Wearables and apps: insecure connections, careless users

Interview with Dr. Gabriele Bleser, AG wearHEALTH and AG Erweiterte Realität (Augmented Reality), Kaiserslautern University of Technology and the German Research Center for Artificial Intelligence


Photo: Dr. Gabriele Bleser

Dr. Gabriele Bleser; © AG wearHEALTH

In this MEDICA.de interview, Dr. Gabriele Bleser talks about her concept of wearables, how an interdisciplinary research group designs wearables and apps for use in medicine and about unsecure connections and users who are too careless.

Dr. Bleser, what type of devices do you consider as "wearables"?

Dr. Gabriele Bleser: Generally speaking, for me this is technology that you can wear on or also inside the body. Typically, those are items like bracelets, watches, glasses or textiles. A Smartphone can also be a wearable device. I would also include intelligent implants in this that are still in their early development stages today. For me, it is important that wearables have sensors that make it possible to collect information about the environment and the user, it is, therefore, context-sensitive and supports the user without needing many disruptive interactions or input.

What are today's current technologies to connect wearables, mobile devices, and the internet?

Bleser: There is radio transmission on the one hand: most devices are connected via Bluetooth to a Smartphone. Bluetooth low energy is currently the most popular way. And then there is also near field communication, Wi-Fi networks or mobile networks of course. On the other hand, I also include apps with this that independently read out data and potentially pass them on to a server where they are being stored, processed and made available. That is why cloud computing is subsequently another technology that is being used here.

Are there safety standards for these connections or efforts to establish them?

Bleser: This is a very wide-ranging question. Initially, you need to differentiate between data or rather IT security and data protection. Data security means ensuring the confidentiality, availability and integrity of data by encrypting them for example and offering the user authentication mechanisms.

Data protection, on the other hand, is more the protection of an individual against data abuse, meaning the control over personal data stays with the user. This is primarily the focus of our AG, less on technical aspects. Studies for instance show that many devices and apps send unencrypted mHealth data over the Internet, that there is no data privacy statement by the provider and that it is common to connect with third parties such as social networks to upload data. Yet it is not clear at all what actually happens to the data and where it ends up. Data protection, however, is regulated by law, through the EU Data Protection Regulation, the German Federal Data Protection Act (Bundesdatenschutzgesetz) and the Data Protection Acts of the different German federal states. Yet those are not always entirely clear in terms of new technologies or they exhibit gray areas that need to be revised.

Photo: Woman is training with ball, wearable at her wrist

Will physical therapy and rehabilitation look like this in the future, using wearable devices? There are no devices yet for sophisticated medical scenarios. Dr. Bleser and the AG wearHEALTH want to change this; ©panthermedia.net/ hasloo

What is the status on protecting privacy during data transmission?

Bleser: Generally, common transmission protocols support data encryption. However, in the case of wearables, secure data transmission frequently takes a backseat to energy efficiency. Data encryption in the software, for instance, requires more processing power and energy and nobody wants to constantly recharge their devices of course. This is currently seen as a higher priority by customers. That is why there is some need to catch up and potential for development if customers would respond more strongly. That said, even the most secure data transmission does not reduce the risk of misuse associated with storing data on remote servers or in social networks.

What concrete contribution does your AG wearHEALTH intend to make?

Bleser: We want to make wearables also usable for sophisticated medical scenarios and prove their effectiveness in the mHealth field.

We also develop intelligent algorithms and methods to process wearables data. A big subject for us is motion analysis based on inertial sensors, for instance, and how it can be used for home rehabilitation, for athletic activities or in ergonomics.

We are working on developing a digital fitness trainer so patients are able to continue their exercises after they have been released from rehabilitation and ensure the therapy’s success, and we are also working on apps that measure, avoid and reduce stress.

The focus is also on the social embedding of systems, meaning how you need to design them so people want to use them at all. This also includes the responsible handling of personal data. After all, one current debate pertains to the integration of wearables and apps into the health care system. It brings up questions on whether and how sports and fitness data should be transferred to health insurance companies and what constitutes reasonable and acceptable models of integration.

Photo: Young woman takes a selfie while she is jogging

And after work-out, upload a selfie alongside the data from your fitness tracker - in practical application, protection of their health-related, personal data is not as important to users as they state in surveys; © panthermedia.net/ william87

Why does your AG have an interdisciplinary setup?

Bleser: To make wearables and apps useful for health aspects, you simply need different skills. Aside from mathematicians and computer scientists who develop and implement new algorithms and processes, you also need the expertise of biomechanics, medicine, sports science and physiotherapy to adapt the devices to application scenarios. Empirical research needs to consistently validate systems and provide evidence of efficiency. When it comes to questions of human-machine interaction, psychology also plays a big role. The same is true for sociology when a system is meant to be designed in a way that people would also want to use it.

Finally, I want to ask you for your opinion: Are users too careless when they use apps and devices for "self-monitoring"?

Bleser: Surveys show that data protection and secure data transmission is important for users but that they actually do not pay much attention to it in practical application. For instance, it generally does not seem important what authorization an app is exactly being granted during the installation or where data is being stored. I believe the subject is definitely on people’s minds. However, consistent action is still not very evident; the general population treats this subject fairly carelessly.

Photo: Timo Roth; Copyright: B. Frommann

©B. Frommann

The interview was conducted by Timo Roth and translated from German by Elena O'Meara.