Oura says it gets government demands for user data
Oura says it gets government demands for user data
Oura 承认收到政府索取用户数据的要求
Last year, health wearable maker Oura became embroiled in a social media shitstorm after inking a deal with the Department of Defense and Palantir. Some customers feared their data would end up in the clutches of the Trump administration. The scandal blew up so much that my partner, an Oura ring user, drew my attention to it.
去年,健康可穿戴设备制造商 Oura 在与美国国防部和 Palantir 达成协议后,陷入了一场社交媒体风波。一些用户担心他们的数据会落入特朗普政府手中。这场丑闻闹得沸沸扬扬,以至于我那使用 Oura 戒指的伴侣也注意到了此事。
Oura rings are health-monitoring hardware wearables worn on a finger. These battery powered rings keep track of a person’s health data, like heart rate, sleep patterns, menstrual cycles, and dozens of other data points, including their location. Oura keeps a lot of sensitive information about its users on its servers.
Oura 戒指是一种佩戴在手指上的健康监测硬件。这些电池供电的戒指可以追踪个人的健康数据,如心率、睡眠模式、月经周期以及包括位置在内的数十个其他数据点。Oura 在其服务器上存储了大量关于用户的敏感信息。
As a security and privacy nerd reporter, and the partner of someone who uses hers, I wondered: Where does all that data go, and how does it get there? You might assume it doesn’t matter. But the way that companies set up their products and servers makes all the difference between whether governments (or hackers) can also access that user data.
作为一名专注于安全和隐私的记者,同时也是一名 Oura 用户的伴侣,我感到好奇:所有这些数据去了哪里?又是如何到达那里的?你可能认为这无关紧要。但公司设置产品和服务器的方式,决定了政府(或黑客)是否能够访问这些用户数据,这其中有着天壤之别。
This was a good opportunity to dig into how Oura rings work, how they send data and how the data is stored, and who has access to it. I wrote a detailed longread explaining why Oura’s security design choices allow governments to tap records from Oura’s vast banks of user information.
这是一个深入研究 Oura 戒指工作原理、数据传输与存储方式以及谁拥有访问权限的好机会。我写了一篇详尽的长文,解释了为什么 Oura 的安全设计选择使得政府能够从其庞大的用户数据库中获取记录。
Oura is not unique in this, and many (if not most) companies design their systems to allow their staff to access user data, perhaps for troubleshooting customer issues or because it was the easiest and cheapest setup for a once cash-strapped startup. But Oura is now one of the largest health tech wearable makers today, valued at over $11 billion ahead of going public. The company has a responsibility more than ever to ensure that its users’ data cannot be accessed. And, Oura can no longer argue that it does not have the financial resources to do it.
Oura 在这方面并非个例,许多(如果不是大多数)公司在设计系统时都会允许员工访问用户数据,这可能是为了排查客户问题,或者是对于曾经资金紧张的初创公司来说,这是最简单、成本最低的方案。但 Oura 如今已是最大的健康科技可穿戴设备制造商之一,在上市前估值已超过 110 亿美元。该公司比以往任何时候都更有责任确保用户数据无法被随意访问。而且,Oura 再也不能以缺乏财务资源为由推卸责任了。
In my previous blog, I revealed that Oura data is not end-to-end encrypted. That means that an Oura user’s health data can be unscrambled at certain points as it travels from a person’s ring, through their phone app, over the internet, and as it lands on Oura’s servers. The company confirmed that it stores user data in a way that allows some staff to access it. This also means others can as well, such as a prosecutor with a warrant, a hacker with stolen keys, or a disgruntled insider who wants to leave behind a fustercluck of a mess.
在之前的博客中,我披露了 Oura 的数据并未实现端到端加密。这意味着 Oura 用户的健康数据在从戒指传输到手机应用、通过互联网,最终到达 Oura 服务器的过程中,在某些节点是可以被解密的。该公司证实,其存储用户数据的方式允许部分员工访问。这也意味着其他人同样可以访问,例如持有搜查令的检察官、窃取了密钥的黑客,或者想要制造混乱的不满内部员工。
Out of the three, we know at least one of those things has happened.
在这三种情况中,我们已知至少有一种已经发生。
When I reached out for comment before publishing my last article, an Oura spokesperson told me that the company does “receive infrequent requests from the government.” Oura said it looks at each request “for legality, scope, and necessity,” and that it pushes back “where requests are invalid, overbroad, or inconsistent with our commitment to protect our members’ privacy.”
在发布上一篇文章前,我联系了 Oura 请求置评,其发言人告诉我,公司确实“偶尔会收到政府的请求”。Oura 表示,他们会审查每一项请求的“合法性、范围和必要性”,并会在“请求无效、范围过大或与我们保护会员隐私的承诺不符时”予以回绝。
Oura would not say how many requests it receives, how often it turns over user data, or what kinds of data are requested. Oura has sold over 5.5 million rings to date as of around the time of my last article, giving some scale to the size of the company’s customer base.
Oura 不愿透露其收到的请求数量、移交用户数据的频率,或被要求提供何种类型的数据。截至我上一篇文章发表前后,Oura 已售出超过 550 万枚戒指,这反映了该公司客户群的规模。
I asked Oura back then if it would disclose how often it received these requests, such as by publishing a transparency report. A wave of tech companies began releasing in aggregate how many government demands they received on a semi-annual basis. This was largely to counter the claims that they were secretly handing over reams of user data to the government upon request, stemming from the NSA surveillance scandal in 2013.
当时我曾询问 Oura 是否愿意披露收到此类请求的频率,例如发布透明度报告。自 2013 年美国国家安全局(NSA)监控丑闻爆发后,一批科技公司开始每半年汇总发布一次收到政府索取数据请求的数量,这主要是为了反驳外界关于它们秘密向政府移交大量用户数据的指控。
There was some hope in Oura’s initial response. A spokesperson told me at the time that while Oura does not publish a transparency report, the company said it was “actively evaluating how to share aggregate data in a way that maintains security and does not introduce risk to our members.”
Oura 最初的回应曾带来一丝希望。当时一位发言人告诉我,虽然 Oura 尚未发布透明度报告,但公司正在“积极评估如何以既能保持安全又不给会员带来风险的方式分享汇总数据”。
It’s been eight months, dear reader. I recently reached out to Oura again to see if it would release a transparency report, and after several follow-up emails, the once-responsive Oura has not yet replied to any of my inquiries, or committed to releasing the numbers. I’m hopeful that Oura will reconsider and publish how many demands it receives as other tech companies have. Without seeing the numbers, it is impossible to know how often, if ever, Oura rejects government demands for data. As the frontrunner in the health wearables market, Oura should share how often the government demands access to users’ information if it wants to earn or keep the trust of its customers.
亲爱的读者,八个月过去了。我最近再次联系 Oura,询问其是否会发布透明度报告。在发送了几封后续邮件后,曾经回复及时的 Oura 至今未回复我的任何询问,也未承诺发布相关数据。我希望 Oura 能重新考虑,像其他科技公司一样公布其收到的请求数量。如果不看这些数据,就无法得知 Oura 多久(甚至是否)会拒绝政府的数据索取要求。作为健康可穿戴设备市场的领跑者,如果 Oura 想赢得或保持客户的信任,就应该分享政府要求访问用户信息的频率。