Slashdot Mirror

← Back to Stories (view on slashdot.org)

Civil Case Uses Fitbit Data To Disprove Insurance Fraud

Posted by samzenpus on from the what-the-watch-saw dept.

Lucas123 writes In what could presage an era of data from wearables being used in civil and criminal litigation cases, a Canadian attorney is using data collected by a Fitbit activity tracking wrist band to prove his client is not scamming an insurance company. The defendant's attorney normalized the data using an analytics platform that compares activity data with other wearables, offering a way to benchmark his client's health against a larger group of wearable owners. Legal and privacy experts say it's only a matter of time before wearable data will be used in criminal cases, as well, and the vendors will have little choice but to hand it over. "I do think that's coming down the pike. It's just a matter of time," said Neda Shakoori, an eDiscovery expert with the law firm of McManis Faulkner. Health privacy laws, such as HIPAA, don't cover wearables and those companies can be subpoenaed — just as Google and Microsoft have been for years.

15 of 99 comments (clear)

  1. Privacy means local storage by HeckRuler · · Score: 4, Interesting

    vendors will have little choice but to hand it over.

    One of the strongest arguments I have for why I want programs to work with local content.
    HEY, your ad-driven phone app sends all it's data back to a central repository detailing almost every facet of my life. That's great, but I think I'll pass.

    What's that? People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

    Perhaps I'm just being paranoid here. There certainly doesn't look like there's rampant wide-spread abuse of this sort of data. Yet. But it's still the sort of thing that rubs me the wrong way.

    1. Re: Privacy means local storage by tysonedwards · · Score: 4, Insightful

      Local storage on a phone - devices that are small, visible, portable and valuable have a considerable market and as such lead to thefts - is a single point of failure where you can lose everything. Further, the industry average is to replace these devices every 18 months. There are mitigating strategies such as backup and resync approaches, but these create additional steps and introduce the likelihood of users losing their data. Hence why the idea of server side storage exists, as a means of making these device replacements easier and more transparent to users.

      Does that come with potential privacy issues? Of course it does, but largely the market decided that they would rather the convenience of a "dumb terminal" that can be replaced and immediately behave just like their old one than the security of a fully local model. Until there are massive security breaches that hit *most* people, where these approaches to cloud data storage is shown directly at fault (and not those visible to most, but largely affecting celebrities only as was the case with Fappening or other similar events) then this type of thinking will continue and new services introduced that are more and more Internet-centric for tasks that ultimately don't need to be.

      --
      Thirty four characters live here.
    2. Re:Privacy means local storage by praxis · · Score: 2

      The major difference is that a company given a letter (not a subpoena) has no incentive to not hand over the data. It's not like consumers have ever shown they care (enough, via the bottom line). Companies know this. That's why Amazon shut down WikiLeaks with only a phone call (no subpoena) and no one cared that the government could just silence a website they disagreed with without even making a legal argument. That's why scuba shops handed over their customer lists to the FBI when asked, without a subpoena. There are so many other cases of companies thinking "well, it's not like the customer cares, we can be nice to the government and not even piss anyone off".

      In the case of the subpoena, yes you gain nothing by storing the data yourself. In the case of a letter or phone call asking nicely, you have far more control. You can ignore it. A company may or may not.

  2. Memory limit and data durability by tepples · · Score: 4, Insightful

    People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

    I think the idea is that you still want to collect telemetry even if you're collecting more data than will fit in the device's memory. Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).

    1. Re:Memory limit and data durability by plover · · Score: 2

      The idea behind a fitness tracker is that the data is primarily useful within a shorter timeframe, such as an individual workout, or a day. A fitbit has no functional need to contain your year-old stats; even if it kept them, the user interface is so limited it couldn't show you anything meaningful. For historical data to be useful to the general user, the device has to transfer its data to a computer, where it can be stored, retrieved, and plotted. If the device was its own database, it would take extra time and energy to access it via Bluetooth.

      So the issue really is: where should the developer choose to store it all? It could live on your average user's PC or Mac, where you have to field a ton of support calls and questions from people who lose their stuff for a thousand reasons, or you keep it on a database in your own data center (where you can incidentally mine it for fun and profit.)

      --
      John
  3. Rampant wide-spread abuse of this data by xxxJonBoyxxx · · Score: 2

    >> doesn't look like there's rampant wide-spread abuse of this sort of data. Yet.

    But there could be. Many IoT company's privacy policies seem to be just a cut/paste of their wide-open web privacy policies. For example, take a look at Lowe's IRIS system. According to the legalese, I think they might be able to scan your home video feeds to look for products you might want...
    http://iotsecuritylab.com/iot-...

  4. If you think about it...it goes beyond wearables. by technomom · · Score: 4, Informative

    "Even if medical privacy laws did cover data recorded by a Fitbit band, it wouldn't matter, Reitman said, because there's an exception to HIPAA for law enforcement queries, national security and many other legal requests." To me, this sound like even X-rays, EKG results, MRI or CAT scan results or even just doctor's notes could be at risk. So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league. You don't need a wearable for any of that.

  5. Will activity of the cat and couch potato differ? by Trachman · · Score: 3, Interesting

    The next time wrist band activity will be used as an evidence that someone does not go out and I lives only a passive live, that someone can buy a cat.

    Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

    So, what is next? Surveillance cameras corroborating that the disabled owner is truly sitting home. 365/24/7 surveillance and records prior to the potential insurance accident just to prove that in the past the owner was active and outdoorsy person?

  6. Re:Will activity of the cat and couch potato diffe by jeffmflanagan · · Score: 2

    >Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

    Sounds like you've met my cat. I just threw away a cat tree because she was too lazy to use it.

  7. Re:Will activity of the cat and couch potato diffe by oodaloop · · Score: 2

    In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

    Cats are nocturnal. They're sedentary during the16 hours a day you watch them, then stalk to house all night looking for bugs to torture. I'm pretty sure a computer can figure out the difference between diurnal and nocturnal.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  8. Re:If you think about it...it goes beyond wearable by sribe · · Score: 4, Informative

    So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.

    Absolutely. Although they probably would NOT go for criminal charges, they would just sue for damages in civil court, in which case they could absolutely subpoena your medical records. Actually, it probably wouldn't even get that far, because they'd want the medical records BEFORE paying the claim, and if you didn't provide them, you wouldn't collect.

    So, as suspect and hit at, Lucas123 seems to be completely confused about how HIPAA applies when there's a legal dispute over an insurance claim. Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???

  9. Assault and battery by tepples · · Score: 3, Interesting

    My wrist is not Malaysia Airlines flight 370.

    I agree that a difference of scale exists. But it's still a noticeable loss if you get mugged and someone steals your smartwatch, smartphone, wallet, and other valuables, and you can't use your telemetry data against the mugger because the mugger stole the devices on which they were recorded.

  10. Lawyers are the first to abuse new technologies by MerlynEmrys67 · · Score: 2
    Divorce lawyer's best friend is Facebook. The amount of really stupid stuff that gets posted on Facebook during divorce proceedings is amazing. Imagine your ex calling the judge a child abuser - and having them have to defend that in court. Well - it happens. This is just the next step in this. We gather all kinds of data about ourselves and then get surprised when it is retrieved and brought out in open court. The rule is - control your own data, and don't have anything out there that you don't want opposing council to see.

    Yes, this especially covers HIPAA covered health records, anything can be found under discovery

    --
    I have mod points and I am not afraid to use them
  11. Re:If you think about it...it goes beyond wearable by nine-times · · Score: 2

    Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???

    I think the fitbit issue is a bit different, though, since it's not clear that it constitutes a 'medical record' that you'd expect your insurance company to have access to. An insurance company demanding access to fitbit records feels a little more like if they demanded access to your home movies. Sure, there may be some relevant information there, but it was information gathered by yourself for personal reasons which may not be strictly 'medical'. Besides, I would hope there'd be a legal challenge against using it as evidence, unless they can verify that the patient was actually wearing it, that the results are relevant to the case, and that the data collected is reliable.

  12. Re:If you think about it...it goes beyond wearable by bws111 · · Score: 2

    Note that this is HIS lawyer who is submitting the FitBit records, NOT the insurance company. The insurance company says his claim is fraudulent, and HE is saying no it isn't, my FitBit data proves it.