Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Courts Technology

Civil Case Uses Fitbit Data To Disprove Insurance Fraud 99

Lucas123 writes In what could presage an era of data from wearables being used in civil and criminal litigation cases, a Canadian attorney is using data collected by a Fitbit activity tracking wrist band to prove his client is not scamming an insurance company. The defendant's attorney normalized the data using an analytics platform that compares activity data with other wearables, offering a way to benchmark his client's health against a larger group of wearable owners. Legal and privacy experts say it's only a matter of time before wearable data will be used in criminal cases, as well, and the vendors will have little choice but to hand it over. "I do think that's coming down the pike. It's just a matter of time," said Neda Shakoori, an eDiscovery expert with the law firm of McManis Faulkner. Health privacy laws, such as HIPAA, don't cover wearables and those companies can be subpoenaed — just as Google and Microsoft have been for years.
This discussion has been archived. No new comments can be posted.

Civil Case Uses Fitbit Data To Disprove Insurance Fraud

Comments Filter:
  • by HeckRuler ( 1369601 ) on Monday December 08, 2014 @11:52AM (#48548031)

    vendors will have little choice but to hand it over.

    One of the strongest arguments I have for why I want programs to work with local content.
    HEY, your ad-driven phone app sends all it's data back to a central repository detailing almost every facet of my life. That's great, but I think I'll pass.

    What's that? People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

    Perhaps I'm just being paranoid here. There certainly doesn't look like there's rampant wide-spread abuse of this sort of data. Yet. But it's still the sort of thing that rubs me the wrong way.

    • by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Monday December 08, 2014 @11:56AM (#48548065) Homepage Journal

      People want this data on other devices? Why do you think that means it has to go live out on a server somewhere? Have you never heard of sync?

      I think the idea is that you still want to collect telemetry even if you're collecting more data than will fit in the device's memory. Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).

      • Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).

        My wrist is not Malaysia Airlines flight 370.

        • Assault and battery (Score:4, Interesting)

          by tepples ( 727027 ) <.tepples. .at. .gmail.com.> on Monday December 08, 2014 @12:38PM (#48548431) Homepage Journal

          My wrist is not Malaysia Airlines flight 370.

          I agree that a difference of scale exists. But it's still a noticeable loss if you get mugged and someone steals your smartwatch, smartphone, wallet, and other valuables, and you can't use your telemetry data against the mugger because the mugger stole the devices on which they were recorded.

          • That's why it should sync with YOUR computer, not the global corporate overlord's computer. These devices don't tend to have mobile uplinks, they sync through a desktop. I think you're missing the point.

            • by tepples ( 727027 )

              That's why it should sync with YOUR computer

              Did you mean over a wire or over a home WLAN? That doesn't work if the evidence on the device isn't synced yet, such as if you just got mugged. Or did you mean over an Internet connection? That doesn't work if your home computer cannot accept incoming TCP connections due to being behind NAT.

              These devices don't tend to have mobile uplinks

              Because they tend to be paired to a smartphone, which does have such an uplink.

              • That doesn't work if your home computer cannot accept incoming TCP connections due to being behind NAT.

                There are lots of situations in which it doesn't work but enumerating them is pointless, rather look at the ways in which it can be made to work. For example using port forwarding.

                • by tepples ( 727027 )
                  ISPs that use CGNAT charge extra to forward a port.
                  • ISPs that use CGNAT charge extra to forward a port.

                    That 'you may have an ISP that is using a CGNAT so in that case it could cost a little more' is a far cry from 'it doesn't work if you're behind a NAT'.

                    • by tepples ( 727027 )
                      Then let me rephrase: The vast majority of users are willing to use the manufacturer's server instead of paying "a little more" for a static IP at home or for a VPS and books on how to administer a VPS.
                    • Well the original comment [slashdot.org] was that you should sync with your computer. Which is perfectly possible and is of minimal cost, you can even use a dynamic DNS service (dirt cheap at only a dollar or two per month) so your assertion that it is cost prohibitive certainly does not seem to be true. Rather using some existing free service requires to effort from the user so they take the path of least resistance, but that doesn't exactly do anything to refute the original post.
                    • by tepples ( 727027 )

                      you can even use a dynamic DNS service (dirt cheap at only a dollar or two per month)

                      Dynamic DNS doesn't work on CGNAT ISPs, and in my experience, the upgrade from CGNAT to a static IP runs more than "only a dollar or two per month". True, if you happen to live in a country where CGNAT and other blocks on incoming connections are uncommon, and if you are willing to buy a low-power server to be left on all the time (as opposed to suspending when inactive), then you can sync to home. But just because your ISP doesn't use CGNAT today doesn't mean it'll continue to not use CGNAT next year.

                    • Dynamic DNS doesn't work on CGNAT ISPs

                      But it does if you're not on a CGNAT, which is most people.

                      and in my experience, the upgrade from CGNAT to a static IP runs more than "only a dollar or two per month".

                      Even the worst case I've seen was only $10 a month, really not that big a deal if you value storing your data on your system.

                      True, if you happen to live in a country where CGNAT and other blocks on incoming connections are uncommon, and if you are willing to buy a low-power server to be left on all the time (as opposed to suspending when inactive), then you can sync to home.

                      Get a NAS, they are a cheap low power server and you're set. If you are behind a CGNAT then get a static IP. It is nowhere near cost-prohibitive.

                      But just because your ISP doesn't use CGNAT today doesn't mean it'll continue to not use CGNAT next year.

                      Then I'll pay a couple bucks a month for a static IP, it's no big deal. CGNAT is just a stop gap to resolve the IPv4 issue in the interim anyway.

              • I assume you're very keen on some kind of edge case where you are unable to get to your home in time to offload your extensive GPS/fitness records, so you need to upload them to a cloud service (which really, could be under your control fairly easily if it wasn't /forced/ to be under theirs) via a mobile phone uplink, because the loss of those records would be .. catastrophic if you were mugged in deepest Africa and unable to sync to your desktop, but somehow still had good mobile phone coverage.

                Is that rig

                • by tepples ( 727027 )
                  No, the edge case is simply ability to upload at all without A. subscribing to and learning to administer a VPS, B. subscribing to a home Internet service level that includes a static IP, or C. physically entering my home. In this hypothetical, I have bars on my cell phone, but other Slashdot users in this thread have already ruled out uploading to a server administered by the device manufacturer on privacy grounds. Loss of the records would be catastrophic for the police and district attorney to punish the
                  • Loss of the records would be catastrophic for the police and district attorney to punish the mugger.

                    So the edge case is losing information about the mugging? Which for most people would be none at all.

                    This is related to fitness monitoring and privacy/insurance/big brother concerns... how?

                    I'll miss you most of all, scarecrow.

            • That's why it should sync with YOUR computer, not the global corporate overlord's computer.

              Or encrypt the data with your own encryption key and store it with whatever cloud storage provider you have chosen.

      • I think the idea is that you still want to collect telemetry even if you're collecting more data than will fit in the device's memory.

        I can sneeze and lose a 128GB flash card.

        Or you still want your data to survive even if the device on which it was collected does not (see Malaysia Airlines Flight 370).

        In the case of a fitbit, the chance of losing the data without losing at least your wallet if not the fitbit is fairly low.

      • more data than will fit in the device's memory

        . I record my bike rides with my GPS. Not once in the last 2 years have I had to remove data off the device because it ran out of space. I think in total there might be a few megabytes worth of data, and it's only that big because they use XML to store the data, which is inherently verbose. There is less data than actual XML. I'm sure that a simple fitness bracelet could store a lifetime's worth of data in under 1 GB.

        • by plover ( 150551 )

          The idea behind a fitness tracker is that the data is primarily useful within a shorter timeframe, such as an individual workout, or a day. A fitbit has no functional need to contain your year-old stats; even if it kept them, the user interface is so limited it couldn't show you anything meaningful. For historical data to be useful to the general user, the device has to transfer its data to a computer, where it can be stored, retrieved, and plotted. If the device was its own database, it would take extra ti

        • i have filled a few of the earlier generation garmin watches
          the latest i haven't had an issue with by the previous two eventually filled up

        • I record my bike rides with my GPS. Not once in the last 2 years have I had to remove data off the device because it ran out of space.

          What if I want the device on my bike to act as a GPS and also record video of my ride? (Think more of commuting in traffic than recreational/trail rides.) Why should I have to upload that video to some third-party service instead of my own server? Why do easy-to-use apps exist only to do the former, but not the latter?

          • What if I want the device on my bike to act as a GPS and also record video of my ride? (Think more of commuting in traffic than recreational/trail rides.) Why should I have to upload that video to some third-party service instead of my own server? Why do easy-to-use apps exist only to do the former, but not the latter?

            If you could find a decent standalone GPS app for a cellphone, it would trivially do this job without uploading. You'll want one with a card slot. But there's numerous DVR apps for Android, and I presume also for the iPhone. I bought Garmin Viago hoping to do offline GPS with it, but it's a gigantic pile of crap. On my Nexus 4 (which now seems to be losing its radio and its digitizer in spite of being care for fairly well with protectors and so on, I knew better than to buy LG) but also apparently for many

            • If you could find a decent standalone GPS app for a cellphone, it would trivially do this job without uploading. You'll want one with a card slot.

              A mugger who takes the phone also takes the card in it. And if your device is boot-looped, such as your LG, the evidence is likely encrypted on the internal flash with no way of recovering it.

              Anyway, having recorded a video to an Android phone, you can upload it to your own server

              How many less-technical people are willing to set up such a server rather than subscribing to an integrated third-party service? If most people actually had their "own server", then something federated like GNU social would have taken off instead of Facebook.

          • Why should I have to upload that video to some third-party service instead of my own server?

            Because the profitable majority of people aren't among the demographic that reads Slashdot. These people are unwilling:

            • to subscribe to a VPS to accept the upload,
            • to upgrade to business-class Internet at home to get around anti-server ISP TOS or carrier-grade NAT, and
            • to learn how to set up the server to receive the upload.

            The Slashdot demographic is an edge case, and the economies of scale associated with mass production and technical support tend to disfavor products targeted to edge cases.

      • by sjames ( 1099 )

        That's exactly why I want the data to go to MY server at home. I do not EVER want the data to go to the manufacturer's server.

        • by tepples ( 727027 )

          That's exactly why I want the data to go to MY server at home.

          How are you going to get it from your phone to your home server across an ISP's NAT?

          • by sjames ( 1099 )

            What ISPs NAT? I do my own NAT on IPv4 and since my ISP hands me a v6 prefix, I just filter.

            Failing that, I would rather buffer it and transfer by USB when I get home. Or, rent a VM for next to nothing a month. If worst comes to worst, emailing it to myself comes to mind.

            In other words, pretty much anything but storing it on the manufacturer's server.

            They can always offer the use of their server for people with no other options or who just don't care.

            • What ISPs NAT?

              Wikipedia's article about carrier-grade NAT [wikipedia.org] states that it's more likely to be deployed by ISPs in countries most affected by IPv4 address exhaustion [wikipedia.org]. Were you looking for actual ISP names? If so, I could do more research for you.

              Or, rent a VM for next to nothing a month.

              Correct me if I'm wrong, but you appear to imply that most people would be willing to take the time==money to learn to administer a VPS. I disagree.

              They can always offer the use of their server for people with no other options or who just don't care.

              In other words, the vast majority.

              • by sjames ( 1099 )

                I haven't heard of any ISP that is using carrier grade NAT TODAY that isn't also handing out v6 prefixes.

                I suggested that a VM is one of several options a user might take. Perhaps one of a group of friends might set it up. I also suggested USB cable plugged in to a PC but you ignored that because you couldn't think of anyone incapable of taking that option who could manage to strap a watch on in the first place.

                • by tepples ( 727027 )

                  I also suggested USB cable plugged in to a PC but you ignored that because you couldn't think of anyone incapable of taking that option who could manage to strap a watch on in the first place.

                  I ignored it because in a situation like this, the mugger is likely to steal your watch before you have a chance to get back to your PC.

                  • by sjames ( 1099 )

                    So, you go jogging every day for a year. One day you get mugged in the park and the one thing you are worried about is you lost the record of half of your jog?

                    But at the same time it wasn't important enough to ask your friend to get his computer genius nephew to set up a way for you to transmit the data live to a private server?

                    I guess you'll be devastated when the company announces, OOOPS, we lost all your data, please see page 527 paragraph 72 line 8 (yes, the one in a 1 pt font.) (yes, yes, the bit in Sw

                    • by tepples ( 727027 )

                      So, you go jogging every day for a year. One day you get mugged in the park and the one thing you are worried about is you lost the record of half of your jog?

                      Not quite the one thing but still one important thing. This record is valuable evidence against the mugger.

                      But at the same time it wasn't important enough to ask your friend to get his computer genius nephew to set up a way for you to transmit the data live to a private server?

                      I imagine that a lot of people who buy these sorts of things are unaware of the possibility "to ask your friend to get his computer genius nephew to set up a way for you to transmit the data live to a private server". Heck they're probably unaware of Slashdot itself.

                    • by sjames ( 1099 )

                      As I said before, those who really can't come up with anything else could always use the default manufacturer server and hope they never decide it's not profitable and shut it down. But if they do, perhaps some value can be saved by switching to the private server or USB option.

                      Of course, the first time a crazy stalker gets at the live data and kills someone, there will be a lot of people ready to consider private server or USB options.

                      Likewise if a group of burglars start using Nest data to decide when nob

      • by ceoyoyo ( 59147 )

        Put more memory in the device. Then you don't need a cell modem and data plan either. Or, if absolutely necessary (it's not in any of these devices) encrypt the data with a user-owned key so the company *can't* decrypt it.

        Sending this stuff in the clear back to the company that makes the device only benefits the company, and comes with significant drawbacks.

        • by tepples ( 727027 )

          Put more memory in the device. Then you don't need a cell modem and data plan either.

          This fails once your device is broken or forcibly removed from your possession. Please see my other comment [slashdot.org].

      • Hey tepples, how you doing? Slashdot mods, you get in here too.

        Listen, I'm not even mad. I understand I'm not always the most eloquent and well spoken. But the idea you're suggesting here is the exact thing I was shooting down.

        Yes, if you want to collect more data than will fit on the device (Gigs, we have GIGABYTES to work with), or you want backups made, or the thing is acting like a blackbox (which fitbit is not), then... and try and follow me here.... "you'd want this data on other devices." Right? It

        • I understand I'm not always the most eloquent and well spoken.

          And neither am I.

          or the thing is acting like a blackbox (which fitbit is not)

          The featured article implies that Fitbit is in fact being used as a black box, despite not originally having been intended so.

          Over the Internet? Can you seriously not connect to your computer over the Internet?

          Not if your computer's Internet connection doesn't allow incoming connections, whether because of CGNAT applied by your home ISP, because of a "no servers" clause in your home ISP's terms of service, or because it is in suspend mode to save electric power.

          Or you can occasionally walk within the range of your home's wifi and a program syncs your phone's data to your computer, bypassing your ISP.

          That works for the Fitbit's original intended use but not for the black box use described in the featured article

          • The featured article implies that Fitbit is in fact being used as a black box, despite not originally having been intended so.

            No it didn't. The lawyer looked at historical data of the trainer's fitbit device. It was not the last remaining record of a airliners's demise. Nor was the wearer of the fitbit... you know.... killed.

            Here we go, from another news article:

            The data will be provided by the plaintiff in a personal injury lawsuit in an effort to show life-affecting reduced activity post injury

            Which could honestly just be the trainer not wearing the bracelet as often.

            That works for the Fitbit's original intended use but not for the black box use described in the featured article.

            Also, I want to point out here that the data from these devices are being used not as originally intended. Hey, it was useful for the client this time. Maybe. But you're argument here is pointing ou

    • >> doesn't look like there's rampant wide-spread abuse of this sort of data. Yet.

      But there could be. Many IoT company's privacy policies seem to be just a cut/paste of their wide-open web privacy policies. For example, take a look at Lowe's IRIS system. According to the legalese, I think they might be able to scan your home video feeds to look for products you might want...
      http://iotsecuritylab.com/iot-... [iotsecuritylab.com]

    • by Anonymous Coward

      As long as you retain that data, the end game is the same: they could just subpoena you for your local data. Short of discarding the data entirely, you gain nothing.

      • by praxis ( 19962 )

        The major difference is that a company given a letter (not a subpoena) has no incentive to not hand over the data. It's not like consumers have ever shown they care (enough, via the bottom line). Companies know this. That's why Amazon shut down WikiLeaks with only a phone call (no subpoena) and no one cared that the government could just silence a website they disagreed with without even making a legal argument. That's why scuba shops handed over their customer lists to the FBI when asked, without a subpoen

      • by TheCarp ( 96830 )

        Not true at all.

        If the data is in the hands of a third party, the demand goes to the third party and the party in question has no standing to even be told about it; never mind defend himself from it. It is 100% in the hands of the third party to fight any such request, which, they have little incentive to do.

        If the demand must come through me then, at the very least, I have to be notified AND I have standing to challenge the demand. That, alone, is a HUGE difference.

    • by tysonedwards ( 969693 ) on Monday December 08, 2014 @12:04PM (#48548153)
      Local storage on a phone - devices that are small, visible, portable and valuable have a considerable market and as such lead to thefts - is a single point of failure where you can lose everything. Further, the industry average is to replace these devices every 18 months. There are mitigating strategies such as backup and resync approaches, but these create additional steps and introduce the likelihood of users losing their data. Hence why the idea of server side storage exists, as a means of making these device replacements easier and more transparent to users.

      Does that come with potential privacy issues? Of course it does, but largely the market decided that they would rather the convenience of a "dumb terminal" that can be replaced and immediately behave just like their old one than the security of a fully local model. Until there are massive security breaches that hit *most* people, where these approaches to cloud data storage is shown directly at fault (and not those visible to most, but largely affecting celebrities only as was the case with Fappening or other similar events) then this type of thinking will continue and new services introduced that are more and more Internet-centric for tasks that ultimately don't need to be.
    • The trouble is that apps that work with local content don't exist, because every company wants your data. The choice has become either giving up your data, or giving up on using technology at all.

    • by AmiMoJo ( 196126 ) *

      I am mid way through developing a GPS logger that uses public key encryption to protect privacy. It definitely is possible to make these kinds of device more secure at very little cost.

      Hopefully more companies will follow Google and Apple's lead in marketing privacy and resistance to legal attack as features.

      • I am mid way through developing a GPS logger that uses public key encryption to protect privacy. It definitely is possible to make these kinds of device more secure at very little cost.

        It seems like most GPS devices on the market today with any kind of display worth mentioning (most of them, that is) have well more than enough horsepower to handle basically any grade of encryption without the user actually noticing. It's shameful that they still don't.

        I was just firing up my Garmin StreetPilot, no model number following, to see if I could use it as a time source. Perhaps I should install it in my diesel Mercedes, it would look appropriate. I've got the SF maps... from aeons ago

    • Perhaps I'm just being paranoid here.

      Only if your fears never turn out to be true. In the meantime, methinks a better solution to abandoning cloud storage of personal data is to simply change the HIPPA laws to cover such data.

      • Doesn't matter. Law enforcement can get that data with (or [wikipedia.org] without [wikipedia.org]) a warrant. Likewise, this data is more or less publicly available if there are ever any security breaches. And we all know that someone like FitBit would pay the utmost attention to critical information like.... how often you giggled your wrist.
        Not that my home computer would be all that much secure. But it makes it a far less juicy target if there's just the one guy.

        And those HIPPA laws only ever come into affect if you're cognizant of so

    • I wonder how they will prove that, for the duration of the supposed criminal activity, it was me wearing it, and not someone I lent it to.
  • by technomom ( 444378 ) on Monday December 08, 2014 @12:00PM (#48548109)
    "Even if medical privacy laws did cover data recorded by a Fitbit band, it wouldn't matter, Reitman said, because there's an exception to HIPAA for law enforcement queries, national security and many other legal requests." To me, this sound like even X-rays, EKG results, MRI or CAT scan results or even just doctor's notes could be at risk. So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league. You don't need a wearable for any of that.
    • by sribe ( 304414 ) on Monday December 08, 2014 @12:27PM (#48548319)

      So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.

      Absolutely. Although they probably would NOT go for criminal charges, they would just sue for damages in civil court, in which case they could absolutely subpoena your medical records. Actually, it probably wouldn't even get that far, because they'd want the medical records BEFORE paying the claim, and if you didn't provide them, you wouldn't collect.

      So, as suspect and hit at, Lucas123 seems to be completely confused about how HIPAA applies when there's a legal dispute over an insurance claim. Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???

      • Seriously, what numbskull thinks you can file an insurance claim and then claim medical privacy in order to avoid handing over data necessary to evaluate your claim???

        I think the fitbit issue is a bit different, though, since it's not clear that it constitutes a 'medical record' that you'd expect your insurance company to have access to. An insurance company demanding access to fitbit records feels a little more like if they demanded access to your home movies. Sure, there may be some relevant information there, but it was information gathered by yourself for personal reasons which may not be strictly 'medical'. Besides, I would hope there'd be a legal challenge again

        • by sribe ( 304414 )

          I think the fitbit issue is a bit different, though, since it's not clear that it constitutes a 'medical record' that you'd expect your insurance company to have access to.

          It is different. But consider that an insurance company can hire a private detective to follow you and record your activities, check on your Facebook page, subpoena your health club records or your ski lift tracking data...

          Besides, I would hope there'd be a legal challenge against using it as evidence, unless they can verify that the patient was actually wearing it, that the results are relevant to the case, and that the data collected is reliable.

          Yes, your attorney can raise every one of those issues.

          • It is different. But consider that an insurance company can hire a private detective to follow you and record your activities, check on your Facebook page, subpoena your health club records or your ski lift tracking data...

            Yes, and that's really my only point. A subpoena asking for fitbit records should be thought of more like a subpoena for health club records, and not the same as your insurance company asking for medical records from your doctor.

        • by bws111 ( 1216812 )

          Note that this is HIS lawyer who is submitting the FitBit records, NOT the insurance company. The insurance company says his claim is fraudulent, and HE is saying no it isn't, my FitBit data proves it.

          • Note that this is HIS lawyer who is submitting the FitBit records, NOT the insurance company. The insurance company says his claim is fraudulent, and HE is saying no it isn't, my FitBit data proves it.

            I think the insurance company will respond by asking him to prove the veracity of the data, and they it wasn't someone else wearing it. Usually the insurance company has valid reason when they legally challenge a claim, even if it's just a disgruntled boss claiming there is fraud. It'll be ironic isfthe insurance company pulls out the guys tweets or facebook posts, or cell phone tracking data - all things that most people don't even consider.

            I'm waiting for the lawsuit where the insurance company produce

    • by ShaunC ( 203807 )

      So, if an insurance company thinks you are lying about your disability claim, they could ask law enforcement to grab up the X-ray of that broken ankle you suffered playing in the beer softball league.

      If an insurance company thinks you're lying about a disability claim, they aren't going to bother with law enforcement or medical records or some dubious fitness app. They'll hire a $300/day private investigator to follow you around for a few days and get photos of you at the golf course. He'll be checking all of your social media, he's probably going to be in your credit and phone records as well, via legal gray areas. If it's a worker's comp claim, they'll have him tail you until the day you go back to wo

      • From what I've seen, the PI investigation is almost "standard", almost every person is followed and taped for every worker's comp claim that might go over a thousand dollars. A good friend of mine did that kind of work for awhile; he sat in a van for hours at a time waiting to film someone; very tedious and boring PLUS you can't jump out for a pee break so...he finally had to give up the job after getting too many traffic tickets from running red lights, speeding, etc, chasing people around. The best scamm
  • by Trachman ( 3499895 ) on Monday December 08, 2014 @12:01PM (#48548111) Journal

    The next time wrist band activity will be used as an evidence that someone does not go out and I lives only a passive live, that someone can buy a cat.

    Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

    So, what is next? Surveillance cameras corroborating that the disabled owner is truly sitting home. 365/24/7 surveillance and records prior to the potential insurance accident just to prove that in the past the owner was active and outdoorsy person?

    • by Anonymous Coward

      Sure, except for the 20 minutes a day that otherwise sedentary "person" goes insane and starts playing with their blinds, and running under their tables and beds. It'll raise some other concerns, to say the least.

    • >Use that wristband as cat's collar. In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

      Sounds like you've met my cat. I just threw away a cat tree because she was too lazy to use it.
    • In fact cat and sedentary people are almost indistinguishable, from computer's point of view.

      Cats are nocturnal. They're sedentary during the16 hours a day you watch them, then stalk to house all night looking for bugs to torture. I'm pretty sure a computer can figure out the difference between diurnal and nocturnal.

      • Cats are nocturnal. They're sedentary during the16 hours a day you watch them, then stalk to house all night looking for bugs to torture.

        So am I, because I AM THE BATMAN.

    • by nman64 ( 912054 )

      Looking at your Fitbit data, we can only conclude that you're a sadistic bastard [theoatmeal.com].

    • Don't try this if your cat wanders the neighborhood, peering in windows and visiting underage children....

  • I don't like the Guilty Until Proven Innocent mentality. However, since some people are insistent on doing away with the basics of our legal system I do like the fact that my Wii FitMeter could be used to prove my general whereabouts since it records altitude information thought the day. I can easily see in my daily logs when I come home, and leave for work because there are substantial hills on the path. I'm fairly confident that between my phone and FitMeter I could prove my whereabouts with absolute cert
  • by MerlynEmrys67 ( 583469 ) on Monday December 08, 2014 @01:10PM (#48548835)
    Divorce lawyer's best friend is Facebook. The amount of really stupid stuff that gets posted on Facebook during divorce proceedings is amazing. Imagine your ex calling the judge a child abuser - and having them have to defend that in court. Well - it happens. This is just the next step in this. We gather all kinds of data about ourselves and then get surprised when it is retrieved and brought out in open court. The rule is - control your own data, and don't have anything out there that you don't want opposing council to see.

    Yes, this especially covers HIPAA covered health records, anything can be found under discovery

    • Not just divorce lawyers. Apparently significant numbers of rioters post video of them breaking into buildings and/or posing with what they just stole.

      In the hypothetical situation that I ever decide to do something more illegal than 5mph over the speed limit, I'm not posting evidence to Facebook.

  • There's one big problem with trying to use fitbit data. There's no way to prove that the device was actually attached to a person that is allegedly producing the data. Six months down the road, the witness (alleged wearer) won't remember what he had for dinner, let alone what was on his person. Add to that motives to lie (and people do that on the stand in spite of the penalties) and you have a data source that won't prove anything in most cases.

    Besides, who the hell cares whether or not I was moving at any

    • There's one big problem with trying to use fitbit data. There's no way to prove that the device was actually attached to a person that is allegedly producing the data.

      In a civil lawsuit, it's not necessary. Say you claim on your insurance because you can't walk 10 metres after an accident and "your" fitbit proves this isn't true. They don't have to _prove_ that it is yours, they have to convince the judge that it is more likely yours than not. In civil cases, there is no right to remain silent, and there is no innocent until proven guilty.

      • by bws111 ( 1216812 )

        In THIS case, however, the owner of the FitBit is the one making the claim that FitBit supports his position (ie FitBit shows he can't walk 10 meters). The insurance carrier did not go after the data, he provided it. Now why anyone would accept that data is beyond me.

      • My point is that the reliability of the evidence will be so low and susceptible to attack, that no competent trial attorney will bother with it.

    • by bws111 ( 1216812 )

      Note that this is the OWNER of the FitBit trying to use the data, NOT the insurance company.

      • And that's even worse. The owner could merely take the device off to show his "incapacity" allegedly due to an injury, while he goes right on about his business about town. Conversely, if he wanted to show he was active around town, he could hand the thing to his friend or pace around the floor. It's unreliable.
  • Apps SHOULD locally encrypt the data before sending it elsewhere. Encryption that requires you to open it, encryption that has not got backdoors.

    Then when lawyers request it, they are boned. Depending on your country, that is, and the possibility of the obligatory wrench (xkcd).

    • Then when lawyers request it, they are boned. Depending on your country, that is, and the possibility of the obligatory wrench (xkcd).

      Totally wrong in a civil lawsuit. In a civil suit, the judge asks you politely for the information, and you supply it or you don't. If you don't supply it, the judge will assume that you had good reasons. For example, if the insurance says you were running marathons while you claim you are bedridden, and they ask for your encrypted fitbit data, and you don't supply it, then it is assumed that the insurance was right and you are indeed running marathons.

    • by bws111 ( 1216812 )

      Um, this is the owner of the FitBit claiming the FitBit data proves his case, not the insurance company.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...