Military patterns of fitness trackers

Heatmaps published by fitness trackers such as Strava has reportedly pin pointed the location and movement patterns of soldiers embedded in military bases in remote parts of the world. This includes a suspected CIA base in Somalia.

Do fitness trackers pose a threat not only to individual privacy but also the security of a nation?

Background

In the recent years, activity trackers have gained popularity among those who want to become fit. There are multiple trackers that are either a device or an application that can monitor and track fitness-related information of the user. Many of these trackers use GPS to track the user’s movements in real time. They track metrics such as distance covered during a walk or a run and even sleep patterns. They also expect users to input personal information in order to provide accurate information regarding their fitness patterns.

Some of the most popular fitness apps are RunKeeper, Fitbit, Garmin, Polar, TomTom and more. Some of them come as separate devices, some are applications that can be downloaded onto the smart phone.

As these trackers grow in popularity, experts and analysts have expressed concern over the kind of threat they may pose to the privacy of the individual users. The Norwegian Consumer Council conducted an analysis of four wearables in the recent years (Fitbit, Garmin, Jawbone and Mio) and found critical loopholes in the terms and conditions that these manufacturers have put forth.

“The wristbands are useful tools for monitoring and motivating fitness activities. Simultaneously we are giving up personal information about our health, activities, and location under asymmetrical and obscure terms,” said Finn Myrstad, director of digital services in the Consumer Council, in a statement. “We fear that this information can be exploited for direct marketing and price-discrimination purposes, and that basic privacy principles are being neglected.”

Apart from fitness trackers, other apps that use GPS have also been criticized in the recent past. In 2017, Uber was forced to remove a feature that allowed the company to track users for five minutes after the ride ended.

Analysis

The GPS movement derived from a series of fitness trackers (such as FitBits, cellphones and other devices) has created a heatmap of the actions of soldiers who are embedded in military bases in remote corners of the world. In particular, online fitness tracker called Strava has published a heatmap that details the patterns of its users log as they run or cycle. This includes users who are soldiers that log their runs inside military bases in Afghanistan and Syria.

Nathan Ruser, a member of the Institute for United Conflict Analysts, noted, “Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable. Not just US bases. Here is a Turkish patrol N of Manbij.” He added, “If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn't be able to establish any Pattern of life info from this far away.”

The location of most of these military bases are already public knowledge. Platforms like Google have already published images of the buildings that house military bases. However, the heatmaps by apps like Strava show the movement of those embedded within these regions and could be valuable information that can be exploited.

Strava said in a statement to CNN that the company is "committed to helping people better understand" its privacy settings. It added, “Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones.” However, users have already identified sensitive locations such as a suspected CIA base in Somalia. 

Air Force Colonel John Thomas, a spokesman for US Central Command, told the Washington Post that the US military was reviewing the implications.

Assessment

Our assessment is that activity trackers and any app that uses GPS to pinpoint on a person’s location automatically make them vulnerable to a series of risks. The risks are heightened for those working in the military or working on sensitive government projects in remote locations. Not only will such heatmaps expose their location but also their daily pattern which can be exploited. We also believe that any gadget including a smart phone can be tracked and it is advisable for people to turn off any GPS coordination device and the internet when it is not necessary.