Wearable Tech Conference Report

In the future, babies will be continuously monitored from before they are even born… and that future is not far away, according to speakers at the Wearable Technology Show 2015, an industry gathering held in London this week. Announcements regarding Apple’s smart watch hogged headlines before the event, but it was refreshing to be in an environment where small businesses and start-ups demonstrate how Apple is not the only innovator of personal technology with the potential to transform lives. That said, I had no intention of being awed by the gee-whizz gadgetry on display. My goal was to ask questions about the risks posed, especially around the data collected and then uploaded to a network. At the conclusion, I realized I had more questions than I had started with, but had received few firm answers.

To start at the beginning, more than half of the exhibitors were selling smart watches, or sensors used to monitor fitness regimes, or both. Whilst these devices are the wearable tech pioneers that are already on the market, they are not very novel from a risk perspective. A smartphone you wear on your wrist is ultimately just another smartphone. Fitness sensors that capture data on movement, and basic vital signs like heart rate, do not greatly extend the envelope of data that can be collected by other means.

Many attendees believed that health-related sensors would inevitably become ubiquitous. Challenges will arise as their use becomes more common, and as the technology gathers increasingly varied and comprehensive data about the individual. Insurers might want data from wearable devices to assess the state of your health – but would you want them to have it? Vince Murdica, Senior Director of Sensor Centric Systems at Atmel, commented that whilst the person who wears the device should be considered the owner of the data it gathers, there is likely to be a growth in the amount of data that individuals are ‘required’ to supply, either as a consequence of government stipulations or because of conditions attached to insurance and other contracts. He went on to sagely observe:

Security only matters when people realize things aren’t secure.

There was almost universal agreement on the implications of a massive expansion of wearable tech. On the other hand, there was little insight into how users might express their data preferences through some form of interface. Tom Emrich, CEO of We Are Wearables talked about his belief that younger generations are more astute when determining their privacy preferences. Emrich recounted how he had spent a whole day tailoring his Facebook privacy settings to get them just as he wanted. However, most company representatives speaking at the event were strongest when talking about the technology of the wearable device itself, and were vague about how consumers might communicate about the level of privacy they wanted. Even with smart watches, there will always be limitations on the interface with the device itself, suggesting that customer preferences will need to be conveyed via an interface to a website. However, there seemed little experience of this being put into actual effect.

Device manufacturers also offered little advice about the choices that would be granted by a government-driven health provider or by the large corporate entities who might subsidize wearable sensors in order to encourage their adoption. I sympathize with the circumstances of these businesses, many of which are small innovators. Their job is to make the devices and to make them well. Decisions about the individual’s right to control the resultant data are likely to be made by others. The only current certainty is that individuals will be able to stop a wearable device collecting data by removing the device from their body.

There were many upsides to the new technology that was presented. Prof. Nathan Intrator, CTO of Nuvo-Group, explained how a wearable harness would enable round-the-clock monitoring of the wellbeing of a pregnant mother and her unborn child. Paul Doherty, VP Sales at Shimmer Sensing, described a collaboration with Telefonica where knee replacement patients were allowed to leave hospital sooner because wearable monitors tracked their rehabilitation exercises at home, checking it was done correctly. Devices like these are likely to be subject to plenty of scrutiny from medical regulators, and the ethics of that industry will likely determine how data is used and how much patients can influence the way it is used. However, there is likely to be a grey area between devices that require medical regulation, and consumer fitness aids which do not. In addition, medical regulators may find it challenging to align their expectations to those set by the IT-oriented regulators of data and privacy. To my surprise, BSi, the standards body, had a booth at the event, and I asked them why they chose to attend. Rob Turpin, Market Development Manager for BSI’s Healthcare Standards explained that innovative businesses seek education about the great variety of standards that might apply to their products and services. In addition, BSi actively participates in initiatives that will be important to closing any gaps between various standards, and ensuring they align as technology progresses. For example, Rob told me of BSi’s involvement in the UK Digital Health and Care Alliance. In the coming months, the UK’s National Health Service is expected to issue a statement on the need for accreditation of health apps, and this may be an important step towards the joining up of health and data obligations.

The innovators themselves also saw a need for standards to be set. Prof. Intrator highlighted how every company was making new sensors that worked independently of each other, each satisfying a different purpose. Whilst this makes sense at the current stage of technology evolution, it would be ridiculous for a patient, who may be suffering from several illnesses, to wears lots of sensors which all have independent systems for gathering and uploading data to a network. Intrator predicted there would eventually be a need for common standards that would allow sensors made by different manufacturers to communicate with a shared hub, which would aggregate all the data collected from the patient.

Governments, regulators and standard-setters can sometimes be slow to respond to the implications of new technology. However, criminals often prove themselves to be more agile. Various speakers like Dr. Andreas Caduff, CEO of Biovotion, were keen to reassure the audience that their sensors incorporated security protocols to prevent data being snooped by an unintended recipient. But talking to various individuals off the record, it was plain that there is a technical challenge in delivering small new devices where you want the longest possible battery life, the lowest total unit cost, and the best possible security. Many acknowledged that the wearable tech sector currently includes a large number of relatively small and unknown businesses. As a consequence, the reputation of all might be damaged if just one of these firms decides to cut costs or save battery time by taking a lax attitude to security.

A key aspect of wearable tech is that it may be continuously networked, giving rise to new opportunities for location-based services. Skyhook is a location network that competes with Apple and Google to provide a comprehensive global system that can determine the location of devices by reference to wifi hotspots. Mike Schneider, VP Marketing at Skyhook (pictured), was keen to explain how his company gathers data from mobile devices, but has no other data about the individual who carries the device. They may know which is your favourite coffee shop, but they do not know your name. Schneider said their goal is ‘appticipation’ – getting apps to anticipate your needs more quickly, so users spend less time pushing buttons and more time doing what they really want to do… or maybe that extra time will be devoted to adverts, selected according to the user’s location.

Khalid AlNasser of Practech had some very sensible advice about the likely evolution path for security and privacy surrounding wearable tech – it will probably be determined by trial and error. This was also evident from another story given by Tom Emrich, about the way Google Glass had been banned from various coffee shops near Google’s offices, because customers worried about being recorded. But as Emrich pointed out, public opinion about such matters is already being influenced by the widespread use of security cameras. Changes in technology may be curtailed by public opinion, but public opinion can also be changed due to the proliferation of new technologies. I spoke to the British designers of Sunnycam, a high definition video camera which is worn like a pair of spectacles, about the uses for their product. It was clear that customers had thought of more uses than either Sunnycam or I could have possibly predicted. For example, they told me that educators were using the cameras to record training sessions, in order to review how they had interacted with their audience. With prices starting at just GBP100 (USD150), there is clearly the potential for much wider adoption of such technology, which in turn might change perceptions about when it is acceptable to photograph others.

Emrich’s point about the different attitudes of young and old was reinforced by the presentation of Lee Briggs, Managing Partner of GamAR. His company makes interactive games where children carry tablets around museums, pointing them at various objects in order to prompt a response on the tablet screen. For example, if the tablet is held in front of an animal at a zoo, the tablet recognizes the animal and then tells the user interesting information about it. One implementation for the UK’s National Maritime Museum involved the deployment of 3000 RFID chips beneath a world map that visitors could walk upon. Precisely determining the visitor’s position on the map allows the tablet to continuously present new facts about the corresponding real-world location. However, I also regard this as a form of training about technology expectations, where even young children become accustomed to having every movement monitored whilst in a public space.

Throughout the whole event, there was plenty of talk about data being sent to ‘the cloud’. I lost count of the number of times that wearable tech was described as a key contributor to ‘the internet of things’. Whilst all agreed the need for societies to debate how vast amounts of new personal data will be exploited, there was a shortfall in specifics about how this data is currently transmitted and stored, and how this downstream aspect of the technology might evolve over time. Perhaps unsurprisingly, the focus was on the physical device that people actually wear. There are security and privacy aspects to the data held and transmitted by the device itself. In particular, encryption is likely to be a tough challenge because of the trade-off between the processing demands required for strong encryption, versus the sensitivity of the information being gathered. That said, I see most risk in the arena of downstream transmission, use and control of data. This risk occurs not least because moral, legal and technical expectations tend to evolve a while after a new technology has been put into practical use, and because the people interested in regulating physical devices may not have authority or expertise to also constrain downstream use of the data produced. The attendees of Wearable Tech 2015 were conscious of the risks, but there were few signs of an emerging consensus on what to do about them. To be fair, the upsides of wearable tech are plain to see. If used well, the data gathered by wearable tech will be an enormous benefit to humanity. However, a lack of consensus about how to handle risk is often the greatest source of risk.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.