No Easy Fix for Big Data’s Threat to National Security

There’s plenty of blame to go around for an online heatmap revealing sensitive information on U.S. bases. But both the Pentagon and Capitol Hill will struggle to contain similar threats in the future.

U.S. Marines at Task Force Southwest military field in the Shorab military camp in Afghanistan on Jan. 15.
AP Photo/Massoud Hossaini
Brendan Bordelon
Add to Briefcase
Brendan Bordelon
Feb. 4, 2018, 8 p.m.

Silicon Valley’s relentless quest to collect and collate every shred of consumer data hit a snag last week following the revelation that a global exercise heatmap, published online by fitness-technology firm Strava in November, inadvertently exposed the location and activities of U.S. service members stationed at sensitive military bases overseas.

In hindsight, the security concerns raised by the map are stunningly obvious. By displaying well-worn running routes used by American soldiers stationed in active war zones, Strava’s map could provide insurgents with insight on where to place explosive devices or snipers in order to maximize U.S. casualties. Blame for the security breach is also easy to apportion, with observers condemning both Strava and the Defense Department for their irresponsible policies and insufficient imagination.

But while the problem is simple to diagnose, experts worry that Congress and the Pentagon face an uphill battle to preempt new threats raised by the vast tranches of consumer data vacuumed up daily by tech companies.

Though House Democrats have opened a preliminary investigation into Strava’s privacy policies, any attempts to legislate a solution would likely run up against Silicon Valley’s entire business model. “Unless the Hill’s prepared to go after industry writ large on this, you can’t just isolate one company for doing what everyone else is doing,” said Todd Rosenblum, a fellow at the Atlantic Council and a former official at the Pentagon and the Homeland Security Department.

The Defense Department, for its part, may struggle to implement policies that prevent soldiers from oversharing online. “I think that is going to be difficult, because a lot of the use is done on private time or after-duty hours,” said Lt. Gen. (ret.) Guy Swan, the vice president of the Association of the United States Army. “How you enforce it would be an issue.”

And even if Pentagon brass can get a handle of soldiers’ misuse of this specific technology, it’s not clear that they’re equipped to foresee the inevitable security threats posed by big data in the future.

“The nature of secrecy—and the presumption of secrecy—is becoming a dated concept,” said Peter Singer, a strategist and senior fellow at New America. “And that’s really what the military has to figure out how to handle.”

Strava created its heatmap by combining billions of anonymized global-positioning data points transmitted by athletes using a Strava device or app to monitor their exercise regimen. That appears to have included a significant number of military personnel overseas, who Rosenblum and other experts say should have been more aware of Strava’s plans for their data.

“The responsibility lies with DoD and military personnel,” said Rosenblum. “It’s a failure of imagination in regards to the tracking devices … When you stand up entities that have the job of counterintelligence and force protection, these are things that people should be thinking of.”

Others experts primarily fault Strava for its opaque privacy policies. The company refused to take the map offline last week, instead issuing a letter claiming that users could have opted out of participation in the heatmap project.

Paul Scharre, the director of the Technology and National Security Program at the Center for a New American Security, dubbed Strava’s explanation a cop-out. “None of these military personnel would’ve shared this data if they understood what they were sharing,” he said. “I’m sure there was an option [to opt out]. But they didn’t clearly communicate that to people.”

Scharre called Strava’s decision to keep the map online—and to blame military users for failing to find the appropriate opt-out option—“wholly irresponsible,” and said he hopes Congress will call the company in for a browbeating.

Democrats on the House Energy and Commerce Committee appear interested in doing just that. They sent a letter to Strava demanding a briefing on the company’s privacy policies, as well as information on the processes surrounding the heatmap’s development and release. A Democratic spokesman said the inquiry was at its beginning stages, but did not rule out the potential for legislation down the road.

Elena Hernandez, a spokeswoman for Energy and Commerce Republicans, told National Journal that GOP lawmakers were not asked to sign onto the Democratic letter, but that they “will continue to closely monitor the situation with Strava.”

Any push to impose a federal legislative or regulatory fix would have to also target the broader Silicon Valley ecosystem, which is highly reliant on maintaining privacy policies that allow for the maximum collection of consumer data. Information-technology lawyer Tatiana Melnik said the questions Congress is now asking Strava could also be asked of “almost any other company.”

“Does that now mean that all these companies should have policies that specifically address whether those users are in the military?” she asked. “How would they even know that?”

Steve Grobman, the chief technology officer at cybersecurity company McAfee, cautioned regulators against taking a hard line against permissive corporate-data policies. “Big data, analytics, the ability to publish large quantities of data and understand the interaction of data in general, will provide massive benefit to mankind,” he said. “But we need to recognize there will be residual challenges, and new challenges that we’ve never seen before. And we just need to come up with pragmatic policies and practices to work through them.”

Those policies and practices may now be in development, at least as they’re related to exercise apps and wearable technology. A spokeswoman told reporters that Defense Secretary James Mattis is mulling drastic changes to the military’s use of mobile and wearable tech, including a possible ban on personal cell phones at the Pentagon. Several experts also floated the possibility that Strava could work with the Defense Department to create a separate, secure app for military personnel.

But as long as the culture of Silicon Valley continues to hype big data’s benefits and downplay its drawbacks, most experts believe the onus will be on the military and other vulnerable institutions to foresee the potential risks of a new app or device before its usage becomes widespread.

Steve Weber, a professor at University of California, Berkeley’s School of Information, believes the very nature of data science could make predicting the next crisis challenging. With so much data at corporate fingertips—and with the ability to mash disparate data sets together in a near-infinite number of combinations—Weber worries that researchers, companies, and institutions won’t notice the potential for negative impacts until the damage is already done.

“What we’re going to see increasingly are these unpredictable uses, which from a scientific perspective are incredibly interesting,” he said. “It’s going to be these ad-hoc responses. It’s gonna happen and we’re gonna go, ‘Shit, we should’ve seen that coming.’ But the truth is most of these things are going to be really hard to see coming, specifically when you’re combining data sets together.”

What We're Following See More »
AND POLICE OFFICERS IN EVERY SCHOOL
Gov. Scott Wants to Raise Gun-Purchase Age to 21
17 hours ago
THE LATEST
IN THE WAKE OF NEW CHARGES
Gates Expected to Plead Guilty, Cooperate with Mueller
18 hours ago
THE LATEST

Former Trump campaign adviser Rick Gates is expected to plead guilty to a raft of new tax and fraud charges filed against him by special counsel Robert Mueller on Thursday. Gates is expected to cooperate with Mueller's investigation.

Source:
32 COUNTS
Mueller Hits Manafort, Gates with New Charges
1 days ago
THE LATEST

Robert Mueller announced new charges against former Trump campaign chairman Paul Manafort advisor Rick Gates. "The new indictment contains 32 counts, including tax charges." The pair had been indicted on 12 charges in October. Since then, Gates's attorneys have asked to be excused from the case.

Source:
SECOND TIME FBI FAILED TO ACT
FBI Failed To Act On Parkland Shooter Tip
1 days ago
THE DETAILS

The FBI has reported that it failed to respond to a warning from "a person close to" Nikolas Cruz, the teen accused of killing 17 people at Parkland High School on Thursday. "It was the second time the FBI apparently failed to follow up on Cruz." On the first occasion, it failed to properly investigate Cruz after it was reported to them that he left the following comment on a Youtube video: "Im going to be a school shooter."

Source:
FBI MISSED TIP ON PARKLAND SHOOTER
Florida Governor Calls on FBI Director to Resign
1 days ago
THE DETAILS

Florida Governor Rick Scott called on FBI Director Christopher Wray to resign following revelations that the FBI had failed to adequately investigate multiple warnings about Parkland High School gunman Nikolas Cruz. “The FBI’s failure to take action against this killer is unacceptable,'" said Scott. '...We constantly promote ‘see something, say something,’ and a courageous person did just that to the FBI. And the FBI failed to act.'" According to an FBI statement, the FBI failed to inform local offices of information regarding "Cruz's desire to kill people, erratic behavior, disturbing social media posts, as well as the potential of him conducting a school shooting."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login