As noted by Fondry-Tytler, Kohler’s privacy policy says Kohler may use customer data to create “aggregated, de-identified and/or anonymized data that we may use and share with third parties for our legitimate business purposes, including analyzing and improving the Kohler Health Platform and our other products and services, promoting our business, and training our AI and machine learning models.”
Kohler said in his statement:
If a user consents (which is optional), Kohler Health may de-identify the data and use the de-identified data to train the AI that runs our product. This consent check-box appears in the Kohler Health app, is optional, and is not pre-checked.
words matter
Kohler isn’t the first tech company to confuse people with the use of the E2EE term. In April, there was debate over whether Google was actually offering E2EE Gmail to business users, because in addition to the sender and recipient having access to decrypted messages, people deploying and managing KACL (Key Access Control List) servers inside the user’s organization could access the keys required for decryption.
In general, what matters most is whether the product provides the protection users demand. As Ars Technica senior security editor Dan Goodin writes about Gmail’s E2EE debate:
“The new feature is of potential value to organizations that must comply with tough regulations mandating end-to-end encryption. It’s certainly not a good fit for consumers or anyone who wants sole control over the messages they send. Privacy advocates, take note.”
When the product in question is an internet-connected camera that lives inside your toilet bowl, it’s important to ask whether any technology can ever make it private enough. For many people, no amount of reasonable terminology can rationalize such a device.
Still, if a company is going to offer a “health” product to people who may have health concerns and, perhaps, have limited knowledge of cybersecurity and technical privacy, the onus is on that company to communicate clearly and directly.
“To create the illusion that data privacy and security are a high priority for your company, spreading security terms that the public doesn’t understand is misleading to those who purchase your product,” Cross said.
<a href