acquaintances who have physical access to a person’s iPhone who might want to alter the
information in unfortunate cases involving bad family or relationship dynamics or other psy-
chological factors.
Frameworks such as Apple’s ResearchKit are being leveraged by medical researchers to
use smartphones and smart watches to collect data and perform research on various diseases
and ailments. For example, Stanford Medicine is using ResearchKit to perform a global cardi-
ovascular research study using the MyHeart Counts app. Heartbeat data collected from Apple
Watches is sent to a remote database and used to further research. Here is a note from the
project’s privacy policy:
All information that is collected through the App will be sent to a secure data server run by Sage
BioNetworks (“Sage”), a non-profit research organization. Sage will replace the direct identifiers
listed above (your name, email address, and date of birth) with a code to help protect your
identity—Sage will encrypt the direct identifiers and store them separately. Because the data are
coded, researchers using the data will not be able readily to identify which information pertains to
you. Stanford researchers will, however, maintain your consent and personal information and
retain the ability to re-identify the information if doing so is needed for research integrity purposes
or legal purposes, and they may share re-identified information with others at Stanford who need to
see such information to ensure that the research meets legal, regulatory or institutional require-
ments.In this case, the information collected is sent to a remote data server. It is then replaced
with a random identifier token so researchers using the data will not be able to identify the
individual the data is collected from. However, another database is maintained that can be uti-
lized to reidentify the individual should the researchers decide or need to do so. This is a solid
example of how health data collected from sensors attached to our bodies is going to be lever-
aged and possibly distributed across cloud platforms around the world. The security of these
platforms, as well as what access the researchers themselves have in terms of identification
purposes, will have a bearing on the potential for privacy violations. Medical data stored in the
cloud will be open to different attack vectors than traditional medical records stored in hospi-
tals and doctors’ offices.
The Data Tsunami
Most people who use Facebook or Google have noticed targeted ads with a high creep factor—
ads on these platforms are tailored to precisely suit people’s interests, based on their previous
search queries, email contents, instant messages, and social network dynamics.
Services such as Google now go through your data to suggest events for you to attend, and
even offer to check you in for your flights based on an email copy of your itinerary. The world
of the IoT will bring in additional sensor- and behavior-based data that will be valuable to
social networking companies and extremely useful for marketing. We are likely to see adver-
CHAPTER 8: SECURELY ENABLING OUR FUTURE—A CONVERSATION ON(^244) UPCOMING ATTACK VECTORS