DBR ON DATA

Security, Privacy and Information Governance

Tag: Internet of Things

Strava’s Heatmap & IoT Devices

Share

Online fitness tracking app Strava recently published a “heatmap” of data showing the physical movement paths of Strava users around the globe.  The Strava app uses mobile phones’ GPS in conjunction with wearable fitness trackers, such as Fitbit, Garmin, and Xiaomi Mi, to track users’ physical activities, capture performance metrics like speed, pace, and distance, analyze users’ performance, and compare performance metrics with other users.  As useful as this information is to Strava users, it became widely known in late January 2018 that Strava’s heatmap, easily available to the public, shows the movement of soldiers and military personnel in different global locations.  This information can be used to identify, with explicit detail, the location and layout of foreign physical military installations in countries such as Syria and Afghanistan.

Strava’s heatmap, which was updated in November 2017, is a visualization of the company’s global network of athletes.  According to Strava, the heatmap is the “largest, richest, and most beautiful dataset of its kind,” and consists of the following data points:

  • 1 billion activities
  • 3 trillion latitude/longitude points
  • 13 trillion pixels rasterized
  • 10 terabytes of raw input data
  • A total distance of 27 billion km (17 billion miles)
  • A total recorded activity duration of 200 thousand years
  • 5% of all land on Earth covered by tiles

Strava notes that the platform has numerous privacy rules in place, including an enhanced privacy mode, the exclusion of some or all private activities, the cropping of activities to respect user defined privacy zones, and the option to opt-out of contributing data to the heatmap.

Strava’s heatmap highlights a variety of issues associated with the deployment of  Internet of Things (IoT) devices.  The IoT, a broad category of technology that is generally understood to include physical devices that can collect and share data and connect to the Internet, is quickly changing every aspect of our lives, from the way we work and how we purchase goods and services to how we exercise and how well we sleep.  How these devices connect with other devices as well as consumer expectations continue to evolve is this largely unregulated space.

The FTC’s 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change,” provides further insight.

Connected Cars in 2018 – Ready for the Fast Lane?

Share

One of the most frequent predictions for significant growth in 2018 is the development of the connected car ecosystem. During the second half of 2017, there were workshops, proposed legislation and other guidance from the Department of Transportation and the National Highway Traffic Safety Administration (NHTSA).

In June 2017, the FTC and the NHTSA hosted a workshop in Washington, D.C. to discuss the enormous amounts of data collected and used in the connected car ecosystem. The workshop included representatives from consumer groups, industry, government and academia, and explored the benefits and challenges in this fast-growing market. After reviewing the materials submitted in connection with the workshop, the FTC released its Key Takeaways earlier this month.

In addition, the U.S. House of Representatives passed H.R. 3388, the SELF DRIVE (Safely Ensuring Lives Future Development and Research in Vehicle Evolution) Act to encourage testing, development and deployment of highly automated vehicles. Finally, the U.S. Department of Transportation and the NHTSA released new federal guidance for automated vehicles titled Automated Driving Systems 2.0: A Vision for Safety.

Continue reading

Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges

Share

The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.”  The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage.  Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.

Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:

  • Automated distributed attacks are a global problem;
  • While effective tools exist, they are not widely used
  • Products should be secured during all stages of their life cycle.;
  • Improved education and awareness are necessary;
  • Current market incentives are misaligned; and
  • Automated distributed attacks are an ecosystem-wide challenge.

Continue reading

VTech Settlement Resolves COPPA Allegations in FTC’s First Connected Toy Case

Share

The Federal Trade Commission announced a settlement with VTech Electronics Limited and its U.S. subsidiary in the FTC’s first case involving Internet-connected toys.

VTech had been charged with violating the FTC Act and the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children without providing direct notice and obtaining their parent’s consent, as well as failing to properly secure the data it collected.  The settlement includes a payment of $650,000 in civil penalties, injunctive relief, and the establishment of a comprehensive security program.

Background

VTech, a Hong Kong corporation, and VTech Electronics North America, advertise, market and distribute electronic learning products (ELPs).  The companies offer online games available through the ELPs and operate the Learning Lodge Navigator online service, a platform similar to an app store that allows customers to download child-directed apps, games, e-books and other online content.  As of November 2015, approximately 2.25 million parents had created accounts with Learning Lodge for nearly 3 million children, according to the FTC.

Continue reading

The Sedona Principles, Third Edition Gives a Shout Out to Information Governance

Share

The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, has released a final, pre-publication version of its much-anticipated The Sedona Principles, Third Edition: Best Practices, Recommendations and Principles for Addressing Electronic Document Production. The Sedona Principles are the preeminent reference publication for e-discovery lawyers and practitioners alike.  In addition to addressing the 2015 changes to the Federal Rules of Civil Procedure, this latest version of The Sedona Principles includes a fresh focus on information governance and the mitigating effect it can have on the challenges organizations face today from the ever-changing electronic data landscape.

Continue reading

Tech Companies Issue White Paper Recommending a National IOT Strategy

Share

Over the course of the last year, a number of U.S. technology companies and associations, including Intel, Samsung and the Information Technology Industry Council (ITIC) initiated a process dubbed “the National IOT Strategy Dialogue” the purpose of which was to develop strategic recommendations for U.S. government policymakers on the Internet of Things.

The group recently issued a white paper capturing the recommendations they advocate that the U.S. government undertake or implement.  These players suggest that for the U.S. to win the global race to test, develop and deploy beneficial IOT technologies, that the U.S. government needs a strategic roadmap.

Continue reading

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy