Would you jailbreak a connected device that was part of you?

And if you wouldn’t, would your teenager?

In my previous blog post (Is the Internet our best metaphor for the IoT?), I explored the implications of considering the emerging Internet of Things –with its billions of devices, millions of which might be physically connected to people– in the way we understand the internet we have today. This time around we’ll look at the implications of companies moving into the business of designing medical or even lifestyle hardware and software that might wind up attached to or embedded in people.

Obviously people have been wearing such devices for a while now. A little over a year ago Frédéric Filloux covered the potential for Medical Devices (“This Wristband Could Change Health Care”), specifically the Jawbone UP  to generate massive amounts of data that would have significant value to both medical and insurance companies — as well as serious privacy concerns for individuals. Since then, Samsung has launched their Gear Fit line and shipped the Galaxy S5 with integrated heart rate monitor to mixed reviews. Turns out the heart rate monitor and sleep monitoring capabilities aren’t particularly accurate; hopefully they will be before your insurer asks to take a look at your data.

The credibility and goals of an organization take on new significance when it comes to storing this sort of personal privileged data. When Apple unveiled their own HealthKit for iOS8 at their annual Worldwide Developers Conference  they cited partnerships with the world-renowned Mayo Clinic and Epic Systems — a leader in the field of Electronic Health Records (“Apple Gives Epic And Mayo Bear Hug With HealthKit“).

Before the conference had concluded, iOS hacker Steffan Esser (better know as i0n1c) was already working on an iOS8 jailbreak. Referring to the various backdoors he’s used to gain unauthorized access to hardware in the past, Esser tweeted,”Initial tests show that iOS 8 beta does not fix anything.”  What are the stakes for security and privacy when a device associated with you contains not only identifying and financial information, but also behavioral indicators with potential security implications? You know, data like your sleep patterns and your medical records. And what risks might be introduced by a malware-infected application running on a jailbroken device with access to that sort of data?

From a more optimistic perspective, one can easily imagine situations in which having medical records at hand would be useful; this is one of the things that excites medical professionals about HealthKit. But medical emergencies are a perfect example of a situation in which the owner of a device may not be able to manipulate it in their own interest. Also, that information may only be available or up-to-date provided it’s connected to a network. Who would be liable for action taken based on medical information that wasn’t actually up-to-date?

Established device manufacturers, looking to solve these and other challenges associated with the increasingly personal interactions between consumers and technology, face significant challenges. A recent article in Forbe’s started with this congratulatory note for biopharma start-ups,”Good news, early-stage biopharma companies: at least you’re not early-stage device companies.”