Archive for May, 2017

Apple Watch, diabetes, and security

May 20, 2017

There have a been some rumors lately of Apple testing a monitor for blood sugar. Recent comments by Tim Cook suggest that such a monitor might be non-invasive:

“It’s mentally anguishing to stick yourself many times a day to check your blood sugar,” he said. “There is lots of hope out there that if someone has constant knowledge of what they’re eating, they can instantly know what causes the response… and that they can adjust well before they become diabetic.”

If Apple has developed this technique for accurately measuring blood sugar, they could save lots of lives, and Apple Watch sales could really take off to the point that it becomes a mainstream product like the iPhone.

Now, I’ve long assumed that Apple takes adequate steps to insure that private data remains secure, but I’ve also recently discovered from Apple Support that iCloud backups only store health data for sixty days, so if a customer wants to keep their health data indefinitely, they need to make their own encrypted backups in iTunes. Add that to the fact that Apple encrypts at least some iCloud data with both Apple’s and the user’s keys, and a customer might have cause to worry.

Moreover, Apple should already be anonymizing stored private data (say, a user’s browsing history) so it is separate from trivial data, such as purchase history. But health data should be anonymized yet again. After all, what healthcare insurer wouldn’t want to obtain exercise, blood pressure, weight, and now blood sugar data about Apple’s customers? What might Apple’s customers pay an unscrupulous individual to keep that information confidential?

If the Apple does debut this new feature on June 5th, the company should take steps to ensure that health data never leaves the customer’s device, and if it does, that data should be stored separately in iCloud, using only the customer’s encryption key, and not Apple’s.

Advertisements