- iRi

2001-03-08

Expert: Web gadgets threaten your privacy
Privacy from Companies
3/8/2001; 4:11:44 PM

Kind of on the theme from yesterday:

'Popular electronic gadgets with links to the Internet pose a mounting threat to consumer privacy, Richard Smith, a leading computer privacy expert, said in an interview on Wednesday.

'Such everyday "spy" devices include fitness monitors that track heart rates and pump out exercise-related advertising, digital music players that track listening habits, low-cost wristwatch and wireless surveillance cameras, as well as location-tracking mobile phones and other monitoring devices.'

They mention a couple of these specifically, such as the Kodak picture frame that downloads pictures from the Internet. One quote bothered me. After Smith (the "expert" of the title) mentions SportBrain, some heart monitoring product:

'A SportBrain official dismissed Smith's arguments, saying that he had failed to take account of the company's response to his position.

'"There are no privacy concerns here," said Greg van den Dries, SportBrain's vice president of sales. "We don't sell data. We are not some crazy Internet company. We make money selling hardware."

'"People who are security experts can never admit they are wrong. Smith is barking up the wrong tree here," van den Dries said. The Sunnyvale, Calif. company is backed by Softbank Ventures and Ronnie Lott, the former U.S. football star.'

Well, first, van den Dries is flat wrong. Security experts are in the business of being professionally wrong (by which I mean that they tend towards the paranoid; things aren't as bad as they often claim, but of course, it's because their claims are self-negating prophecies); it's salesmen who can never admit they're wrong. Talk about the pot calling the kettle black!

Secondly, I looked at their privacy policy. They do not make a promise to keep it private in the future, and history shows that means they can chnge their minds any time. In fact, with the legal precedents currently in place, any privacy policy that does not include a commitment to always being at least as protective in the future is no privacy policy at all.

Finally, the security section brings up an interesting point. By doing this stuff on the website, rather then on a user's home computer where such processing should be done, they are subjecting their users to unnecessary security risks. No matter how much they promise about their security, the fact of the matter is the data is "out there" in the world, and there are entities who can obtain it, legally and otherwise, who could not if it was merely on your home computer.