Privacy, security concerns grow for wearables

While Google Glass was not the success Google wanted it to be, there is no doubt that the wearable camera market is growing.

People may have not been comfortable with the fact that random persons can record their action without them being aware of it, but most have no trouble with law enforcement agents, first responders, or field services workers using wearable cameras to capture evidence or to protect their own safety.

privacy security wearables

Wearable cameras in the enterprise

According to a recent report by ABI Research, enterprise wearable camera shipments will reach nearly 24 million in 2022. Such a growth will have to be accompanied with ever increasing privacy and data protection measures.

“Data collected from wearable cameras can often include recordings of innocent bystanders, potential witnesses, and even victims. If not protected, this data in the wrong hands can be used to threaten those caught on camera, one of the main public concerns,” ABI Research analysts noted, and pointed out the need to for strong security protocols to be put in place by enterprise wearable camera vendors so that risk of loss is minimized.

Collecting sensitive data

The drastic increase in the amount of sensitive data collected using wearable technologies is due to more than just wearable cameras, says cyber security consultant Mohamed Ashik.

“Personal information stolen from wearable medical devices can lead to life threatening issues. Cybercriminals who get hold of these sensitive data will essentially know everything about the victim. They can sell, threaten or leak the information to the public,” he offered as an example, and said that all wearable device manufacturers and vendors should implement strong encryption mechanism as a default setting.

“Governments and organizations must collaborate to develop security standards and data privacy standards for wearable and IoT devices,” he adds.

Hackers are after data they can use

When it comes to wearable cameras, senior information security solutions engineer Adam Dzuricky says that hackers might be after the recordings because they might use it for things like blackmail or jury tampering, i.e. to make people do what they wouldn’t otherwise be inclined to do.

But getting that data might be tricky. “How searchable and/or easy to use would this mass of stored data be for a bad guy?” Dzuricky asks. Finding a specific recording might be such a time consuming effort that it would not be worth the effort – especially when the bad guys may achieve the same result through social engineering efforts.

How to secure your data

Nevertheless, the effort to secure this data must be made. And for those who want to acquire wearable cameras for their employees, it would be a good idea to treat the vendor like any other Software-as-a-Service provider.

“Assess them and their practices. Review their external assessments, such as SSAE 16. Ask them if they have completed a Cloud Security Alliance’s CAIQ. And then ask yourself three basic questions: If this solution works as planned, what is the best result? If this plan blows up in our faces, what’s the worst thing that can happen? And can we live with those results?”

Information security is a people problem, he notes. “It truly is the ultimate team sport, and our vendors are part of our team. In the public eye, their information systems are ours. We need to make sure we work together and always understand the value of the information we collect and retain.”

As ABI Research analysts noted, some enterprise wearable camera vendors offer platforms that can help enterprises secure the data that is collected from these cameras, and these platforms provide authentication, password, and data encryption mechanisms.

“Some platforms, like those by Edesix and VIEVU, can also help to redact certain details, such as automatically blurring out the faces and possessions of innocent bystanders. Often the devices feature built-in storage, rather than storing the recordings on SD cards, which ensure that the data cannot be forcibly removed or deleted before being uploaded to the platforms,” they added.