Judy Woodruff: Millions of people around the world wear mobile devices or have apps on their smart-phones that track how much they exercise. John Yang explores whether that data from the Fitbits some of you are wearing right now perhaps and other apps also reveal sensitive national security information.
John Yang: Judy, a 20-year-old student in Australia took a close look at data posted late last year by Strava, a website and mobile app that tracks millions of users' athletic activity around the world. The student, who is studying international security, discovered that these so-called heat maps, from trillions of GPS points, showed not only mundane big city jogging routes. They also reveal the locations of bases where military forces and intelligence services exercise. Here's a map that he posted that he says shows where soldiers jog along the beach in Mogadishu, Somalia, near what is likely a reported CIA annex. This is a map of the Bagram Airfield in Afghanistan. And here's a map showing where Turkish forces patrol north of Manbij in Syria. For more on all of this, we turn Zack Whittaker, the security editor at ZDNet, a Web site that covers technology. Zack, thanks so much for joining us.
Zack Whittaker: Good to be here.
John Yang: Help us understand exactly what information has been apparently inadvertently disclosed here that might be of use to enemies of the United States.
Zack Whittaker: So, a lot of data, really. Your fitness tracking data from when you're walking, when you're cycling, when you're doing CrossFit sports, all this data is obtained by the fitness tracker in your phone, in your pocket, on your wrist. And it goes to an app called Strava. And it's uploaded to their systems. The whole point of the app is essentially to help you to compete with people who you work with, who you're friends with, so you can essentially run a competition with your friends to see who can cycle or run to work the fastest. And this kind of data is tracking your location from point A and point B.
John Yang: The map of Bagram, everyone knows where Bagram Airfield is, but the specific information that is being used, that is showing where people are running or walking, how could that be of use to the enemy?
Zack Whittaker: This kind of data is available on the Internet. It's available as a map. And anyone with an Internet connection can see this map and can see areas. For example, if they're an enemy of the States, they can look at their nearby location. They can see where people are walking, people are moving with a fitness tracker in their pocket. And this is — it's quite obvious when people are nearby, especially in situations where they're in the military and in military bases in the middle of a war zone. They can use this data to build a profile of people who are in the military base, in a government facility, for example, and they can use it to plan attacks, if need be.
John Yang: Today, the Pentagon urged Defense Department personnel to place strong privacy settings on wireless technologies and applications. With Fitbit and things like that, how easy is it to do that?
Zack Whittaker: It's relatively easy. But the problem that most people have been finding with this is that they didn't realize that their data was being uploaded in the first place, because the privacy settings on the app involved, on the Strava app, it's very difficult to figure out exactly how this data is being uploaded in the first place. You have got these different privacy settings that, when you enable the privacy settings, they don't seem to stop the data flow in the first place. So it's very difficult and very confusing to the average person, like me and you, to figure out how to turn this data off in the first place.
John Yang: And also this points out the differences between opting in and opting out of privacy, of sending this information.
Zack Whittaker: Yes, and the problem with this app is that it appears to be opt out, rather than opt in. So, whenever you load this app, you're uploading all your information, or your geolocation or your data points to the clouds, and it's very clear from the map how precise this information is.
John Yang: Are there security and privacy concerns for average people beyond military, beyond intelligence services, that average people should be worried about, with all this information being sent up into the cloud?
Zack Whittaker: Well, obviously, the first and foremost priority is for people who are in the military, who are in government. They're the sort of people who might be targeted by foreign intelligence agencies by even conducting espionage essentially, by trying to turn them to a foreign power. If you know when someone is leaving and entering work and going back to their home, it's easy to identify people. And it's very possible that ordinary people could face sort of reprisals from this as well. You have got people who are victims of domestic abuse and people who are concerned about stalkers and situations like that, and they can easily be — their privacy can easily be undermined by this.
John Yang: Zack Whittaker of ZDNet, thanks so much for joining us tonight.
Zack Whittaker: Thanks.