background preloader

Privacy & Security

Facebook Twitter

Do Wearable Devices Spill Secrets? Sizing Up the Privacy Risks of Fitness-Tracking Apps By Mathew J. Schwartz, October 17, 2014. Follow Mathew J. @euroinfosec Candid Wüeest Apps for wearable devices that are designed to track a user's pulse rate, blood-oxygen level or location may be leaking that personal data. The researcher said the leaked data could enable account hijacking or targeted spam attacks and reveal a user's location, leading to privacy concerns and, in a worst-case scenario, the potential for the information to be abused by extortionists or stalkers (see Privacy Controls for Fitness Devices?).

In a study of the top 100 most popular personal fitness-tracking apps on both the Apple Store and Google Play, Wüeest found that information being transmitted by the apps often included the user's name, e-mail, password, birthday and target weight, as well as their Facebook and Google access tokens. Compounding that concern was the finding that each app shares personal data with - on average - five sites. Sniffing Test. Health app makers face privacy and security regulation from many quarters. Sharon Klein and Dayna Nicholson Even though the FDA guidance on mobile medical apps is now finalized, it only represents a portion of the regulation mobile medical app developers need to concern themselves with, according to Pepper Hamilton lawyers Mark Kadzielski, Sharon Klein, and Dayna Nicholson, who presented a webinar on the topic last week.

Particularly in the areas of privacy and security, a number of regulatory bodies are involved. “With the proliferation of medical devices utilized on smartphones and tablets by doctors, pharmaceutical companies, and patients, comes a lot of vulnerabilities and a confusing web of regulations,” Klein said. “Cybersecurity incidents are very very likely, especially in wireless and network connected devices that transfer patient data electronically. They’re subject to SQL injections, hacking, and data breaches … And with that greater risk comes increasing regulation.”

Building the Future of Identity Privacy | NSTIC NOTES. On Data Privacy Day, the NSTIC National Program Office is taking some time to reflect on our own efforts to improve privacy online. Fulfilling the promise of enhanced privacy is a critical element of building trusted interaction online. The first of the Strategy’s guiding principles, finding new solutions that are privacy-enhancing and voluntary has been a key driver of pilot project selection and the NPO’s work to drive innovative approaches to online identity.

One of the primary methods for improving privacy we have been encouraging is the use of privacy-enhancing technologies (PETs) – a topic I will be discussing at the upcoming RSA Conference, in a P2P session – Privacy-enhancing Technologies: Pipe Dream or Unfulfilled Promise? Certain types of PETs employ well-researched methods of cryptography and can provide strong assurances about users’ credentials without the need for detailed exchanges of personal information. So why aren’t PETs more widespread? Are You Ready To Hand Google All Your Fitness Data If Apps Use The Latest Android API?

2013: The Year of Privacy. If there ever was a “year of privacy,” surely it was 2013. A year that ends with selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post—not to mention The Guardian—on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.

This was the year that privacy became a head-of-state issue on the global stage. And literally so, with German Chancellor Angela Merkel looking over her shoulder as her U.S. allies allegedly snooped on her private conversations. It is the year that the European legislative process appeared to be increasingly tied in knots over the stalled reform of the data protection framework. So privacy is on the rise. The (not so) secret life of the NSA.

10 tips for building secure mHealth apps. It’s becoming increasingly difficult to decipher what constitutes acceptable mobile security practices and to what level mobile health developers should be held accountable. Given that mobile app development presents an altogether different set of challenges than traditional models, where security threats are constantly outpacing technology, an agile, iterative approach to data security is essential. What can mHealth developers do to build secure and usable apps? Here are 10 tips for doing just that. 1. At the very basic level, don’t trust the user. Nearly half feel PINs and passwords are too cumbersome, a third aren’t concerned with risks and 55 percent of adults use the same password for everything. 2. 3. 4. 5. 6. 7. 8. 9. 10. Lauren Still is a health IT developer living in the San Francisco Bay area and focusing on security and policy consulting, business planning, social media strategy and technology development.

Related articles: mHealth — what's the hold up? 70% of people would be willing to have a smart toilet share their personal data. PrivacyBuddy - Personal Data Management. Policy needs to get out of the way of good Patient Identity management. I am reviewing the materials that are being presented to the ONC Patient Matching Meeting on Monday December 16th. These materials are fantastic. There is much work that has gone into the current investigation. Detailed and constructive research. There is research on why patient matching isn't working, what technical issues are in the way. THE PROBLEM IS NOT TECHNICAL. Here is a quote from the report that illuminates the problem The research questions did not include any specific questions on unique patient identifiers; however, many of the environmental scan participants indicated that their organizations support the study and development of a universal patient identifier (either mandated or voluntary).

The problem is that in the USA there are rules and prevailing-wind against a universal patient identifier. Healthcare needs a high-quality universal identity. Who should provide this high-quality universal patient identifier? Patient Identity. Would you pay to keep your smartphone info private? - Triangle Business Journal. Oleksiy Mark Smartphone with cloud of application icons Most smartphone users value their privacy enough to pay extra to have software apps keep their personal information private, a new study shows. In fact, some are willing to pay as much as $5 to prevent apps from sharing their location.

A study by two University of Colorado Boulder economists, Scott Savage and Donald Waldman, conducted over the summer found the average user would pay varying amounts for different kinds of privacy: $4.05 to conceal contact lists, $2.28 to keep private their browser history, $2.12 to eliminate advertising on apps, $1.19 to conceal personal locations, $1.75 to conceal the phone’s ID number, and $3.58 to conceal the contents of text messages. Free and low-cost apps routinely require access to and often share users’ personal online search histories, shopping habits, real-time location, social media and email contacts, and other information. Interim Identity Ecosystem: “Are we there yet?” | NSTIC NOTES. This past July, I noted at the IDESG Plenary meeting in Boston that discussions relating to trust frameworks and trustmarks appeared to have splintered into a number of camps, ranging from: accreditation bodies that feel they have already “solved the problem”; vendors who are reluctant to undergo another accreditation; those that believe a brand new accreditation scheme needs to be devised; and stakeholders that prefer market forces alone shape how things evolve without any intervention.

Amidst this diverse range of views, the IDESG in general, and the Trust Framework Trustmark (TFTM) Committee specifically, is attempting to attain consensus on a path forward for the Identity Ecosystem Framework and any associated accreditation schemes. The NSTIC contemplates that the Identity Ecosystem will “consist of different online communities that use interoperable technology, processes, and policies. 1) to help level-set discussions regarding implementation of the NSTIC guiding principles, and. Why our personal health data will become less private. I have been following the news about the National Security Agency (NSA) access to our phone records with great interest. If we as a society don’t sort some of this out, we’ll see a repeat in the health sector a few years from now. These discussions seem to pivot on issues of population-level safety vs. personal liberty, and on trust vs. suspicion re: how much of the process is driven by machine learning vs. individuals.

It is interesting that the story about the scanning of phone records came out close to reports about the IRS targeting certain non-profits. The two are quite incendiary when it comes to paranoia around privacy. As a Boston area resident, I was also quite puzzled by criticisms that our surveillance processes were not good enough to prevent the marathon bombings. To the government’s credit, they have sought to clarify how the phone records scanning program is automated and that this sort of thing has been going on for years. The logical conclusion may be scary to some. Politique de confidentialité Fitbit. Fitbit ("Fitbit," "we", "us," "our,") provides online and mobile services, including but not limited to, the Fitbit website ("" or the "Site") widgets, computer programs and mobile applications hosted by or on behalf of Fitbit (collectively, the "Service") intended to enhance your use of the personal fitness and body monitoring electronic products offered by Fitbit (the "Fitbit Products").

Fitbit is committed to maintaining the privacy, integrity and security of any personal information about our users. This Privacy Policy ("Policy") explains how we protect personal information we collect in connection with your use of the Service ") and how we use and in some cases disclose that information. "Personal information" for purposes of this Policy means information that identifies you, such as your name, address, phone number, fax number or email address. This Privacy Policy (this "Policy") is subject to the provisions our Terms of Use, which are incorporated by reference. Children. Striking a balance between patient safety and innovation. (Editor's Note: This post is the first of a series produced by The Huffington Post, the mHealth Alliance and HIMSS Media in conjunction with the mHealth Summit, which will take place Dec. 8-11, 2013, at the Gaylord National Resort and Conference Center just outside of Washington D.C.

This blog appeared here.) Innovations in healthcare technology, especially when it comes to mobile health, are well outpacing an ability to wait for a regulatory strategy. These solutions are not being developed by large enterprise vendors but by entrepreneurial developers who have a passion for making our healthcare industry better. The venture community agrees. With a predicted investment of more than $3 billion in mobile health solutions, money is flowing to organizations that can harness the power of mobile technology to solve the most complex health problems. The mobile medical application (MMA) market is saturated with a lack of clarity regarding the potential costs and barriers to FDA approval. Alessandro Acquisti: Why privacy matters. Wow of the Week: Assassination by medical device hack fears led Dick Cheney to take action.

It was a plot twist on Homeland and a blind spot identified by researchers in a study published in The New England Journal of Medicine in 2010. It was also real source of anxiety for former vice president Dick Cheney: Death by medical device hack. As part of the promotion campaign for his new book, Heart, he told 60 Minutes that he saw it as a credible threat. Cheney, who has had heart disease, has had several heart surgeries and had an implanted defibrillator in 2007.

The possibility that terrorists could hack his Medtronic defibrillator led to so much concern that his doctor, cardiologist Jonathan Reiner, took action. He had the device’s wireless function disabled so a terrorist couldn’t send his heart a fatal shock. He talked about the surreal experience of watching Showtime’s program about CIA operatives called Homeland which used a killer medical device hack as a plot twist in an episode.

“I was aware of the danger…that existed…I found it credible,” he responds to Dr. The U.S. Nike’s new fitness wristband, privacy issues and how personal activity data could benefit us all | Jaywing. David Moore posted in Agency, Digital, Marketing Data Management on Nike has unveiled a new version of its Fuelband SE activity tracking wristband, with improvements over the previous version including, amongst other things, the ability for users to tag their exercise activity by type. Like the previous version, the new product will, no doubt, continue to excel in providing feedback loops: relaying the data collected in an emotionally relevant way and allowing the user to engage, recalibrate and take action.

However, it was a surprise that the new Fuelband doesn’t include features that competitors, such as Jawbone, Fitbit and Basis offer, such as the option to measure your altitude or sleeping patterns. And it is still not available as a dedicated Android app (although they do have a responsive website). In fact, I ended up swapping my first generation Nike wristband for a Fitbit, as it offered more features in a smaller package. Protecting individual privacy David Moore – Consultant. Your body is the next frontier in cybercrime. If you think it’s enough of a chore trying to stop thieves stealing your credit card details and hacking your Facebook, imagine trying to stop them getting into your pancreas. Advances in healthcare mean that in-body devices to treat chronic conditions or even just make you perform better as a human being are not as far away as you might imagine.

Some of these innovations already exist. The pacemaker has been around for years and drug delivery implants are already quite advanced. Some are controlled remotely and many more will be in the future, significantly raising the stakes in the battle to protect ourselves from cyber-crime. When TV series Homeland featured a storyline in which terrorists hacked the US Vice President’s pacemaker, causing him to have a heart attack, it brought this issue into the public consciousness. “I think the future of chronic disease control will be implanted devices,” she said, speaking after a talk at FutureFest, an event held in London last weekend. Get a discount on health care -- if you wear a tracking bracelet.

The Affordable Care Act increases the size of the health care discount employers can give, as long as those workers take steps to get healthier. Up to 30 percent of health care costs can now be tied to participation in workplace wellness plans. But instead of just asking employees to submit medical histories or do lunchtime yoga, some workplaces could try something more high-tech: using health tracking devices that count your every step. Tasting Table, a daily email for foodies, isn't offering their employees insurance discounts, but it does give a glimpse of this possible future. At their office in New York City's SoHo, Sam Bernstein stands at her desk and scrolls through her coworkers' sleep habits on her smartphone. "Elyse didn't get that much deep sleep. Sarah Kay did.

She can see what time her coworkers' fell asleep and woke up, their exercise routines, how many steps they've taken and when throughout the day. At Tasting Table, the changes have been modest. Why big data has made your privacy a thing of the past | Technology | The Observer. Welcome to Forbes. Personal Data Locker Vision. Concern about security and privacy, and perceived control over collection and use of health information are related to withholding of health information from healthcare providers -- Agaku et al. Big Data Proxies and Health Privacy Exceptionalism by Nicolas Terry. » - we provide HIPAA secure backend as a service. Who Owns Your Health Data? Weighing the privacy risks of mobile health and fitness apps. Free Health Apps, Search Keywords Are a Threat to Privacy: Report. States Review Rules After Patients Identified Via Health Records. Privacy advocates call out mobile health developers for ‘abysmal’ security protections.

Privacy Rights Clearinghouse Releases Study: Mobile Health and Fitness Apps: What Are the Privacy Risks? Beware health searches: Web data may be leaked to third parties. Privacy policies for health social networking sites -- Li 20 (4): 704. Big Data ~ Privacy is harder to protect | THE CANADIAN. New Motorola Vitamin Pills Could Be Edible Stomach-Acid-Powered Passwords. Big data privacy concerns linger despite potential for healthcare. Putting Health IT on the Path to SuccessPutting Health IT on the Path to Success. In the Age of Apps, Can You Protect Your Privacy? Do you know that your genetic information is a protected health information (PHI)? Google's Eric Schmidt On Data Privacy: The Internet Needs A Delete Button. History. The Dangers of Surveillance by Neil Richards. Review of Cladicott report-2 2013 by Dr Saurabh Bhatia.

DoD?s new Android app connects to wearable devices for biofeedback. 5 security vulnerabilities that could mean trouble. NSTIC Implementation Hits an Important Milestone: The Identity Ecosystem Steering Group Exists! | NSTIC NOTES. Texas HIE Consent Management System Design. Webinar Materials Now Available | NSTIC NOTES. WebSphere Application Server Version 7.0. IDMGOV Blog: FICAM Trust Framework Solutions - A Primer.

On 1-year anniversary, organized NSTIC looking for fast track. # Privacy Daily. Groups Offer Input, Criticism on Health Data Disclosure Proposal. Stolen TRICARE health records did not meet federal encryption standards. SAIC: Medical records for 4.9 million TRICARE beneficiaries were stolen. Please Rob Me. You Are the Product–Privacy Anonymity and Net Neutrality On the Internet - Excellent Stanford University Lecture (Video)