News

U.S. Department of Defense reviewing policies after security concerns arise over fitness tracking feature

The growth of wearable technology, as well as the ubiquity of cell phones, has become a prime example of the tradeoff between security and convenience. The most recent vulnerability came to light on January 27, when an Australian security student was looking at the public heat map of the location of Fitbit and other fitness app users, published by GPS tracking company Strava. The map shows anonymized data, amassed from 2015 to September 2017, of the location and routes of people who track their workouts, an increasingly common and popular feature.

GPS tracker on smartphone
GPS tracker on smartphone – Pixabay/TeroVesalainen

However, the growth of these apps, as well as a Pentagon fitness initiative in 2013 which distributed Fitbits, means many American soldiers around the world use them to track their fitness – and daily steps. This means the map released by Strava may have revealed the locations of secret military installations and the habitual movements of those stationed there. Some of the locations called into question included a suspected intelligence base, as well as patrol routes around known bases, CNN reports.

The map in question was released by Strava in November and, according to the company, visualizes trillions of GPS data points across billions of miles.

In a statement to CNN Strava said it is, “committed to working with military and government officials to address sensitive areas that might appear.” It added, “Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones. We are committed to helping people better understand our settings to give them control over what they share.”

The Department of Defense has said that basic security training is mandatory, and they will be revisiting guidelines on wearable technology.

“We take these matters seriously and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad,” Pentagon spokesman Col. Rob Manning said in a statement.

This privacy concern is not just an issue for militaries, however. Most fitness trackers record location data, which could be accessible without the user’s knowledge, and a plethora of other apps request user location data on a smartphone. Anonymous data is often sent to the phone provider, and many be stored on the device. In some cases this information can be sold to companies (say, if they want to know where or how people walk through a mall), but also has serious privacy implications when it comes to law enforcement. In one case, in 2014 data from the gay dating app Grindr was reportedly used to enforce anti-gay laws in Egypt.

However, similar technology is also used to ensure security, such as the apps that allow friends to track your location or send out an emergency notification if you veer off a set path while walking home. Such apps are used as an extra security measure when walking alone at night.

As new technologies enter the market every day, this latest incident reemphasizes the need to better educate individuals and policymakers about the costs and benefits of data collection as society increasingly must navigate a more connected world.

Sources and Further Reading:

U.S. soldiers are revealing sensitive and dangerous information by joggingThe Washington Post

US military reviewing security practices after fitness app reveals sensitive infoCNN

Why you should care about the iPhone location-tracking issueWired

Almost every fitness tracker on the market leaves their users at risk of ‘long-term tracking of their location’Business Insider

Location tracking in mobile apps is putting users at riskCSO

7 essential apps that will keep you safe at nightThe Daily Dot