The President’s Peloton: The IoT and Cyber-Security Risk

Presidents all have their ways of keeping active while in office: Bill Clinton liked to jog, George W. Bush mountain-biked, Barack Obama played basketball, and Donald Trump golfed. Sometimes a president’s hobbies might require an addition to the White House itself — Richard Nixon, who was an avid bowler, had a one lane bowling alley installed in 1969. But in true digital-age form, physical activity can now also bring cyber-security risks.

A regular part of President Joe Biden’s exercise routine is riding a Peloton stationary bike, which unlike the exercise bikes of past eras, includes a tablet with built-in cameras and microphones, allowing riders to livestream spin classes and communicate with one another. As NY Times writer Cheryl Gay Stolberg says in a recent article, “therein lies the rub. The last thing the C.I.A. wants is the Russians and the Chinese peering or listening into the White House gymnasium.”

For this blog, I want to stay focused on the tech side of things and not let politics muddy the discussion at hand: namely the rise of the Internet of Things and the privacy and security issues that come with it.

Of course, this isn’t a new topic. I’ve written about the IoT several times in the past. But it’s been somewhat of a novelty until more recently. In late 2019, Spotify gave away a free Google Home Mini to all subscribers (which at that time was close to 250 million). Fitbit, the maker of wearable fitness trackers, has grown to 29 million active users, triggering an acquisition by Google in Jan 2021 (along that same vein, there have been over 30 million Apple watches sold). The projected market for smart refrigerators is expected to exceed $7.5 billion by 2026. Yes, we’ve been aware that devices like these create data, but their continued growth and ubiquity will mean corporate legal, privacy, and risk departments might have to consider them sooner than later.

It’s not hard to imagine that company kitchen being home to a smart fridge. Or the wellness committee hosting walking or running contests where departments track their steps or miles via a smart watch. Or the company fleet vehicles being a source of potentially discoverable ESI during litigation. A company’s Bring Your Own Device (BYOD) policy, which may have been focused solely on laptops, tablets, and mobile devices, might now need to include wearables and other new sources of data.

The legal industry often takes a “we’ll deal with it when it comes up” approach to new data, which is understandable considering the rise and fall of new trends. Remember zip drives from the mid-90s, stuck in that short-lived gap between floppy disks and CD-ROMs? It makes sense to see if a data trend is going to last long enough to require policy and processes. But the overall trend of the IoT isn’t going anywhere, and forward-thinking companies should keep sharp about these new devices which might be overlooked as being a part of the enterprise data landscape.

As for Biden’s Peloton? Security experts say he’ll be able to bring it along after some modifications by the National Security Agency and the Secret Service. Then again, he can always head to the basement and bowl a few frames.

Disclaimer: The views represented herein are exclusively the views of the authors and speakers themselves, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply