We’ve read the alarming story about how the Army’s Fitbit users can have their location and activities revealed. What’s the takeaway?
This wasn’t a devious hack. It was merely a newly discovered method of looking at big data already in place. From the Washington Post article: “U.S. soldiers are revealing sensitive and dangerous information by jogging.”
The Global Heat Map, published by the GPS tracking company Strava, uses satellite information to map the locations and movements of subscribers to the company’s fitness service over a two-year period, by illuminating areas of activity.
And so, the many layers of connected internet technology, too difficult to trace, resulted in Fitbit data being transferred from the soldier to the internet to the server to a mapping service, all without a deep understanding by decision makers of how the data is handled.
I can’t say for sure, but I’m thinking that an Executive Briefing by Apple to the Army might have convinced generals that Apple’s privacy system in place would be worth the extra cost.
Morphology and Illusion
Modern electronic devices are designed to be atavistic. That is, to remind us of technology past in order to avoid alarm. Smart watches have simulated analog faces on their digital OLED displays. IoT thermostats look like thermostats of old that only talk to the house. Family robots look so very cuddly.
Just about every modern gadget we use, from light bulbs to computers has an internet connection. And yet, we have very little visibility into what data is being transmitted out of the device. Worse, if the developers were required to spell that out in detail, we’d perhaps elect not to buy the device. So the oblique reference is intentionally vague even as we consent to the EULA.
Marketing substitutes for technical awareness nowadays because the underlying technology is too overwhelming to comprehend. Here’s a great example, via Christina Warren. “Apple opens up on how it approaches security following FBI battle.” How many iPhone customers took the time to read that?
Apple’s Way: Security at a Price
One of things we’ve yet tp get our head around as consumers is the cost of security and privacy. On a recent visit to my barber, I was told that the old Samsung smartphone was finally gone. w00t! The conversation went like this:
Me: So you finally got an iPhone?
Barber: Nope. Couldn’t afford one.
Me: I think you can get an iPhone 6s at Walmart for about $300.
Barber: Too expensive. I bought a Motorola.
Me: How much did you pay?
And there you have it. The financial squeeze on working Americans means that they consciously make the decision to sacrifice the security of Apple’s ecosystem in favor of saving money. How did that judgment develop in our culture?
Millions of Americans make this decision all the time because the money is real and countable while the practical, technical insights into how their devices work is largely absent. We have done this to ourselves in the name of corporate profits.
The U.S. Army just may have fallen into the same kind of trap. In my experience, that happens because senior decision makers are seldom deep in all the modern technologies. A Chief Scientist can warn and make recommendations, but bureaucratic power always wins.
Fortunately, this Army and Fitbit affair is so dramatic, prompt action is being taken. Again, from the Washington Post: U.S. military reviewing its rules after fitness trackers exposed sensitive data. :
On Monday, the Defense Department launched a review to determine whether new policies are needed, according to Army Col. Robert Manning III, a Pentagon spokesman. The review will be led by Essye B. Miller, the Pentagon’s acting chief information officer.
Privacy experts have long warned that tech companies often make personal information — including contact lists, social media posts and location data — available by default. That means users who do not routinely read privacy notices and tweak settings can be surprised by how much information is collected by private companies, as well as how that data ultimately is used.
Experts warn about this every day. It falls on deaf ears anyway.
Amidst all the above, there are those in law enforcement who, without a deep understanding of security technology, continue to lobby for a hidden backdoor into our iPhones. Again, competent security experts have warned us about the dangers of such an approach.
- FBI Director Renews Calls for Magical Encryption Bypass, Doesn’t Believe Experts Who Call It Impossible.
Have we learned our lesson?
Just possibly, this Fitbit experience will remind all concerned that the security of our smartphones is one of the defining issues of our times. Any dilution of the top-notch practices Apple employs would likely lead to another security disaster similar to the one the U.S. Army just experienced. LIkely much worse. It’s wakeup call number 1,342.
Cool, smart, technically deep, seasoned individuals can lead the way. If their guidance is heeded.