With big data comes great responsibility
The location of military bases, the people based within them and their routines have been exposed, potentially putting lives at risk.
The information hasn’t come from advanced military intelligence or a hacking group, but a fitness tracking social app called Strava, and it highlights the need for stringent security measures as we move into the era of big data and the Internet of Things.
Strava regularly updates a data visualisation heatmap which displays the fitness activity/routes of the service’s users.
Bringing in data collected by swimmers, cyclists and runners using the Strava app or a compatible tracker such as Fitbit, the more popular a route the brighter it’s displayed on the map.
Users have generated around 3 trillion points of data, which helps generate the heatmap, which is great for fitness enthusiasts, who can use the map to discover new or popular routes used by likeminded people.
The GPS data collected between 2015 and September 2017 was used to create the most recent map which was released back in November 2017.
Things took a sinister turn when Nathan Ruser, a 20-year-old Australian university student, spotted that the heatmap was highlighting the location and activity of military bases around the world.
"I just looked at it and thought, 'oh hell, this should not be here - this is not good,'" he told the BBC.
Strava is more widely used in the West so military activity isn’t as apparent. However, in parts of the world where the app isn’t used, activity say from US soldiers in a foreign base is lit up for all to see.
BBC reports that foreign military bases in Syria, Yemen, Niger, Afghanistan and Djibouti all show up on the heatmap because of Strava activity by its personnel.
Why is it a problem?
Highlighting the location of foreign military bases is one thing, but additional security concerns come from the ability to build up a pattern of a person’s behaviour, as Dr Beyza Unal, a research fellow at Chatham House’s international security department, explained to Wired.
"If you can have access to the personnel training and exercises then you also have information about where this person is and when does he or she do certain activities," said Unal.
Dr Unal added: "That could lead to getting patterns about the personnel training, that pattern is important for operational military sake. If you are an enemy or adversary you may want to use certain information that you did not have beforehand."
To make the situation more worrying, The Guardian reports that users of Strava’s website can access the tracked activity of individuals, including their names and dates of runs, meaning you can see who’s still stationed at the base.
How did it happen?
There’s certainly an element of blame on the users of Strava in these military bases, who’s ignorance of the app’s functionality and the implications to their lives, is cause for concern.
However, Strava itself must take responsibility for inadequately educating its users on the potential implications of the data they are sharing. The service uses an opt-out system when it comes to sharing the data collected by the tracker.
Strava’s engineering and user experience teams are now working to simplify the service’s privacy and safety features to ensure users know how to control their data.
The tip of the iceberg
Not only has the data discovery cast security concerns over health and fitness trackers, but also over all connected devices.
As discussed in our blog, A more accessible world, Intel forecasts that there will be 200 billion connected objects by 2020, equating to a staggering 26 for every person on Earth.
With so many devices connected to the things you do, it will be possible to build an accurate pattern of your existence, including where you are, what you do, who you are doing things with… the list goes on. The concern is – as could have already happened with Strava – what danger all this data has if it ends up in the wrong hands.
The Internet of Things promises so much, but we must be aware that with big data comes great responsibility.