Citizen Lab Research Fellow Andrew Hilts was interviewed by the Globe and Mail regarding Access My Info’s fitness tracker report, entitled “Every Step You Fake,” in which the privacy and security safeguards of eight popular wearable fitness tracker devices was studied. The report concludes that security vulnerabilities were present among some devices, particularly those that could be exploited for information on the users’ geo-location.
One of the key concerns the researchers outlined was that fitness trackers frequently sent out signals to other devices when it had been disconnected from a paired smartphone, leaving a digital trail via its MAC ID. The trackers were effectively saying, ‘I’m here, I’m here, connect with me,” said Andrew Hilts. Though he acknowledged that it was unlikely someone would use this trail to identify the user, Hilts said that it was possible that the MAC ID could be gained through a court order, for example.
Commenting on the broader implications of the report, Hilts said “I think people should consider the bigger picture of how every citizen’s location could be tracked and saved in a database somewhere. While we live in a relatively healthy democracy right now, do we want to establish a precedent where this sensitive data is being collected and could potentially be misused down the line?” He also expressed concern that by agreeing to the use of fitness trackers, users were effectively assigning stewardship of their data to the companies that produce them. This is accompanied by a wide range of permissions on storage and collection.
The Access My Info project, which enables consumers to create requests for information about the personal data companies store about them, was recently expanded to include fitness trackers.
Read the full report on fitness tracker privacy vulnerabilities.
Read the full Globe and Mail article.