ease of detecting whether two individuals have been spending time together, without the need for location information. Using aggregate activity data collected by a popular fitness tracker, we demonstrate the similarity between the activity log of individuals who have been spending time together. This enables the aggregator to easily identify the location and mobility patterns of an individual who has not opted to share his or her location with third parties. Our paper goes on to discuss potential mitigation strategies for respecting and preserving individuals’ location privacy, while enabling them to enjoy the personal benefits of QS devices.
Wearable Technologies and Healthcare
In our research activities around wearable technologies and user-centric approaches, we consider that simple interactions between individuals and the modern portable technology allow the emergence of greater forms of information about the human well-being and, as a consequence, quality of life. The technology should understand the human feelings and provide a reflection of the well-being status. In practice, we aim to enable smart-objects to build around users an augmented intelligence that behaves as a sort of assistant that suggests the best actions to enhance the health and living lifestyle of individuals. It is based on the technological growth of the environment around people and the pervasive spread of smartobjects able to provide wide availability of functionalities such as sensing, processing and communication that can be exploited opportunistically (ie with no user cooperation). They will acquire mostly information and data from today’s increasing number of wearable gadgets on the user, such as videos, audios, ECGs, activities, GPS, light intensity etc, which can be used to infer measurable outer indicators, such as expressions, behaviour, location sound level, vocal tones, heart-beat, social contacts/interactions etc.. Wearables need to be enhanced with the capacity to bridge the outer indicators with non-measurable inner indicators, such as from the cognitive viewpoint and from the emotional viewpoint. This bridging allows inferring the well-being level of individual(s) and, more generally, the quality of lifestyle.
Privacy Risks
We used the data available from the Jawbone UP API from four individuals with known activities. Overall they spent 147 hours together during two short travel periods. These activities included walking, running, commuting, and exercise periods. Our data includes the step count, activity times, inactive periods, and distance covered (available from the pedometer and accelerometer in the Jawbone dataset), in addition to inactive times. We treated the step count as a time-series signal for our analysis of the data from individuals. Figure 1 (which can be downloaded from the panel opposite)displays a sample of the data from two adults spending a day together in a ski resort. When looking at the step-count data from the two individuals using Kolmogorov-Smirnov distance we see that the hourly step count time series data for individuals spending time together in nearly all cases displays less than 5% difference, with increasing confidence the longer time the individuals spend together. Using time-series correlations would yield an even higher accuracy by removing the transient time-lag in activities such as walking up the same set of stairs or walking through the same terrain within a few seconds of each other. Hence the current cloud-based data collection methods enable easy identification of co-located individuals, or infer their specific type of activity, if only one of them chooses to share their location with the app provider.
Research Challenges
Considering the ease of identification of individuals using a small number of personal information pieces and the issues of data ownership and ethics, we need to take active steps to enable individuals’ rights and privacy in the wearable tech industry. We are developing a client side platform for e-health and QS applications to provide a thorough feedback mechanism to different interest groups relevant to an individual (on a personal level, at a community level, and to health practitioners, using the Privacy Analytics framework).
Creation of a successful personal data ecosystem relies on cooperation between service providers, users, and regulators. An important challenge in the wearable tech landscape is to consider the rights of the individual being tracked by these devices, e.g., the individuals appearing in Google Glass videos in public. Currently the individuals have no way of getting engaged in the data collection and tracking process. A simple method could rely on continuous broadcast of a Do-Not-Track beacon from smart devices carried by individuals who prefer not to be subjected to image recognition by wearable cameras. Naturally, respecting this beacon and requirement depends on the regulatory enforcement and the device providers conforming with these requests. This approach is similar to the Do-Not-Track initiative on the web, though relying on the local broadcast of the signal, successful reception by the tracking device, and interrupting the recording process. Indeed the level of intrusion of Google Glass may justify a requirement for an opt-in approach instead.
In ongoing research we are investigating the feasibility of this form of broadcast for signalling privacy preferences as well as privacy-preserving location-based advertising. In related work, we are developing a framework for the tracking services (such as Google and Facebook) to inform the individual about the identity and location of the data requesting party, hence reducing information asymmetry.
Dr Hamed Haddadi is a Lecturer (Assistant Professor) in Digital Media at the School of Electronic Engineering and Computer Science, Queen Mary, University of London
Dr Akram Alomainy, PhD (Lond), SMIEEE, MIET is Lecturer (Assistant Professor) and Senior Tutor, Antennas & Electromagnetics Research Group, School of Electronic Engineering and Computer Science, Queen Mary University of London
Professor Ian Brown is Associate Director of Oxford University’s Cyber Security Centre, and Senior Research Fellow at the OII.
REFERENCES
1. Alomainy, A., Di Bari, R., Abbasi, Q., and Chen, Y. Co-operative and Energy Efficient Body Area and Wireless Sensor Networks for Healthcare Applications. Academic Press library in biomedical applications of mobile and wireless communications. Elsevier Science, 2014.
2. Brown, I., Brown, L., and Korff, D. Using nhs patient data for research without consent. Law, Innovation and Technology 2, 2 (2010-12-01T00:00:00), 219–258.
3. Di Bari, R., Alomainy, A., and Hao, Y. Cooperative and low-power wireless sensor network for efficient body-centric communications in healthcare applications. In Wireless Mobile Communication and Healthcare, B. Godara and K. Nikita, Eds., vol. 61 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer Berlin Heidelberg, 2013, 351–360.
4. Domenico, M. D., Lima, A., and Musolesi, M. Interdependence and predictability of human mobility and social interactions. In Nokia Mobile Data Challenge (June 2012).
5. Haddadi, H., Fay, D., Jamakovic, A., Maennel, O., Moore, A. W., Mortier, R., Rio, M., and Uhlig, S. Beyond node degree: evaluating as topology models. arXiv preprint arXiv:0807.2023 (2008).
6. Haddadi, H., Hui, P., and Brown, I. Mobiad: private and scalable mobile advertising. In Proceedings of the fifth ACM International Workshop on Mobility in the Evolving Internet Architecture, MobiArch ’10, ACM (New York, NY, USA, 2010), 33–38.
7. Haddadi, H., Mortier, R., Hand, S., Brown, I., Yoneki, E., McAuley, D., and Crowcroft, J. Privacy analytics. SIGCOMM Comput. Commun. Rev. 42, 2 (Mar. 2012), 94–98.
8. Lathia, N., Pejovic, V., Rachuri, K., Mascolo, C., Musolesi, M., and Rentfrow, P. Smartphones for large-scale behavior change interventions. Pervasive Computing, IEEE 12, 3 (July 2013), 66–73.
9. Mortier, R., Haddadi, H., Henderson, T., McAuley, D., and Crowcroft, J. Challenges & opportunities in human-data interaction. In DE2013: Open Digital (Salford, UK, 2013).
10. Rojkova, V., and Kantardzic, M. M. Analysis of inter-domain traffic correlations: Random matrix theory approach. CoRR abs/0706.2520 (2007).
11. Sweeney, L. Simple demographics often identify people uniquely. Health (San Francisco) (2000), 1–34.
12. Watson, S. M. Living with Data: Personal Data Uses of the Quantified Self. Oxford Internet Institute Masters Thesis, 2013.
