Barack Obama Fitbit Surge
US president Barack Obama checks his new Fitbit Surge while talking to Ireland\'s Taoiseach Enda Kenny during White House St Patrick\'s Day celebrations Reuters

It seems as if the wait for the Apple Watch has been just too long for the president of the United States.

In February, Barack Obama said: "I don't have a Fitbit yet, but I work out hard. Word is these Apple Watches might be a good companion for my workouts. So I'm gonna see, I'm gonna test it out."

Despite the Apple Watch being officially unveiled on 9 March, Obama was seen on 17 March wearing a Fitbit Surge, a fitness tracker that can monitor your activity, heart rate, location, sleep patterns and even serve-up notifications from your phone like the Apple Watch.

Fitibit Surge Colours
The three colours available in the Fitbit Surge range Fitbit

The Fitbit Surge, which is not yet available in the UK, costs £199 ($300) and Obama plumped for the model with the black strap rather than the more flashy orange or blue straps.

A privacy nightmare

Obama may have said he wants to use his fitness tracker to monitor when "I work out hard" but at least one of his colleagues in government will be alarmed the "leader of the free world" chose the exact product he slammed as being "a privacy nightmare" that could be "tracking your movements".

In August 2014, Democratic senator Chuck Schumer issued a statement that called on regulators to specifically create new laws to prevent the catastrophic loss of personal, sensitive data.

Schumer's press release mentions Fitbit specifically and the Senator used an all-caps approach to hammer home his concerns:


The statement goes on to say: "Personal fitness bracelets and the data they collect on your health, sleep, and location, should be just that — personal. The fact that private health data — rich enough to identify the user's gait — is being gathered by applications like Fitbit and can then be sold to third-parties without the user's consent is a true privacy nightmare."

So with Obama deciding to wear one of these fitness trackers, Schumer's "nightmare" scenario could get even worse than he first imagined.

So is Fitbit gathering all this highly sensitive data on the US president and, if so, how secure is the data and is it selling it on to third parties?

Data collection

The answer to the first question is simple. Yes, Fitbit monitors, uploads and stores huge amounts of deeply personal and sensitive information about your daily activities including steps taken, heart-rate, calories burned, sleep activity and even your location.

Customers are also asked to install a Fitbit app on their smartphone into which they are required to enter their weight, gender and age - which are used to "determine your personalised fitness stats, for example, calories burned and distance travelled".

Barack Obama Fitbit Surge
President Obama was seen wearing the Fitibit Surge again on 19 March Reuters

Additionally, to create a Fitbit account, you need to give the company your email address and date of birth - alternatively, customers such as Obama could log in by using their Google+ or Facebook accounts. Doing this would give Fitbit access to profile pictures and the president's friends lists.

Back in 2011, Fitbit was widely criticised for making manually entered information public by default, leading to headlines such as this: Dear Fitbit Users, Kudos On the 30 Minutes of "Vigorous Sexual Activity" Last Night. The company has since amended the policy.

Fitbit will also access your phone's contact list but says it "does not store your phone's contact list, and it is deleted immediately after it is used for this purpose".

Location tracking

Location is clearly one of the most sensitive piece of information that Fitbit collects and the Surge tracker has in-built GPS meaning it is always logging your data.

In its Privacy Policy, Fitbit reveals how it collects this information: "When active, Fitbit collects data like GPS signals, device sensors, Wi-Fi access points, and cell tower IDs to determine your specific location. We store this information along with your other account information in order to provide you with location features. If you are using a mapping feature, we will send your location information to our mapping service provider so they can display your location on a map."

But that third-party mapping provider is "contractually prevented from sharing or using this data for any other purpose" and the location tracking feature can deactivated at any time.

With Obama revealing his smartphone use is limited to sending text messages on his BlackBerry, it is probably safe to assume his IT team may have deactivated this feature.

How safe is the data?

So the second question. Is this huge amount of personal data safe? Fitbit has not had any known data breaches to date and says it "uses a combination of technical and administrative security controls to maintain the security of your data." However, as Obama's own spying agency - the NSA - has shown, security measures that may seem good enough, may in fact not be.

Finally, is Fitbit selling Obama's data to third parties? The answer to this is both yes and no. Yes, it does sell data it collects on all its customers to third-parties, but clearly states that it doesn't "sell any data that could identify you".

Senator Schumer certainly seems convinced by these claims. Two weeks after issuing his warning he backed down completely, having been convinced by the company that they are doing everything right:

"Fitbit customers can breathe a sigh of relief and should be aware that this company cares very much about their privacy and their security. We are urging all other fitness tracking companies to follow Fitbit's lead and adopt similar privacy policies" Schumer said.

The company's privacy policy says: "We only share data about you when it is necessary to provide our services, when the data is de-identified and aggregated, or when you direct us to share it."

In certain circumstances

However, it goes on to say it does share such personally identifiable information in some circumstances, including companies it works with to provide "services like order fulfilment, email management and credit card processing" but stresses these companies are contractually obliged to keep the data safe.

It will also release customer data to law enforcement agencies if it believes "that doing so is reasonably necessary to comply with a law, regulation, or valid legal process".

Finally, it will share your PII if it is part of a "sale, merger, bankruptcy, sale of assets or reorganisation of our company". So if like Obama you are a Fitbit customer, you should hope the company does not go bust or get sold to a less scrupulous buyer.