Wearable Computing: Security Challenges, BYOD, Privacy, and Legal Aspects

Introduction

This chapter, which is to a large extent based on experiences gained during the wearIT@work¹ project, addresses how organizations can approach security challenges and legal aspects while introducing wearable computing in their organizations. If no well considered approach is used, relying on for instance ad hoc principles, there is a risk that instead of rendering business value, the introduction and use of wearable computing can cause the opposite by usage and user behaviour not aligned with the organization’s set of rules and beliefs (Davis, 2002; Lindström, 2009). Looking to the future, there is a need for organizations to find ways to improve work productivity, quality and safety. To reengineer work processes in areas where process innovation has been hard without the proper (wearable) supportive tools, there is a need for new and better technology supporting improved performance and productivity (Davis, 2002; Stanford, 2002a; Pasher, Popper, Raz, & Lawo, 2010). Many lines of work do not allow workers to use a computer, e.g., a laptop or tablet, in the workplace due to the nature of their work, for instance where free or clean hands are required. For those groups, there is a large potential in using wearable computers and systems. Further, the emerging trend “bring your own device” (BYOD), mainly involving laptops, tablets, smart phones and other portable (wireless) devices, adds additional challenges for organizations to handle (Olivier, 2012; Miller, Voas & Hurlburt, 2012), while at the same time having potential to improve productivity and support business value creation.

The wearable computing paradigm has evolved around three factors: smaller, more powerful computers, greater personal mobility and increasing personalization of devices. Closely related to each other are ubiquitous computing, which is introduced by Weiser (1991), and pervasive computing, which refers to the vision where computers are integrated in the environment and the usage is completely transparent to the user. Wearable computing may thus fall under the category of pervasive computing. Lyytinen and Yoo (2002) argue that pervasive computing services require more effort regarding design and maintenance compared to ubiquitous ones, making the availability and usefulness of pervasive computing services limited. However, we think that the recent advances within context awareness-, localization-, and cloud services make this previous gap small today. Wearable computing is also introduced by the wearIT@work project² as follows:

As wearable computers and systems for different business mature, they can be used in a lot of work areas where there is at present very little or no IT-support. Wearable computers will most likely be used more and more, not only at work but also during leisure time. This is due to the fact that wearables, being very small, integrated into clothing and able to interact intelligently with the surrounding environment as well as detect other computing devices (Lyytinen & Yoo, 2002), will be brought almost everywhere. This exposure to a variety of unsecure or hostile network environments will require a higher level of information security to protect personal integrity and privacy, confidential information and communications. At the same time, the legal frameworks need to adapt to the use of wearables, as they put new requirements on the protection of personal integrity and privacy as well as information security. However, one of the problems with legal frameworks and IT is that the pace of development of IT is so fast that the adaption and development of the legal frameworks is almost always a couple of years or more behind, often forcing the frameworks to be very general.