No Easy Fix for Big Data’s Threat to National Security

There’s plenty of blame to go around for an online heatmap revealing sensitive information on U.S. bases. But both the Pentagon and Capitol Hill will struggle to contain similar threats in the future.

U.S. Marines at Task Force Southwest military field in the Shorab military camp in Afghanistan on Jan. 15.
AP Photo/Massoud Hossaini
Feb. 4, 2018, 8 p.m.

Silicon Valley’s relentless quest to collect and collate every shred of consumer data hit a snag last week following the revelation that a global exercise heatmap, published online by fitness-technology firm Strava in November, inadvertently exposed the location and activities of U.S. service members stationed at sensitive military bases overseas.

In hindsight, the security concerns raised by the map are stunningly obvious. By displaying well-worn running routes used by American soldiers stationed in active war zones, Strava’s map could provide insurgents with insight on where to place explosive devices or snipers in order to maximize U.S. casualties. Blame for the security breach is also easy to apportion, with observers condemning both Strava and the Defense Department for their irresponsible policies and insufficient imagination.

But while the problem is simple to diagnose, experts worry that Congress and the Pentagon face an uphill battle to preempt new threats raised by the vast tranches of consumer data vacuumed up daily by tech companies.

Though House Democrats have opened a preliminary investigation into Strava’s privacy policies, any attempts to legislate a solution would likely run up against Silicon Valley’s entire business model. “Unless the Hill’s prepared to go after industry writ large on this, you can’t just isolate one company for doing what everyone else is doing,” said Todd Rosenblum, a fellow at the Atlantic Council and a former official at the Pentagon and the Homeland Security Department.

The Defense Department, for its part, may struggle to implement policies that prevent soldiers from oversharing online. “I think that is going to be difficult, because a lot of the use is done on private time or after-duty hours,” said Lt. Gen. (ret.) Guy Swan, the vice president of the Association of the United States Army. “How you enforce it would be an issue.”

And even if Pentagon brass can get a handle of soldiers’ misuse of this specific technology, it’s not clear that they’re equipped to foresee the inevitable security threats posed by big data in the future.

“The nature of secrecy—and the presumption of secrecy—is becoming a dated concept,” said Peter Singer, a strategist and senior fellow at New America. “And that’s really what the military has to figure out how to handle.”

Strava created its heatmap by combining billions of anonymized global-positioning data points transmitted by athletes using a Strava device or app to monitor their exercise regimen. That appears to have included a significant number of military personnel overseas, who Rosenblum and other experts say should have been more aware of Strava’s plans for their data.

“The responsibility lies with DoD and military personnel,” said Rosenblum. “It’s a failure of imagination in regards to the tracking devices … When you stand up entities that have the job of counterintelligence and force protection, these are things that people should be thinking of.”

Others experts primarily fault Strava for its opaque privacy policies. The company refused to take the map offline last week, instead issuing a letter claiming that users could have opted out of participation in the heatmap project.

Paul Scharre, the director of the Technology and National Security Program at the Center for a New American Security, dubbed Strava’s explanation a cop-out. “None of these military personnel would’ve shared this data if they understood what they were sharing,” he said. “I’m sure there was an option [to opt out]. But they didn’t clearly communicate that to people.”

Scharre called Strava’s decision to keep the map online—and to blame military users for failing to find the appropriate opt-out option—“wholly irresponsible,” and said he hopes Congress will call the company in for a browbeating.

Democrats on the House Energy and Commerce Committee appear interested in doing just that. They sent a letter to Strava demanding a briefing on the company’s privacy policies, as well as information on the processes surrounding the heatmap’s development and release. A Democratic spokesman said the inquiry was at its beginning stages, but did not rule out the potential for legislation down the road.

Elena Hernandez, a spokeswoman for Energy and Commerce Republicans, told National Journal that GOP lawmakers were not asked to sign onto the Democratic letter, but that they “will continue to closely monitor the situation with Strava.”

Any push to impose a federal legislative or regulatory fix would have to also target the broader Silicon Valley ecosystem, which is highly reliant on maintaining privacy policies that allow for the maximum collection of consumer data. Information-technology lawyer Tatiana Melnik said the questions Congress is now asking Strava could also be asked of “almost any other company.”

“Does that now mean that all these companies should have policies that specifically address whether those users are in the military?” she asked. “How would they even know that?”

Steve Grobman, the chief technology officer at cybersecurity company McAfee, cautioned regulators against taking a hard line against permissive corporate-data policies. “Big data, analytics, the ability to publish large quantities of data and understand the interaction of data in general, will provide massive benefit to mankind,” he said. “But we need to recognize there will be residual challenges, and new challenges that we’ve never seen before. And we just need to come up with pragmatic policies and practices to work through them.”

Those policies and practices may now be in development, at least as they’re related to exercise apps and wearable technology. A spokeswoman told reporters that Defense Secretary James Mattis is mulling drastic changes to the military’s use of mobile and wearable tech, including a possible ban on personal cell phones at the Pentagon. Several experts also floated the possibility that Strava could work with the Defense Department to create a separate, secure app for military personnel.

But as long as the culture of Silicon Valley continues to hype big data’s benefits and downplay its drawbacks, most experts believe the onus will be on the military and other vulnerable institutions to foresee the potential risks of a new app or device before its usage becomes widespread.

Steve Weber, a professor at University of California, Berkeley’s School of Information, believes the very nature of data science could make predicting the next crisis challenging. With so much data at corporate fingertips—and with the ability to mash disparate data sets together in a near-infinite number of combinations—Weber worries that researchers, companies, and institutions won’t notice the potential for negative impacts until the damage is already done.

“What we’re going to see increasingly are these unpredictable uses, which from a scientific perspective are incredibly interesting,” he said. “It’s going to be these ad-hoc responses. It’s gonna happen and we’re gonna go, ‘Shit, we should’ve seen that coming.’ But the truth is most of these things are going to be really hard to see coming, specifically when you’re combining data sets together.”

What We're Following See More »
BUT NOT SUBMITTED THEM
Trump Says He's Completed Answers to Mueller's Questions
1 days ago
THE LATEST
BUT DESANTIS APPEARS TO HAVE LOCKED UP GOVERNOR'S RACE
Florida Senate Race Heads to Hand Recount
1 days ago
THE LATEST

"Following a five-day machine recount of the more than 8.3 million votes cast in the Nov. 6 election, Secretary of State Ken Detzner ordered hand recounts Thursday afternoon in the U.S. Senate race between incumbent Bill Nelson and Gov. Rick Scott." Meanwhile, the "race for governor, which also went through a machine recount, was outside the margins that trigger a manual recount as new tallies came in, making Republican former congressman Ron DeSantis the governor-elect a full nine days after Democrat Andrew Gillum first conceded."

Source:
ORANGE COUNTY IS NOW TOTALLY BLUE
Mimi Walters Is the Latest GOP Incumbent to Go Down
1 days ago
THE LATEST

"In another blow to California Republicans reeling from defeats in the Nov. 6 election, Democrat Katie Porter has ousted GOP Rep. Mimi Walters in an upscale Orange County congressional district that was a longtime conservative bastion." Every district within the county is now held by a Democrat.

Source:
POLIQUIN STILL CHALLENGING RANKED-CHOICE VOTING
Poliquin Loses in Maine's 2nd District
2 days ago
THE LATEST

"Democrat Jared Golden has defeated Maine Rep. Bruce Poliquin in the nation’s first use of ranked-choice voting for a congressional race, according to state election officials. The Democrat won just over 50 percent of the vote in round one of ranked-choice voting, meaning he’ll be the next congressman from the 2nd District unless Poliquin’s legal challenges to the voting system prevail. A Golden win in the 2nd District, which President Donald Trump carried in 2016, mean Democrats have picked up 35 seats in the House."

Source:
IF SHE AGREES TO RULES REFORMS
Republicans Could Back Pelosi in Speaker Vote
2 days ago
THE LATEST

"Rep. Tom Reed (R-N.Y.) said he and some other Republicans are committed to backing Nancy Pelosi (D-Calif.) for Speaker if she agrees to enact a package of rule reforms. Reed, co-chair of the bipartisan Problem Solvers Caucus, said the growing frustration with gridlock, polarization and a top-heavy leadership approach in Congress are the reasons why several members in his party are willing to supply Pelosi with some Speaker votes in exchange for extracting an overhaul of the House rules." The caucus wants to fast-track any legislation with support of two-thirds of members, and require a supermajority to pass any legislation brought up under a closed rule.

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login