Judy Woodruff: Millions of people around the world wear mobile devices or have apps on their smart-phones that track how much they exercise. John Yang explores whether that data from the Fitbits some of you are wearing right now perhaps and other apps also reveal sensitive national security information.
John Yang: Judy, a 20-year-old student in Australia took a close look at data posted late last year by Strava, a website and mobile app that tracks millions of users' athletic activity around the world. The student, who is studying international security, discovered that these so-called heat maps, from trillions of GPS points, showed not only mundane big city jogging routes. They also reveal the locations of bases where military forces and intelligence services exercise. Here's a map that he posted that he says shows where soldiers jog along the beach in Mogadishu, Somalia, near what is likely a reported CIA annex. This is a map of the Bagram Airfield in Afghanistan. And here's a map showing where Turkish forces patrol north of Manbij in Syria. For more on all of this, we turn Zack Whittaker, the security editor at ZDNet, a Web site that covers technology. Zack, thanks so much for joining us.
Zack Whittaker: Good to be here.
John Yang: Help us understand exactly what information has been apparently inadvertently disclosed here that might be of use to enemies of the United States.
Zack Whittaker: So, a lot of data, really. Your fitness tracking data from when you're walking, when you're cycling, when you're doing CrossFit sports, all this data is obtained by the fitness tracker in your phone, in your pocket, on your wrist. And it goes to an app called Strava. And it's uploaded to their systems. The whole point of the app is essentially to help you to compete with people who you work with, who you're friends with, so you can essentially run a competition with your friends to see who can cycle or run to work the fastest. And this kind of data is tracking your location from point A and point B.
John Yang: The map of Bagram, everyone knows where Bagram Airfield is, but the specific information that is being used, that is showing where people are running or walking, how could that be of use to the enemy?
Zack Whittaker: This kind of data is available on the Internet. It's available as a map. And anyone with an Internet connection can see this map and can see areas. For example, if they're an enemy of the States, they can look at their nearby location. They can see where people are walking, people are moving with a fitness tracker in their pocket. And this is — it's quite obvious when people are nearby, especially in situations where they're in the military and in military bases in the middle of a war zone. They can use this data to build a profile of people who are in the military base, in a government facility, for example, and they can use it to plan attacks, if need be.
John Yang: Today, the Pentagon urged Defense Department personnel to place strong privacy settings on wireless technologies and applications. With Fitbit and things like that, how easy is it to do that?
Zack Whittaker: It's relatively easy. But the problem that most people have been finding with this is that they didn't realize that their data was being uploaded in the first place, because the privacy settings on the app involved, on the Strava app, it's very difficult to figure out exactly how this data is being uploaded in the first place. You have got these different privacy settings that, when you enable the privacy settings, they don't seem to stop the data flow in the first place. So it's very difficult and very confusing to the average person, like me and you, to figure out how to turn this data off in the first place.
John Yang: And also this points out the differences between opting in and opting out of privacy, of sending this information.
Zack Whittaker: Yes, and the problem with this app is that it appears to be opt out, rather than opt in. So, whenever you load this app, you're uploading all your information, or your geolocation or your data points to the clouds, and it's very clear from the map how precise this information is.
John Yang: Are there security and privacy concerns for average people beyond military, beyond intelligence services, that average people should be worried about, with all this information being sent up into the cloud?
Zack Whittaker: Well, obviously, the first and foremost priority is for people who are in the military, who are in government. They're the sort of people who might be targeted by foreign intelligence agencies by even conducting espionage essentially, by trying to turn them to a foreign power. If you know when someone is leaving and entering work and going back to their home, it's easy to identify people. And it's very possible that ordinary people could face sort of reprisals from this as well. You have got people who are victims of domestic abuse and people who are concerned about stalkers and situations like that, and they can easily be — their privacy can easily be undermined by this.
John Yang: Zack Whittaker of ZDNet, thanks so much for joining us tonight.
Zack Whittaker: Thanks.
1.in the first place 从一开始
I don't think we should have been there in the first place.
Why should he have risked all that to become an agent of a foreign power?
3.opt in 决定参加
He proposed that only those countries which were willing and able should opt in to phase three
4.opt out 撤退
Under the agreement the Vietnamese can opt out at any time.
约翰·杨：朱蒂，一位20岁的澳大利亚学生仔细查看了去年晚些时候Strava公布的（健身）数据 。Strava是一个网站，也是一个移动应用程序，可以对世界各地数以百万计的用户运动情况进行跟踪 。这名学生所学专业是国际安全，他发现，这些所谓的“热地图”由数万亿个GPS点组成，它不仅显示了人们在大城市里的普通慢跑轨迹，还暴露了军事基地位置以及情报机构活动 。这里他给出了一张地图，上面描绘了士兵们在索马里（首都）摩加迪沙海滩上慢跑的路线，据报道那附近可能是CIA的一个附属基地 。这是阿富汗巴格拉姆机场地图 。这张地图显示了土耳其部队在叙利亚曼比杰北部巡逻时的路线 。关于更多内容，请听技术网站ZDNet安全编辑扎克·惠特克为我们讲述 。扎克，欢迎你的加入 。
扎克·惠特克：那么，非常多的数据，真的 。当你走路，骑自行车，做CrossFit运动时，你手机上的健身追踪器就获得了你的健身数据，这些设备就放在你的口袋里，系在你的手腕上 。这些数据传给了一个叫Strava的应用程序 。上传到他们的系统 。整个应用程序的全部要点基本上是促成你与同事，朋友之间的（健身）竞赛，所以你基本上可以和你的朋友们展开一场角逐，看看谁骑自行车骑得最快或者跑步跑得最快 。而这种数据记录了你从A点到达B点的位置信息 。
扎克·惠特克：这种数据在因特网上就可以找到 。它可用作地图 。任何接入互联网的人都能看到地图，并能看到（相应）区域 。例如，如果他们是美国的敌国，他们可以看看附近（美军基地）的位置 。他们可以看到人们在哪里走路，（因为那些）人在口袋里放了健身追踪器 。这是——当人们在附近的时候就很明显，特别是在战区的军事基地中更是尤为如此 。他们可以利用这些数据建立一个在军事基地，在政府机构的人物档案，他们可以使用它来做进攻计划，如果需要的话 。
扎克·惠特克：相对来说比较容易 。但是，大多数人发现这里存在的问题是，他们一开始没有意识到数据被上传，因为在应用程序里都有隐私设置 。在Strava App上，人们一开始很难弄清楚这些数据是怎么被上传的 。你的APP中，有不同的隐私设置，当启用这些设置时，它们似乎并没有从一开始就停掉数据流 。所以，对于像你我这样的普通人来说，一开始就要弄清楚如何把这些数据流关掉，是非常困难和令人费解的 。
扎克·惠特克：是的，这个应用程序的问题是，它似乎是选择关闭，而不是选择开启 。所以，当你加载此应用程序时，你所有的信息都会上传到云上，你的地理位置，你的数据点，从地图中可以看出这些信息是多么精准 。
扎克·惠特克：显然，军人及公务员是重中之重 。他们可能是外国情报机构的目标，这些机构本质上（会）进行间谍活动，并试图将他们策反 。如果你知道一个人什么时候离开（工作现场），什么时候入场工作，什么时候回家，就很容易找到他 。而且很可能普通人也会遭到这种报复 。有人正在经受家庭暴力，有人担心别人会跟踪自己，诸如此类的情况，他们的隐私很容易遭到侵犯，他们也很容易受到威胁 。