Image: Kohler Health
A privacy brouhaha has erupted over Kohler Health’s new toilet camera, the Dekota, that scans your poop looking for clues about your gut health.
Specifically, a security researcher is disputing Kohler Health’s claims that data collected by the Dekota, including scans of your fecal matter, are end-to-end encrypted. Kohler Health, meanwhile, is doubling-down, countering that the connection is end-to-end encrypted.
In a blog post, researcher Simon Fondrie-Teitler (as reported by TechCrunch) defines end-to-end encryption as “a method of securing data that ensures only the sender and their chosen recipient are able to view it. Correctly implemented, it prevents other parties, including the developer of the application, from accessing the protected data.”
But as Fondrie-Teitler learned in his research, Kohler Health does have access to data gathered by the Dakota, a $599 device that clips to the side of your toilet and aims an optical sensor at the bottom of your toilet bowl, where it examines your bowel movements and delivers reports about its findings in the Kohler Health app.
Thus, Fondrie-Teitler argues, while the Dakota’s data tunnel may indeed be encrypted, it is not end-to-end encrypted, as are the secure connections between two parties in a WhatsApp call or the “client-side” encryption employed by Apple’s iCloud storage service, which prevents Apple itself from seeing a user’s data.
“What Kohler is referring to as E2EE here is simply HTTPS encryption between the app and the server, something that has been basic security practice for two decades now, plus encryption at rest,” Fondrie-Teitler concluded, while adding that Kohler Health’s privacy policy says it may use data from the Dekota to train AI models.
As Fondrie-Teitler noted, many tech reporters (myself included) parroted Kohler Health’s end-to-end encryption claims about the Dekota toilet camera, so naturally I reached out to the company for more details.
Here is the statement I received:
“The term end-to-end encryption is often used in the context of products that enable a user (sender) to communicate with another user (recipient), such as a messaging application. Kohler Health is not a messaging application. In this case, we used the term with respect to the encryption of data between our users (sender) and Kohler Health (recipient).
We encrypt data end-to-end in transit, as it travels between users’ devices and our systems, where it is decrypted and processed to provide and improve our service. We also encrypt sensitive user data at rest, when it’s stored on a user’s mobile phone, toilet attachment, and on our systems.
If a user consents (which is optional), Kohler Health may de-identify the data and use the de-identified data to train the AI that drives our product. This consent check-box is displayed in the Kohler Health app, is optional, and is not pre-checked.
Privacy and security are foundational to Kohler Health because we know health data is deeply personal. We welcome user feedback and want to ensure they understand that every element of the product is designed with privacy and security in mind.”
So, according to Kohler’s logic, Kohler Health counts as a trusted party at the other end of its toilet cam’s encrypted tunnel because Kohler Health is not a messaging service—and thus, it counts as end-to-end encryption.
But there’s also an argument to be made that while Kohler Health isn’t a messaging service, it’s still a company acting as the guardian of our private data, and the term “end-to-end encryption” imples that Kohler will treat that data the same way that Apple does with iCloud—meaning, Apple can’t access it at all.
In this case, however, Kohler does (according to Fondrie-Teitler’s research) have access to its user’s data, including the option to deanonymize the data of willing users for use in AI training. I put this point to Kohler’s spokesperson in a follow-up query, and am awaiting a reply.
In an interview with 404 Media, Fondrie-Teitler argues that Kohler Health’s claims undermine the very meaning of end-to-end encryption—which, according to Cloudflare’s definition, is “a type of messaging that keeps messages private from everyone, including the messaging service.”
“I’d like the term ‘end-to-end encryption’ to not get watered down to just meaning ‘uses https’,” Fondrie-Teitler said in 404 Media’s story. “I think everyone has a right to privacy, and in order for that to be realized people need to have an understanding of what’s happening with their data.”
Author: Ben Patterson, Senior Writer, TechHive
Ben has been writing about technology and consumer electronics for more than 20 years. A PCWorld contributor since 2014, Ben joined TechHive in 2019, where he has covered everything from smart speakers and soundbars to smart lights and security cameras. Ben’s articles have also appeared in PC Magazine, TIME, Wired, CNET, Men’s Fitness, Mobile Magazine, and more. Ben holds a master’s degree in English literature.
