This article was published on September 20, 2018

Fitbit-based life insurance is a potential privacy and security nightmare

1984 never looked this good.

Fitbit-based life insurance is a potential privacy and security nightmare
Matthew Hughes
Story by

Matthew Hughes

Former TNW Reporter

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

John Hancock is one of the oldest and most established insurance companies in the United States. According to Reuters, it’s also the first US insurance company to ditch traditional life insurance policies entirely in favor of “interactive life insurance.”

What does this mean? Essentially, John Hancock is encouraging (but not mandating) that policyholders to share health and lifestyle data with the company. This data typically comes from wearable devices, like the Apple Watch or Fitbit.

Those who lead healthy, active lifestyles are likely to live longer than, say, an overweight chain-smoker that has never even stepped foot in a gym. Insurance companies want healthier customers, as it means they collect more premiums over the lifetime of the policy, and ultimately pay out less when the person dies.

Interactive life insurance is an excellent way for insurance firms to select the more profitable customers while shaping existing policyholder behavior. They could, for example, offer discounts or rewards to customers that achieve specific activity goals.

In the case of John Hancock, it’s now exclusively selling policies that take advantage of activity and health data. Although customers can opt-out, they’re likely to miss out on certain discounts and offers.

Data-driven health and life insurance products are incredibly popular in the UK. With this move from John Hancock, it’s all but certain they’ll make significant inroads in the United States too.

Not everyone is happy, however. Privacy advocates have been quick to label the move as “creepy” and “dystopic.” Others have raised concerns about the security and integrity of the data shared.

Can you trust your wearable?

TNW spoke to Chris “PaperGhost” Boyd, Senior Threat Researcher at MalwareBytes, who raised concerns that wearable-based insurance policies could be undermined by bad faith or technical trickery.

“Insurance policies going digital by eventually tying highly detailed user data to premiums could be seen by many as overly intrusive,” Boyd said.

“Utmost good faith, where both parties agree the data given is accepted as true, is one of the founding principles of insurance. It’s easy to see several ways where said faith could be broken, either accidentally or deliberately,” he added.

The problem is that wearable devices are essentially computers, and given enough time or effort, can be hacked. Boyd outlined a couple of potential avenues for exploitation:

Wearables and smart devices don’t have a good reputation for product security; what’s to stop someone compromising the device and grabbing cheaper premiums at the expense of others? Worse, someone compromising your own device without your knowledge, causing numerous headaches as a result – especially if the data used is eventually used for a variety of services.

And then there’s the possibility that the wearable device could simply malfunction. In each of these scenarios, how would a policyholder contest a decision based on the data provided? That’s not entirely clear.

“While perks for healthy living are to be encouraged, the possibility of premiums being decided by dynamic data in an industry decided by changes on yearly circumstances could bring numerous security and privacy issues,” Boyd said.

For what it’s worth, not everyone in the security industry is unanimous in condemning this move. TNW spoke to Sean Sullivan, Security Advisor at F-Secure, who argued that the technology is quite mature, and is therefore unlikely to present a significant threat to the end-user.

“Health tracking technologies are now quite mature and anybody motivated to reduce their premiums should be able to manage the data that is generated,” he said.

Sullivan added that there’s yet to be a case of wearable health data exploited for profit.

“While in theory, such data could be targeted by those with ill intent, in practice we’ve not seen this. Criminals target financial data, not health. Programs such as this are, quite possibly, the best way in which individuals can profit from their data,” he explained.

While there are merits to both arguments, the deciding factor, ultimately, will be scale. Although interactive health and life insurance products are popular in the UK, they’re hardly ubiquitous, and the UK is a relatively small market. The US insurance market is much larger in comparison. As more end-users sign up to these plans, it’ll become clear what security and privacy threats ultimately come out of the woodworks.

Exclusionary by design?

There are also reasonable concerns that interactive insurance policies will ultimately exclude a large swathe of the population. For them to work, they’re contingent upon access to a relatively recent smartphone and a data plan. By default, this cuts out a significant number of elderly and low-income users.

Another worry is that when these insurance products eventually become standard across the market, consumers will have to decide between their privacy and their premiums. Some will (and already do) regard up-to-the-minute fitness data as a bridge too far, and will be reluctant to hand it over to third-party companies.

The issue isn’t the existence of these interactive insurance plans. I’m a firm believer that consenting adults should be allowed to do whatever they wish with their personal data. If that means giving an insurance company access in return for discounts and prizes, fair enough.

But what happens when these wearable-based policies become standard across the market, and consumers no longer have a choice in the matter?

Back to top