Posted by Aaron Massey on 04 Feb 2016.
For both Privacy and Security, failure to consider possible unintended consequences often results in non-optimal, or even downright terrible, results. Consider this post from Tega Brain on Biononumous.me:
It is increasingly assumed that fitness trackers provide an objective view of the activities of their wearer. The assumption is that a person’s acceleration data as interpreted by some fancy algorithms, gives a robust insight into the fitness, health and behavior of their body, and cuts through the blurry ambiguities of memory and perception. During the last year, data from a Fitbit tracker has been used as evidence in court both in a case about the impact of a workplace injury on a worker’s health and more recently as evidence of a rape. How these early examples play out, will reveal how tight the relationship between activity data and behavior of the wearer is assumed to be.
Tega highlights the relatively new site Unfit Bits, which provides a plethora of easy ways to generate fake data for your fitness tracker. Here’s their intro video:
Problems like this are not hard to find. Almost any system that generates data can be misused in a similar way. Learning how to think about how data could be misused is a critical skill for privacy and security professionals. Assuring that you’re measuring what you think you’re measuring is non-trivial.