Google Glass, the groundbreaking computer you wear like a pair of glasses, went on sale in the UK a couple of weeks ago. Almost immediately regulators slammed the device as a threat under UK privacy laws, and UK cinema owners banned it from movie theatres.
New technologies frequently produce new risks and new regulatory issues. Few new technologies, however, result in as complex a risk conundrum as the emerging area of wearable computing devices.
Google Glass is perhaps the best known of this new breed of wearable technology, which also includes “smartwatches” and various types of sensing devices that can be strapped on your body or embedded in clothing. Google Glass is a lightweight wearable computer that offers smartphone-type functionality operated by voice commands, with information shown unobtrusively via a tiny head-mounted display.
Samsung, Sony, Pebble and Casio already offer smartwatches, but Apple’s soon-to-be-released iWatch is widely expected to define the market for this type of wearable device. In addition to providing iPad-like functionality, the iWatch will be able to measure health-related metrics such as calories burned and heart rate.
Technology enthusiasts are understandably excited about these new devices. They enable users to be almost perpetually connected to the Internet, both sending and receiving information. The potential benefits are enormous, but the risks are substantial. Regulators and lawmakers around the world already are taking note.
Since these devices are connected to the Internet, they are hackable much like a smartphone or a tablet, and may provide other types of information than can be used for malicious purposes. Fitness devices that capture and transmit information about our movement using GPS, for example, can provide a riminal with details about our daily routines and patterns as well as our current location.
Automakers are now beginning to offer wearable device for drivers. Manufacturers claim that vehicle-to-person interaction levels will become much higher, providing new levels of control and interaction with automobiles. Some safety advocates are concerned however, that these devices will only contribute to distracted driving.
Legislation banning Google Glass and similar eyewear while driving is being considered in several states and in the UK. The AAA has come out against the use of computer powered glasses, claiming that something that requires the “preoccupation of one of your eyes” should never be used while operating a car.
Data protection authorities from Canada, Australia, New Zealand, Mexico, Israel, and Switzerland, as well as Europe’s Article 29 Working Party representing every one of the EU’s member states, have questioned Google about potential violations of privacy laws. With the recent release of Google Glass in the UK, the Information Commissioner’s Office has warned that Google Glass and other wearable technology could breach that country’s Data Protection Act.
U.S. privacy laws are generally less stringent than those in Canada and Europe, but the Federal Trade Commission nonetheless is keeping a close watch on Google Glass and other wearable devices for potential privacy violations. Additionally, last year members of the Congressional Bi-Partisan Privacy Caucus sent a letter to Google asking for answers to a number of privacy-related questions. Some business owners are taking matters into their own hands. Some bar owners in San Francisco banned Google Glass over customer concerns about being filmed without their knowledge. The device is also banned in many strip clubs, casinos, restaurants, hospitals, and banks. In the UK, movie theatres are banning the headsets over fears that they will be used to make pirate copies of blockbuster films.
For corporate IT and information security professionals, wearables represent one more threat vector to contend with. As business uses of wearables emerge, BYOD policies will need to be extended to account for the specific risks posed by these devices.
Wearables are only the latest example of technology getting ahead of the law and challenging traditional notions of privacy. Companies that create applications for wearables, or which collect or process information produced by wearables, need to be mindful of both potential privacy law violations and of backlash from customers and others who may object to how their data is being used.
As businesses discover new uses for wearable technology, they need to keep in mind that they are deploying hackable technology that potentially creates serious new security headaches. Additionally, employees wearing Google Glass or similar products and are processing business information, especially images or videos, may unknowingly be violating privacy laws in numerous countries, including HIPAA and other laws in the United States.
Wearables are poised to transform the ways we interact with our environments and with one another. Whether they reach their potential may depend on how successfully we address the emerging privacy and liability issues today.