Biometrics at Risk: How Your Apple Watch Could Be a Spy in Disguise
Biometric data refers to the use of physical and behavioral traits to identify individuals, and it has become increasingly integrated into our everyday devices. Apple devices, such as iPhones and Apple Watches, are equipped with sensors that collect various types of biometric data to enhance user experience, security, and health monitoring.
For example…iPhones use Face ID and Touch ID, employing facial recognition and fingerprints to authenticate users securely. However, the Apple Watch goes even further, collecting an array of biometric data that offers valuable insights into a user’s physical and emotional state.
Here is a list of the key materials inside the Apple Watch that collect biometric data.
LEDs (Light-Emitting Diodes) — Made from gallium arsenide (GaAs) or gallium nitride (GaN), these emit green and infrared light to detect changes in blood flow and oxygen levels.
Photodiodes — Typically made from silicon or germanium, these light-sensitive detectors capture the reflected light and convert it into electrical signals for heart rate and oxygen measurements.
Sapphire Crystal — The transparent, durable back covering of the watch, made from sapphire crystal, allows light to pass through while protecting the sensor components.
The Apple Watch collects several types of biometric data:
Heart rate: Continuously monitors heartbeats, helping track fitness levels, detect irregular heart rhythms, and provide insight into stress levels.
Blood oxygen levels: Measures blood oxygen saturation, which is crucial for monitoring respiratory health.
ECG data: Records the electrical activity of the heart, allowing users to monitor their heart rhythms for signs of atrial fibrillation or other heart issues.
Steps and physical activity: Tracks steps, calories burned, distance traveled, and overall physical activity, providing users with feedback on their fitness levels.
Sleep patterns: Monitors sleep cycles, including the amount of deep sleep or restless periods, helping users improve sleep quality.
Gait and movement data: Tracks how users walk, move, or stand, offering insights into their physical stability or health conditions.
While these features enhance health tracking and user convenience, they also highlight significant privacy concerns. The sheer volume of personal data collected by these devices — especially health data — raises risks related to unauthorized access and misuse. For instance, sensitive health information like heart rate, ECG data, and movement patterns could potentially be accessed by malicious actors, misused by corporations for profit, or even exploited by governments for surveillance. If such information were to fall into the wrong hands, it could lead to privacy violations, discrimination in insurance or employment, and the erosion of personal autonomy.
Apple responds to legal requests and subpoenas and they do a great job (on paper) creating an environment of safety and privacy for the user. For example, Apple cannot provide Face ID or Touch ID data as it resides in the Secure Enclave. The Secure Enclave is a dedicated security processor integrated into Apple devices, specifically designed to protect sensitive data like biometric information. It is heavily encrypted and requires a “key” to retrieve its information. Each Secure Enclave also has a unique identifier that is burned into it at the time of manufacture. On top of all this, if there are any signs of tampering with the Secure Enclave, such as attempting to extract or alter its data, it is designed to wipe its contents to prevent any unauthorized access to the sensitive information. This is great! However,
In legal scenarios, Apple may be asked to provide account data or device backups, which could include certain usage patterns or metadata stored in iCloud. However, Apple cannot access the biometric or behavioral data directly stored on the device…. The question is, if you were actively being targeted would they even need to directly access this information?
Do you remember in 2014 Johns Hopkins University hosted the “Foreign Affairs Symposium Presents: The Price of Privacy: Re-Evaluating the NSA” The former head of the NSA, General Michael Hayden said “We kill people based on Metadata.” (17:59)
“The U.S. government “kill[s] people based on metadata,” but it doesn’t do that with the trove of information collected on American communications, according to former head of the National Security Agency Gen. Michael Hayden.
Hayden made the remark after saying he agreed with the idea that metadata — the information collected by the NSA about phone calls and other communications that does not include content — can tell the government “everything” about anyone it’s targeting for surveillance, often making the actual content of the communication unnecessary.”
By Lee Ferran May 12, 2014
When looking through the lens of Human Intelligence (HUMINT) — a key area of intelligence gathering — biometric data becomes even more concerning. HUMINT is an acronym for “Human Intelligence,” which refers to the collection of information from human sources. It involves gathering data through direct interaction with people, including surveillance, interrogations, and informants, rather than relying on technical means such as signals intelligence or satellite imagery.
In HUMINT operations, biometric data like gait analysis could be instrumental in profiling individuals. Gait analysis, which tracks how a person walks or moves, is often unique to an individual, much like a fingerprint. When combined with data from heart rate monitors or stress indicators, such analysis can offer deep insights into someone’s physical condition or emotional state.
Intelligence agencies could use this information to track the movements of targets, determine whether they are experiencing physical or emotional stress, and even assess whether they are evading surveillance.
The risk here is that such data, which is collected for benign purposes like fitness tracking or unlocking a phone, could be repurposed for surveillance or intelligence gathering. The more detailed and extensive the data collected, the more comprehensive a profile an agency or third party can build about an individual’s behavior, health, and emotional responses. This raises significant ethical concerns about how such data should be handled, who should have access to it, and what kinds of protections are necessary to ensure it isn’t used in ways that infringe on privacy.
As the collection and use of biometric data expand, the line between beneficial technological advances and potential abuse becomes thinner. While biometric data collected by devices like Apple Watches can lead to improved health outcomes and more personalized user experiences, it also poses a significant risk if proper safeguards are not in place to protect this sensitive information.
Think twice before you wear an Apple watch!
Stay Vigilant.
