The upsides of GPS tracking are obvious to anyone who remembers the days of flipping one-handed through a Rand McNally Atlas while driving. Over time, the many eyes in the sky have helped refine our sense of place on this planet, allowing us to plot our moves in detail. And with the rise of tiny GPS-enabled wearables, we’ve entered an age when getting lost is much harder than finding our way.
But as many are finding out, location data cuts both ways. Depending on how the technology is used, the flipside to never being lost may mean a profound loss of privacy and personal safety. It turns out there are upsides to being able to “get away from it all.”
National Security & Strava’s “Global Heat Map”
As the U.S. military is finding out, fitness tracking devices may be revealing sensitive information about military bases and troop movement around the world. The recent controversy, as reported in the Washington Post, describes how soldiers wearing fitness trackers are inadvertently revealing the patterns of secure installations in countries such as Afghanistan, Syria, and Somalia.
While the data does not exclusively reveal military movement, it can be combined with other information to isolate military targets and coordinate ambushes or reveal patrol routes.
The underlying issue is partially one of default privacy settings. Strava, the company behind the tracking technology, suggests that individuals are responsible for sharing the data by virtue of public sharing options, and should “opt-out” if they don’t want anonymized location information included in heat maps.
That stance may not satisfy Congress – a group of Congressional Democrats recently sent a letter to Strava asking for explanations about the heat map, the privacy protections Stava offers its users, the security measures it takes to protect data, and whether it has updated its policies since the military locations were discovered and reported on.
Privacy & Security Problems Across Devices
A major concern with location trackers is how they may aggregate information over time, creating detailed “maps” of an individual’s behavior. Additionally, some devices have vulnerabilities which may be exploited to falsify information, such as recorded health data.
A 2016 report from Canadian research firm Open Effect suggests that flaws such as static MAC addresses on fitness trackers could open up consumers to invasions of privacy from shopping centers, law enforcement, and data brokers. (Interestingly, the Apple Watch is not as vulnerable to these exploits due to the way it cycles MAC addresses frequently.)
There’s also an ongoing debate about how companies are leveraging fitness trackers to incentivize workers to improve their physical fitness. Healthcare discounts based on embracing and using the devices may seem compulsory to some and unfair to others. There are also questions as to how private individual employee data will remain, though employers presently only “see employee behavior in the aggregate.”
European Governmental Concerns
In 2016, a report compiled by the Norwegian Consumer Council found sufficient privacy issues to “file joint complaint against all four companies with the national Data Protection Authority and the Consumer Ombudsman for breaching the European Data Protection Directive and the Unfair Contract Terms Directive” against several fitness trackers. The council noted the following failings:
• None of the companies give users proper notice about changes in their terms
• All of the wristbands collect more data than what is necessary to provide the service
• None of the companies fully explain who they may share user data with
• None of the companies state how long they will retain user data
Though the council noted these issues in 2016, they are hardly new. A Symantec report from 2014 highlighted a number of privacy and security risks around “fitness tracking and the quantified self.”
With GDPR looming, the risks associated with location data will certainly continue to be discussed.
How to Use Location Data to Protect Your Privacy & Personal Security
With the high-profile stories circling Strava’s role in data sharing, the company has made strides towards educating their customers and reinforcing how to make use of the platform’s privacy settings. This includes adding Privacy Zones, controlling Flyby Options (letting you playback your activity), enabling Enhanced Group Activity Privacy, hiding data from “Leaderboards,” and several other sensible choices you may not be aware of if you use the device.
The company also offers a way to use your location data for personal safety. Strava’s “Beacon” option can be configured to let a select group of recipients know where you are. According to the Engadget piece, “Beacon allows users to send their real-time, on-map location to a handful of friends via text message, even if those friends don’t have Strava or a premium membership.” For many proponents of this feature, it provides peace-of-mind when loved ones are commuting home or enjoy exercising in the wee hours.
Location data is an excellent example of how the information our devices gather can be used to protect us or compromise us. As we use fitness trackers and other location-savvy technology to help guide us, it’s important that we leverage the most powerful feature available: mindfulness.