Highly Personal Data Is the Future of Tech, But Is It Secure?

A Day in the Life of Data

Feb. 5, 201403:27

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Just try to make a tech CEO pipe down about big data.

There's no hotter idea in tech now than the philosophy that massive amounts of raw information can solve all the world's problems, from obesity to language barriers to disaster response. Those at the forefront of technology pontificate about a Utopian future in which our heartbeats unlock our front doors, our social networks catalog the music we're listening to, and our DNA warns about which illness is going to kill us.

But there's not much talk about whether all of this extremely personal data is protected from malicious hackers -- or from salivating marketers.

"It's a whole different category of what we call 'personal data,' and we need to treat it differently," Rohit Sethi, vice president of security firm Security Compass, told NBC News. "You can get a credit card reissued. But you can't reset your heartbeat or your DNA."

A Day in the Life of Data

Feb. 5, 201403:27

Sethi and other experts told NBC News they're worried that a lack of discussion and planning now could hurt us in myriad ways years from now.

"Maybe down the road our heartbeat, for example, becomes the main way we prove our identities," Sethi said. "And if we didn't protect it 10 years ago, we don't have a way of correcting it. So we have to treat it as serious now because we can’t predict the future."

Hacking our emotions

In the present, the public conversation is squarely on the new and exciting -- and they are indeed exciting -- features that the power of data may unlock. For example: Microsoft CEO Satya Nadella was the opening panelist at Re/Code's Code Conference in Los Angeles on Tuesday night, and he couldn't stop using the word data.

"You can get a credit card reissued. But you can't reset your heartbeat or your DNA."

"In the post-post PC era, the currency is data," Nadella said. His team later demonstrated Skype Translate: a feature that takes conversations in real time and uses "deep learning" technology to change the language.

The next morning at Code, Qualcomm CEO Brian Mollenkopf donned a sensor-equipped garment he called a "wearable shirt" (drawing laughs from the audience). He explained how the shirt, made by AIQ and slated for release this summer, can track heart rate, breathing and even emotion.

It's all based on storing information in databases, at least temporarily. But it isn't the Microsofts and Intels of the world that make Sethi worried.

"Large, established companies have usually been hammered before, and they typically have evolved their security processes," Sethi said. "Startups, on the other hand -- all they have is risk in front of them."

Startups tend to focus on product first and security later, Sethi said. And in burgeoning fields like fitness tracking, competition is fierce -- so even a privacy-minded startup could end up pushing concerns to the backburner if rivals are busy pushing out competing products.

"The problem is, you can't think about [security] after you’ve built and sold your first product," Dave Aitel, the CEO of security company Immunity, Inc., told NBC News. "But a lot of companies don't care about security until they get hacked."

Marketing based on your evening walks

Malicious attackers aren't the only ones who may get their hands on this highly personal information. The second half of the issue is what John Rose, senior partner at research firm Boston Consulting Group, calls a "softer hack."

"The issue gets so much more complicated once you combine this personal information with data from a company that already knows a lot about you," Rose told NBCNews.

Let's say an exercise tracking app, for example, decides to sell its data to a marketer with access to your credit card habits. The marketer may see that you walk to the store most Fridays to pick up a pint of ice cream, and may use that information to serve you an ad.

"The problem is, you can't think about [security] after you’ve built and sold your first product."

"You might be comfortable sharing your exercise with this app, and you might know that your shopping habits are tracked when you open a credit card. But when they're combined they can create a whole new context that you may or may not be comfortable with," Rose said.

'Consumers will vote with their voice'

Sethi, the Security Compass vice president, said he would like to see the U.S. followed the European Union in developing stronger rules around data privacy. But he doesn't expect that will change soon, so self-regulation will be a must.

We apologize, this video has expired.

To that end, Rose of Boston Consulting Group believes some people are having some conversations in some pockets of the sprawling big data field. But they're fragmented discussions and they aren't enough, he said.

"We need to talk about the code by which we’re going to handle this data, and how customers can truly understand what they are handing over," Rose said. "That's a really rich and subtle and complicated discussion, and we aren't having it."

Sethi agreed that companies need to make abundantly clear what consumers are sharing and how it may be used. Services without transparency will likely end up losing the fight, he said.

"Consumers will vote with their voice," Sethi said. "If they show that they're concerned about privacy when they choose an app or a tracker, the companies will follow."

Of course, some customers may welcome the sharing of data, pointed out Aitel of Immunity, Inc.

"A few years ago people might have been horrified at the prospect of a dating site having access to your sleeping habits, but I could see it now," Aitel said.

"We’re more open now than i think anyone would have thought we’d be," he added. "In a world of selfies, is anything truly off limits?"