In this episode of “Stupid Things Organizations Do with Connected Devices,” we take a look at the U.S. Defense Department, which gave 2,500 Fitbit personal trackers to military personnel in 2013 to fight obesity.
Fast-forward to 2018, and The Global Heat Map published by Strava Labs. According to the Washington Post report, the project “uses satellite information to map the locations and movements of subscribers to the company’s fitness service over a two-year period, by illuminating areas of activity.” The good news: study provides data on activity between 2015 and 2017.
With more than 27 million users in their sights, Strava was able to document the whereabouts of users globally. The map uses a data visualization that “lights up” locations where devices were in use. Wearables tracked include FitBit and Jawbone.
The more obvious results were visible in Europe and the United States. Both were brightly illuminated indicating that the use of connected fitness devices was widespread.
The regrettably unanticipated upshot was that places where there shouldn’t have been any wearables showed “pinpricks of activity.” This activity was in areas that were otherwise dark—in some cases where the U.S. had a known military presence and in others where a presence was suspected but secret, what the Post called “potentially sensitive sites.” Many of these pings outlined the parameter of bases, indicating that military personnel were running for exercise and tracking their activities on wearable activity trackers.
The story illustrates that the unforeseen (but totally foreseeable) consequences of the decentralized distribution of technology at the organizational level, the importance of security-minded approached to tech—and that we still have a long way to go before the data insecurity caused by innovation is properly understood and contained.
Adam Levin is chairman and founder of CyberScout. This article originally appeared on his blog, AdamLevin.com, a Top 100 infosec blog.