Incoming freshmen at Oral Roberts University who are required to purchase and wear a Fitbit health tracker for a physical education class will need to track their number of steps taken each day and maintain 150 minutes of elevated heart rate every week. The evangelical university appears to be the only school with a requirement of its kind, but privacy advocates reacted with a shrug upon learning ORU will not track student's GPS information, calories burned or other sensitive information.
A range of media outlets have reported in recent days that ORU will force students to wear Fitbits through their time at the school. The truth is that Fitbit activity makes up 20 percent of a student's grade for a single physical education class, which all students are required to take during each semester at the school. The Fitbit replaces a previous program where students entered their fitness activity by hand, and students can opt out of the program in favor of a slightly lower grade.
“This university was founded with the philosophy of a whole person education — mind, body and spirit — and physical fitness has been a major part of that since the beginning,” said Provost Kathaleen Reid-Martinez, adding that students were involved in planning the Fitbit program. “When we first did the project in the fall we had some challenges with how to use the Fitbit, things like that, but I've had no complaints about privacy concerns that have reached my desk. When the student logs into the website, we ask them to authorize only two pieces of information that would be sent to us: 10,000 steps a day and 150 active minutes a week.”
If a student is unable to walk 10,000 steps a day, or keep up the 150 active minutes requirement, a faculty member will help design a new program for them. Incoming freshman who arrived at ORU last fall were required to start using Fitbits, though the program was also made open to existing students. The campus bookstore has sold over 550 additional Fitbit units, the school said.
The new policy was first publicized last month in an article by the Tulsa World newspaper, sparking a flurry of news reports cautioning that the school was encroaching on student privacy. But the Electronic Frontier Foundation and others have said that as long as location tracking is not part of the program, the only concern is that other large organizations, not just schools, will enact similar programs less responsibly.
“I doubt you could do this at a large public university because public universities are affiliated with the government, which brings up a whole other set of concerns,” said Jeremy Gillula, a staff technologist at the Electronic Frontier Foundation. “Any university that plans to collect data should consider what they want to do with it, and whether they really need it. With this data, since it's for grading, I'd say as soon as the grade is assigned, just get rid of the data. It's a little bit on the creepy side, but no one is going to steal your identity on this.”
There are also questions about how well Fitbit protects user data. A new report published Tuesday by the University of Toronto's Citizen Lab found that Fitbit was one of seven major health trackers that emits a persistent unique Bluetooth identifier, making Fitbit users vulnerable to long-term location tracking when the device is not connected to a mobile device. The company is aware of the problem and is at work on a solution, the report's authors said, but even that fix wouldn't solve the data problems that would be caused by a major data breach.
“The consequences of going to a school are on you, that's the first step of being an adult, but with that being said there's repercussions that go beyond this,” said Jay Ward, a litigation attorney specializing in data privacy law at Bilzin Sumberg. “When you're taking on so much information at all hours, it's an open invitation to trouble. Now everyone who reads the news is going to know the data at this school is rife for the picking.”