Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

UL creating standard for wearable privacy and security

Matt Hamblen | Oct. 14, 2015
Certification program to be finished in early 2016

"At UL, we recognize two kinds of manufacturers," Fernando said. "One group understands cybersecurity or safety and has a good robust product on the market, but on the other end there are manufacturers who have never heard the word 'cybersecurity' before and don't know what they should be doing before marketing a product. So, we are trying to get a baseline of minimal requirements to level the field."

Fernando said UL's certification will be a "minimal level of acceptable safety or security" of products. "You either have that UL mark or you don't."

Once products are certified, they will all be publicly listed, he said.

Anonymous data?

One area of concern to UL and many lawyers in the privacy field is how personal data is collected from smartwatches and other devices, and then how it is used or sold.

Privacy advocates are especially worried that personal data from devices and apps won't be kept anonymous or ever erased when it is collected in bulk in databases and then sold to third parties for marketing or other purposes.

"There need to be standards for anonymizing data, and we're the first ones trying to do some of that," Fernando said. Some privacy advocates argue that even if a smartwatch user never gives his or her name, Social Security or credit card number to a smartwatch or app vendor, a hacker can still successfully invade the user's privacy. One way of doing this would be to use several pieces of publicly available data on the Web to compare with a user's smartwatch GPS location or mobile payment history to identify the user and, potentially, commit fraud against the user.

"Most experts continue to be concerned about the security of wearables, including smartwatches," said Irina Raicu, director of Internet ethics at the Markkula Center for Applied Ethics at Santa Clara University, in an email. She cited research at the University of Illinois demonstrating how motion sensors on smartwatches were monitored to show what a person was typing with a keyboard.

"The fact that DefCon had a whole 'Internet of Things Village' to discuss ways to hack into IoT devices speaks volumes, I think," she added.

Fernando said he's familiar with the concerns of cybersecurity experts with wearables. But he's also optimistic the UL can set minimal standards for anonymization of personal data from devices as well as tackle other related security worries.

"We see a lot of innovation and lot can be done with the correct technology," he said. "I'd be hesitant to write off anything as impossible."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.