Nike + iPod = Surveillance

Another example of the need for value-conscious design:

Wired News summarizes a damning report from four University of Washington researchers that reveals how security flaws in the new RFID-powered Nike + iPod Sport Kit make it easy for tech-savvy stalkers, spouses, thieves, corporations, or governments (oh my!) to track your movements via those nifty shoes. From the report’s overview:

Key industry players are incorporating wireless radio communications capabilities into many new personal consumer products. For example, the new Nike+iPod Sport Kit from Apple consists of two components — a sensor and a receiver — that communicate using a wireless radio protocol. Unfortunately, there can be negative side-effects associated with equipping these gadgets with wireless communications capabilities.

In the case of the Nike+iPod Sport Kit, our research shows that the wireless capabilities in this new gadget can negatively impact a consumer’s personal privacy and safety. As part of our research, we built a number of surveillance tools that malicious individuals could use to track Nike+iPod Sport Kit owners. Our tools can track Nike+iPod Sport Kit owners while they our working out, as well as when they are just casually walking around town, a parking lot, or a college campus. The tracked individuals don’t even need to have their iPods with them.

Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit.

Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets.

Employing some “simple cryptographic techniques” is all Nike & Apple would need to have done to alleviate these privacy and surveillance concerns. Why didn’t they? The researches speculate that “associated tradeoffs, like sensor battery life, manufacturing costs, and use experience” might have prevented the designers from implementing these privacy-protecting measures.

When should an extra 15% in battery life trump protecting a user’s privacy? Should companies (and consumers?) accept extra costs for privacy protections as a cost-of-business? How can we train technical designers to make ethically-based decisions when creating these kind of products? All vital questions, and significant challenges that must be addressed to successfully engage in value-conscious design in real-world contexts.

(Noëmi Manders-Huits and I have been working on a paper, “Values and pragmatic action: The challenges of engagement with technical design communities,” that confronts these very issues. I’ll post a draft when ready for comments.)

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s