Posts

Google Buys Fitbit

Google Isn’t Just Buying Fitbit, They’re Tracking Your Donut Habit

You’re heading to the gym for a workout when you decide to surprise your coworkers with a treat. You search for the nearest bagel shop on your Google Maps app, which directs you to their closest advertiser, Donut Feel Good? Your heart pounds from the joy of anticipation — your team will LOVE you (or at least the sugar rush). Just as you’re leaving Donut Feel Good, your phone dings you with a coupon for coffee across the street. “Why not?” you think, as Google subtly nudges your behavior just a bit more. While you’re in the office, basking in coworker glory, Google is busy sharing your lack of exercise and trans-fat consumption with your health insurance company.  

Welcome to the surveillance economy, where your data is the product. I’m John Sileo, privacy and security are my jam (as my kids like to say), and my goal is to make sure you’re being intentional with how you allow technology to track and share your private information, especially as you consider buying a tracker for someone you love. 

Put simply, Google is moving out of our pockets and into our bodies. Thanks to their purchase of Fitbit, the health tracking device, Google can combine what they already know about us – the content of our internet searches (Bradley – Graphic representation: Google.com), location data (maps and Android phones), emails, contacts (Gmail), conversations at home, smart speaker searches (Google Home), video watching habits (YouTube), video footage, thermostat settings (Nest) and document contents (Docs, Sheets, etc.) – they will now be able to combine this with our health data. The sheer volume of the digital exhaust they’re collecting, analyzing and selling is phenomenal. Google is at the forefront of the surveillance economy — making money by harvesting the digital exhaust we all emit just living our connected lives. 

Fitness devices and apps can track what we eat, how much we weigh, when we exercise, sleep and have low blood sugar. They know that your heart-rate increases when you shop at your favorite store, can predict menstrual cycles, record body mass index and interpret your intimate cuddling habits. And you thought that gift you were about to buy benefited the recipient. Actually, you’re paying Google to improve your personalized tracking profile that they can sell to advertisers. Which you might be okay with, but you deserve to know enough to have the choice.   

Google and Fitbit say that our data will be anonymized, secured and kept private. Blah, blah, blah. This is a common tactic I call PPSS, Privacy Policy Slippery Slope. When we stop paying attention, the tech company emails us an “updated” 100-page privacy policy that they know we will never read and can never understand. They love taking advantage of our defeatist attitude – oh, there is nothing I can do about it anyway. That attitude resigns you to being categorized into a highly profitable behavioral profile, whether that’s Healthy, Happy and Rich, or Overweight, Underpaid & Obsessed with Donuts.

In a related story, Google has been quietly working with St. Louis-based Ascension, the second-largest health system in the U.S., collecting and aggregating the detailed health information on millions of Americans. 

Code-named Project Nightingale, the secret collaboration began last year and, according to the Wall Street Journal, “encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.” The Journal also reported that neither the doctors nor patients involved have been notified.

Now couple that with data on what foods we buy, where we go on vacation and our most recent Google searches, and companies will not only be able to track our behavior, they’ll be able to predict it. And behavior prediction is the holy grail of the surveillance economy. 

For the time being, you control many of the inputs that fuel the surveillance economy – but changing behavior is hard. I know because even I have to make intentional choices about how I share my health data. The keyword in that sentence is intentional.

For example, you can choose to take off your Fitbit or trust your data with Apple, which is a hardware and media company where Google is an information aggregation company. You can change the default privacy settings on your phone, your tracker and your profile. You can delete apps that track your fitness and health, buy scales that don’t connect to the internet and opt-out of information sharing for the apps and devices you must use. Your greatest tool in the fight for privacy and security is your intentional use of technology.

In other words, you do have a measure of control over your data. Donut Feel Good?

About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a privacy and cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker, and expert on technology, cybersecurity and tech/life balance. 

 

Keywords:

Meta: Are you comfortable having Google own your Fitbit data to add your heart rate, exercise frequency, current weight, and sleep habits to everything else they track about you? But they promise not to share…

 

Google Isn’t Just Buying Fitbit, They’re Tracking Your Donut Habit

John Sileo: Google Fitbit to Track Your Health Data

Spinning Wildly on the Hampster Wheel of the Surveillance Economy

You’re heading to the gym for a workout when you decide to surprise your coworkers with a treat. You search for the nearest bagel shop on your Google Maps app. The app directs you to their closest advertiser, Donut Feel Good?, which is actually a donut shop just short of the bagel place. Your heart pounds from the joy of anticipation — your team will LOVE you (and the sugar rush). 

Just as you’re leaving the donut place, your phone alerts you to a coupon at your favorite coffee shop. “Why not?” you think, as Google nudges your behavior just a bit more. As you bite into your first donut and bask in coworker glory, Google is busy sharing your lack of exercise and poor eating habits with your health insurance company, which also has an app on your phone.  

Welcome to the surveillance economy, where the product is your data.

Acquiring Fitbit Moves Google Out of Your Pocket and Into Your Body 

Thanks to Google’s purchase of Fitbit, Google doesn’t just know your location, your destination and your purchases, it now knows your resting heart rate and increased beats per minute as you anticipate that first donut bite. Google is at the forefront of the surveillance economy — making money by harvesting the digital exhaust we all emit just living our lives. 

Google already has reams of data on our internet searches (Google.com), location data (maps and Android phones), emails and contacts (Gmail), home conversations and digital assistant searches (Google Home), video habits (YouTube), smarthome video footage and thermostat settings (Nest) and document contents (Docs, Sheets, etc.). The sheer volume of our digital exhaust that they’re coalescing, analyzing and selling is phenomenal.

Combine that psychographic and behavioral data with the health data of 28 million Fitbit users, and Google can probably predict when you’ll need to use the toilet. 

Fitbit tracks what users eat, how much they weigh and exercise, the duration and quality of their sleep and their heart rate. With advanced devices, women can log menstrual cycles. Fitbit scales keep track of body mass index and what percentage of a user’s weight is fat. And the app (no device required) tracks all of that, plus blood sugar.  

It’s not a stretch of the imagination to think Fitbit and other health-tracking devices also know your sexual activity and heart irregularities by location (e.g., your heart rate goes up when you pass the Tesla dealership, a car you’ve always wanted). Google wants to get its hands on all that information, and if past behavior is any indicator, they want to sell access to it. 

As Reuters noted, much of Fitbit’s value “may now lie in its health data.”

Can We Trust How Google Uses Our Health Data? 

Regarding the sale, Fitbit said, “Consumer trust is paramount to Fitbit. Strong privacy and security guidelines have been part of Fitbit’s DNA since day one, and this will not change.” 

But can we trust that promise? This is a common tactic of data user policy scope creep: Once we stop paying attention and want to start using our Fitbit again, the company will change its policies and start sharing customer data. They’ll notify us in a multipage email that links to a hundred-page policy that we’ll never read. Even if we do take the time to read it, are we going to be able to give up our Fitbit? We’ve seen this tactic play out again and again with Google, Facebook and a host of other companies.

Google put out its own statement, assuring customers the company would never sell personal information and that Fitbit health and wellness data would not be used in its advertising. The statement said Fitbit customers had the power to review, move or delete their data, but California is the only U.S. state that can require the company to do so by law — under the California Consumer Protection Act, set to go into effect next year. 

Tellingly, Google stopped short of saying the data won’t be used for purposes other than advertising. Nor did they say they won’t categorize you into a genericized buyer’s profile (Overweight, Underfit & Obsessed with Donuts) that can be sold to their partners.

And advertisements are just the tip of the iceberg. Google can use the data for research and to develop health care products, which means it will have an enormous influence on the types of products that are developed, including pharmaceuticals. If that isn’t troubling to you, remember that Google (and big pharma) are in business to make money, not serve the public good. 

Google Has Demonstrated Repeatedly That It Can’t Be Trusted with Our Data

Just this week, we learned that Google has been quietly working with St. Louis-based Ascension, the second-largest health system in the U.S., collecting and aggregating the detailed health information of millions of Americans in 21 states. 

Code-named Project Nightingale, the secret collaboration began last year and, as the Wall Street Journal reported, “The data involved in the initiative encompasses lab results, doctor diagnoses and hospitalization records, among other categories, and amounts to a complete health history, including patient names and dates of birth.”

The Journal also reported that neither the doctors nor patients involved have been notified, and at least 150 Google employees have access to the personal health data of tens of millions of patients. Remarkably, this is all legal under a 1996 law that allows hospitals to share data with business partners without patients’ consent. Google is reportedly using the data to develop software (that uses AI and machine learning) “that zeroes in on individual patients to suggest changes to their care.” It was originally reported that the arrangement is all legal under a 1996 law that allows hospitals to share data with business partners without patients’ consent.

However, the day after the story broke, a federal inquiry was launched into Project Nightingale. The Office for Civil Rights in the Department of Health and Human Services is looking into whether HIPAA protections were fully implemented in accordance with the 1996 law.

Your Health Insurance Could Be at Stake

Likewise, Fitbit has been selling devices to employees through their corporate wellness programs for years and has teamed up with health insurers, including United Healthcare, Humana and Blue Cross Blue Shield

Even if individual data from Fitbit users isn’t shared, Google can use it to deduce all sorts of health trends. It’s also possible that “anonymous” information can be re-identified, meaning data can be matched with individual users. This sets up a scenario where we can be denied health care coverage or charged higher premiums based on data gathered on our eating or exercise habits. 

Now couple that with data on what foods we buy, where we go on vacation and our most recent Google searches, and companies will not only be able to track our behavior, they’ll be able to predict it. This kind of digital profile makes a credit report look quaint by comparison.

Get Off the Hamster Wheel

For the time being, you control many of the inputs that fuel the surveillance economy. You can choose to take off your Fitbit. You can change the default privacy settings on your phone. You can delete apps that track your fitness and health, buy scales that don’t connect to the internet and opt-out of information sharing for the apps and devices you must use. Your greatest tool in the fight for privacy is your intentional use of technology.

In other words, you do have a measure of control over your data. Donut Feel Good?


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a privacy and cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker, and expert on technology, cybersecurity and tech/life balance.

Data privacy not really a big part of Big Data

Big Data is an economic juggernaut as well as a ripe opportunity to forfeit your profitable data privacy. Businesses and consumers should consider the potential costs – and what they hope to get in return. 

Not so long ago, the internet was a very different place. Users were advised never to give out their names or addresses, to avoid talking to people they don’t know and to keep all personal identifiers secret. Data privacy was something we were thinking about constantly, especially when it came to sensitive information. Cyberspace was thought first and foremost to be a place filled with strangers where we must tread with caution.

Today, we’ve swung too far in the other direction. We all but depend upon the internet to connect, to make ourselves public, to be seen by as many people as possible all over the world. Entire sites exist to promote us, and the sort of things we used to carefully consider before disclosing, we now sign away without a second thought, completely unaware of what we are putting on display.

Distracted from Data Privacy

In fact, a recent study conducted by a professor I respect highly (Allesandro Acquisti at Carnegie Mellon University – read the NY Times article) shows how incredibly easy it is to convince consumers to give up private data that, were we thinking clearly, we’d staunchly refuse.  What exactly does it take? Distraction. If we are distracted in the moment of making the decision to share our sensitive data (whether it’s a text, email or a special offer by the website requesting our info), we are far more likely to give more information than if we were not distracted. What is our online experience if not distracted!? In addition, the way in which online retailers ask for our information influences our willingness to give more than we should.

When was the last time you actually read through all of the “Terms and Agreements” that popped up when you joined Facebook or Twitter? This has happened slowly, and it’s been so gradual a change that most of us don’t even question it. Worse, many of the giants of social media have become so dominant that we often can’t afford to not be connected, as both professionals and individuals: many have become resigned to think of sharing their private information as a poison apple they have to bite. 

A report by the World Economic Forum recently highlighted the current use of personal data and proposed possible solutions to combat data abuse, such as penalizing applications that overstepped their bounds. The authors behind the paper posed that data could still be collected as long as there were proper checks in place preventing it from being exploited. It’s a topic of much debate right now, as companies and advocates battle to see the best way to ensure user security while pleasing marketers. Meanwhile, there are hackers, botnets and cyber-criminals waiting in the wings to exploit security gaps for their own purposes.

On the other hand, we can’t deny the benefits that come from sharing personal information either. Millions have used the ability to connect and share to gain fame and financial success. There are also some sectors, particularly healthcare, where transmitting personal details electronically could greatly improve or even save lives, all of which makes the role of proper data privacy protection even more essential.

It’s a time where we can’t afford to be lax or ignorant when it comes to the vagaries of the internet. Proper data privacy training can be the difference between an organization that’s safely protected from outside threats and a sitting duck.

John Sileo is a data privacy expert and keynote speaker on social media exposure, cyber security and identity theft. His clients included the Department of Defense, Pfizer, Visa and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Google drove by your house and took down your information without you knowing…

It's not just hackers that make a habit of scooping your information. Google has had a notoriously dodgy record when it comes to user internet privacy – and some think it might have finally gone too far. 

At this point, most of us accept that the marketplace is watching us all the time, or else we remain blissfully ignorant. Ads that respond to your browsing history are one thing, though: a company driving through your neighborhood and stealing your data is another. Thirty-eight states brought a case against the internet search giant recently for violating data privacy. Google has been charged a $7 million fine and will supposedly take efforts to stay further from user information. In the meantime, this action should serve as a reminder of how available your passwords, email conversations, and messages are.

What did Google do, exactly? Well, in creating its Street View mapping system, it sent wired cars traveling down roads and through neighborhoods across the country to take pictures. But while it was doing that, it was also pilfering data from the unencrypted routers of businesses and families, who remained completely oblivious. And though the company has said it's sorry, the impending arrival of "Google Glass" which will effectively stick a recording device on everyone's face, has privacy advocates worried, especially since Google already racked up a fine from the FTC of more than $22 million last year. Remember: every email, call, and text you send is being monitored. 

Businesses, medical centers, homes – how many go by every day with their information exposed?

The danger isn't just that our online privacy is at risk. It's that we don't know it is, or even worse, we don't care. Those who plunder your digital storehouse can take advantage of your apathy or cluelessness. It's up to us to make sure we take the right precautions and not lose our passion for protecting our assets – and our money. 

John Sileo is an online privacy expert and keynote speaker on digital security, identity theft and social media. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.  

Geolocation Data Lets Thieves Know When To Rob You

Take a moment to think about the last time you “checked in” somewhere on a social media site or were tagged in someone else’s status update. People often do this to share the cool things they see or do on vacation or their day off work.

In that moment you just took, did the term “geolocation data” spring to mind? If not, it should have – along with data security. Geolocation data includes all these tags and check-ins, where you are announcing to the world where you are and what you’re doing. Companies use this information to tailor advertisements and other marketing materials to target specific audiences.

Now, we can debate the ethical practices used by these organizations to gather our personal information until the chickens come home to roost, but there are others out there who clearly have nefarious machinations in mind. That check-in at a concert you’re having a blast at tells the online world that you are not home and now might be a good time to break into your house and steal everything you own.

What about that housewarming party you set up an event for on Facebook with your address? Now would-be thieves have a map to your unguarded possessions. And all those photos you posted from that party gave them a clear view of the layout of your home and what goodies they can expect to pilfer.

We post so many details about our lives on the Web on a daily basis, giving no thought to online privacy and its real world implications, that it’s a cakewalk for someone to put the pieces together and victimize you.

So here’s some advice. The next time you head out on vacation, don’t announce it to the world on social media sites beforehand or check-in at all the cool places you’re visiting along the way. Wait until you’re back at home to tell people how your trip went and post pictures.

Data privacy isn’t just about protecting files on your hard drive, it’s about protecting your online and physical world, because they are inextricably linked.

John Sileo is an online privacy expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.