Doctor standing in front of futuristic medical screen showing the privacy and security implications for the Internet of Bodies
Internet of Bodies: The Privacy and Security Implications

Internet of Bodies: The Privacy and Security Implications

As the rapid pace of technological change continues at a nearly exponential rate, it is having an enormous impact on the way society thinks about data privacy. Over the past few years, technological advances in healthcare and medicine have combined with advances in AI to create a brave new world that some have called the “Internet of Bodies.” Instead of simply hooking up digital devices and connected objects to the Internet, as with the Internet of Things, we are now hooking up human bodies to the Internet.

What is the Internet of Bodies?

With the Internet of Bodies, connected devices from tech companies are now being implanted, ingested and affixed to the human body in ways never before imagined. And these connected devices are simultaneously generating tremendous amounts of data about our behaviors, our physiology, and even our DNA.  Examples of Internet of Bodies innovations include smart contact lenses that are able to monitor glucose levels, artificial lenses used to correct vision, Bluetooth-equipped electronic pills, digital tattoos, and even Fitbit devices that monitor and analyze very intimate profiles of your health and physiological functions.

Of course, as currently being used, these connected devices are all part of a broader effort to improve human health and not part of a strategy to intrude on personal privacy. The reason why you wear a Fitbit is not because you want someone tracking your every move; rather, it is because you are trying to improve your overall health and wellness. The same is true of other Internet of Bodies initiatives, such as Google’s Project Baseline, which has the purely altruistic goal of “mapping human health,” or India’s creation of a countrywide biometrics database.

Legal, privacy and ethical issues around the Internet of Bodies

What is particularly worrisome to privacy experts, though, is the introduction of artificial intelligence (AI) into the equation. With AI, it is possible to process massive amounts of data instantaneously, and to use powerful machine learning algorithms to arrive at conclusions. AI could be used to create a dystopian Orwellian state, in which all behaviors are tracked, all genetic anomalies are edited or removed entirely, and all citizens are under constant 24-hour surveillance. Imagine being turned down for healthcare coverage because an AI system detected certain warning signs in all of your biometric or physiological data, or being required by the state to undergo behavioral modification training for committing a “health crime.”

This futuristic Internet of Bodies scenario might sound entirely too dystopian, but top scientific, medical and ethics experts are already warning of such a future. In its Spring 2018 issue, for example, the Wilson Quarterly warned of a hypothetical Orwellian surveillance state in effect by the year 2075. By that time, vast, super-powerful AI systems will be in control, and AI will have merged with fields such as genomics, epidemiology, and neuroscience. This all-powerful “Cloudmind” will have the ability to know what you are thinking, what you are doing, and how you are likely to react to any event or situation because it knows everything about your biology.

Moreover, a number of leading scientific researchers and thought leaders have also weighed in on the potential perils created by the Internet of Bodies. Famed statesman Henry Kissinger has written an op-ed piece warning how AI-powered machines could eventually obliterate all ethical and philosophical norms. Other pundits have warned of the potential creation of an all-powerful surveillance state that not only has your fingerprints, it also has your DNA.

Just as disturbingly, the potential exists for bio-hackers and criminal elements to launch the equivalent of cyber attacks against human bodies. One classic example that has been debated extensively is the possibility for “remote assassinations,” in which Internet-connected pacemakers or other internal devices could be used to kill political figures. And, just as data thieves routinely use stolen personal information and data to set up false identities, they might soon be using your personal genomic data in nefarious ways.

Setting up a data privacy framework for the Internet of Bodies

Given the potential for abuse of personal bio data, it is not surprising that many top leaders and thinkers are now supporting the creation of new legislation or new regulatory guidelines that can create a new data privacy framework for the Internet of Bodies. In April 2018, for example, European nations led by the UK, France and Estonia began working on a “European approach to AI” that would clearly delineate privacy rights and require companies and governments to put special safeguards into place.

One piece of regulation that has received much critical acclaim is the European General Data Protection Regulation (GDPR), which went into effect in May 2018. This is the most sweeping and comprehensive data privacy protection ever, and was specifically created to protect EU residents from the perils of data breaches, cyber attacks and data intrusion attacks. Since the European GDPR applies primarily to the digital technology space, a similar regulation would presumably be needed for the Internet of Bodies in order to address specific issues around health and genetics.

The problem, of course, is that the pace of technological change is much more rapid than the pace of regulatory change. In such a scenario, regulators are always playing catch-up, trying to close down all the loopholes and removing negative incentives from the marketplace. In essence, however hard they try – they are always one step behind.

For that reason, any data privacy framework for the Internet of Bodies would need to include positive marketplace incentives for companies to build security into their new products and services from the beginning. In other words, it is probably too late to stop companies like Google from combining AI and healthcare technology into new Internet of Bodies innovations. But it is not too late to require them to build in the necessary safeguards from the very beginning, and better yet, to have an ethical and philosophical framework in place to keep machines from acting, well, inhuman.

What’s next for the Internet of Bodies?

It has now been nearly five years since the first articles started to appear in mainstream tech journals, warning of the perils of “biohackers” and suggesting that people should seriously start thinking about encrypting their DNA the same way that they encrypt other digital personal data. Even then, futurists already started to glimpse a future in which all bodies are hooked up to the Internet in one way or another.

It’s now time to take steps to ensure that our bodies cannot be hacked, breached or exploited by bad actors on the world stage. New legislation or regulation for the Internet of Bodies should clearly delineate who has access to our data, how they can use it, and how it should be protected.