Security

IoT and Privacy: The Connected Toilet Strikes Again

May 18, 2020

IoT and Privacy: The Connected Toilet Strikes Again

There’s a new loo. If you’re a gadget-head, you’ve probably seen more than a few of the bizarre inventions debuted at CES over the years, including the new smart toilets. But, have you seen the connected health-tracking toilets? Yeah, it’s a real thing. They collect and analyze specimen samples of human waste for health purposes, and they’re about to be the next big thing. In fact, back in 2015, Alphabet filed a patent on non-invasive health sensors including—you guessed it—a toilet with sensors to detect indicators of cardiac disease. And in the early 2000s, Toto released one to track sugar and hormone levels.

It’s a hard pill to swallow for some. Discussing our excrement, especially in the U.S., brings along the “ewww” factor for sure. But just imagine—your trusty toilet could be the IoT gadget that saves your life. Human waste holds hidden clues to our health and connected toilets can detect disease early via cameras, temperature and pressure sensors, impedance, and chemical analysis.

What can a health-tracking toilet tell us? Starting with the mundane, some measure body weight and composition, heart rate, and blood pressure. The ability to monitor sugar and proteins means you’ll also be alerted about early diabetes and kidney disease, cholesterol, and vitamin deficiencies.

Getting a bit more personal, ladies, your connected toiled can help you monitor your monthly cycle and identify pregnancy, and don’t worry gents, we have something for everyone. Pick the right model and you can have PSA monitoring right from the comfort of your throne.

But wait—there’s more! Some units, including those being tested in China, have a fingerprint scanner embedded in the flush handle. Other units are designed to connect to data analysis systems in the cloud to leverage AI to detect and model outbreaks of diseases such as cholera.

In an era of wearable health devices and quantified-self trends, it’s no surprise the connected toilet is coming to fruition. After all, millions of people sport Fitbits and similar trackers, with 90% of those users willing to share the health data with their physician and more than 70% willing to share with their insurance carrier.

So, what’s the downside to these hyper-intelligent toilets?

The immediate pucker factor here (pun intended) is the extreme privacy risk. As with technologies like biometrics, privacy risks come along with the convenience of AI/ML and a hyper-connected world. A data set of just a birth date, zip code, and gender is enough to uniquely identify 87% of Americans. Imagine layering any piece of that with very detailed and personal health data.

In biometrics, iris scans are much more common than retinal scans even though retinal scans have much higher accuracy. Aside from being considered more invasive, the major issue with retinal scans is the associated privacy risk, as retina changes indicate diseases like AIDS, syphilis, Lyme disease, hereditary diseases like leukemia, and lastly, pregnancy.

In many ways, the clues in our “number ones and twos” are biometric markers the same as any other, and with great data comes great responsibility and great privacy risk. The current articles covering this new technology talks about securing connected toilets from hackers, but the real threat is widespread access to intimate health data of the masses.

Organizations are already looking to monetize data collected from health-tracking toilets including consumer insights, product usage, and nutrition. Government agencies and global health organizations responsible for the control of epidemics and pandemics are interested in the public health data to be gleaned from these new loos.

While there are myriad benefits to the data a connected toilet can provide, how can we be sure those powers will always be used for good? It isn’t too far-fetched to imagine a world where your health insurance rates increase because your toilet reported alcohol or tobacco use. Nor is it inconceivable that law enforcement may come knocking on your door if a controlled substance is identified.

And while very few people in the same survey seemed willing to share data with a government agency, if the recent ancestry testing has taught us nothing, it’s that when we opt in to some data, we opt out of our own privacy.


Jennifer Minella is VP of Engineering and Security with Carolina Advanced Digital, Inc. In her engineering role, Minella leads strategic research and consulting for government agencies, educational institutions, and Fortune 100 and 500 corporations. In addition to her normal business roles, Minella is a published author, editorial contributor, and trusted adviser for information security topics to media. No stranger to public speaking, she’s a highly sought-after international speaker. Jennifer’s also known for introducing mindfulness-based leadership to individuals and organizations in infosec. And aside from meditation and security, she’s a competitive powerlifter and dancer, including ballroom and swing. She also loves Figment, the imagination dragon. Mrs. Minella has served on the (ISC)2 Board of Directors since 2014 in various roles, including Chairman of the Board in 2019.