In October, Kohler launched Dekoda, a toilet-mounted camera that uses artificial intelligence to examine feces. Some say good gut health is priceless. Dekoda’s device costs $599. Plus subscription fees of $70 to $156 per year.
But after one The blog post published this week raised questions. about Kohler’s data practices for its new toilet facilityThe company has been forced to explain to customers what “encrypted” data means. What policies it follows to train its algorithms with their… Er… Wasted information. And it is not as easy as it seems at first.
On your websiteAccording to Kohler. Dekoda “analyzes gut health. Hydration. Detects the presence of blood in the toilet bowl. Providing data to support healthy habits.”
On the same website. Kohler highlights the device’s privacy features. It says the camera only points at the bathroom, offers optional fingerprint authentication via the Dekoda remote, and “our technology is designed to keep your personal information private. It’s end-to-end encrypted.”
But is “end-to-end” encryption. As Kohler calls it. What your customers can expect?
The blog post published by security researcher Simon Fondrie-Teitler raised questions about what this encryption entails. Noting that Kohler would likely have access to data. Images collected by Dekoda.
“The company’s response clearly indicates that Kohler. Contrary to the common interpretation of the term. Has access to the data collected by the device. Its associated application. ” he wrote.
Kohler addresses privacy concerns
“The term end-to-end encryption is often used in connection with products that allow one user (sender) to communicate with another user (receiver). Such as a messaging application. Kohler Health is not a messaging application,” the statement said. “In this case. The term in reference to the encryption of data between our users (sender) is use by we. Kohler Health (recipient).”
The company continues: “We encrypt data end-to-end in transit as it passes between the user’s devices. Our systems. Where it is decrypted. Processed to provide. Improve our service. We also encrypt sensitive user data at rest when it is stored on the user’s mobile phone. In the bathroom connection. In our systems.”
In other words.
Data collected by Dekoda is encrypted during transmission. Can be decrypted by the company itself.
Regarding how the company uses data to train the AI system. Kohler said in the same statement: “If a user provides consent (which is optional). Kohler Health may anonymize the data. Use it to train the artificial intelligence that powers our product. This consent checkbox appears in the Kohler Health app. Is optional. Is not pre-verified.”
According to Kohler’s statement. The company will remove information linking a user’s identity to the data before it is used for any AI model training.
The Meaning of “Encryption”
This can be confusing for people familiar with the kind of end-to-end encryption offered by services like Signal. Apple. The expectation here is that companies won’t have access. Even the technical ability. To decrypt the data people send through their services.
What Kohler is doing deviates from expectations. As Fondrie-Teitler notes in his article: “What Kohler calls E2EE here is simply HTTPS encryption between the application. The server. Something that has been a basic security practice for two decades. In addition to encryption at rest.”
Nico Dupont. Founder. CEO of the AI security company Cyborg.co He called the description “very misleading”.
“While Kohler clearly states that data is encrypted from the device to the servers. This process is better known as ‘encryption in transit. ‘” Dupont said. “End-to-end encryption generally implies a sense of privacy, characterized by the servers not being able to access the data, which is not the case here. Even though it’s secure, it’s not private.”
Another security officer was even more direct.
“End-to-end encryption literally has one function and one meaning: to lock out the business.
If the provider can see it, analyze it or even use it to control AI functions, then it is not ‘end-to-end’ at all,” said Zbyněk Sopuch, CTO of the data security company. Sure
What Kohler is doing with the data is not unusual in the Internet equipment industry, Sopuch says.
But referring to it, as Kohler did, is problematic and may imply more privacy than actually exists, he said. “Encryption certainly helps prevent data interception, but does not prevent access by internal or external parties,” he said. “Data control is actually a separate issue.”
Kohler did not immediately respond to questions about Fondrie-Teitler’s announcement, sharing only the company’s statement.
.
