UNIVERSITY PARK, Pa. — Fitness apps and other smart devices embedded with GPS satellite chips and other sensors may use satellite data to help users stay fit and healthy, but, according to Penn State and Penn State Dickinson Law researchers, they unwittingly open a gateway to privacy-related legal and ethical headaches and are a repeated source of national security threats.
In a session at the Penn State Law Review annual symposium held today (March 22), the researchers and Dickinson Law professors said that immediate focus is needed on how vast quantities of data, collected from sensors embedded in smart devices combined with both government-owned and privately owned satellite mapping technologies, is aggregated, used, disseminated, and bought and sold. Government-owned satellite mapping technologies, including global positioning satellites provide free, worldwide access for use in GPS chip-embedded devices.
“A lot of recent attention has focused on analyzing legal frameworks and ethical complexities behind the data collection of smart devices, software apps and social media platforms, as well as addressing privacy concerns of and privacy-law based challenges to satellite-based mapping platforms,” said Anne Toomey McKenna, Penn State Dickinson Law’s Distinguished Scholar of Cyber Law and Policy and a Penn State Institute for CyberScience (ICS) co-hire. “However, there is a gap in the privacy and cyber-related legal literature regarding the analysis of the technology and law behind government and private satellites and how the private sector uses satellite data through smart devices and apps.”
A recent release of data from a mobile fitness app demonstrated just one example of the threats that can lurk beneath what initially could be considered a harmless dissemination of satellite data, said McKenna, who was joined in the talk with Jenni Evans, professor of meteorology and atmospheric science and ICS director, and Amy C. Gaudion, associate dean for academic affairs and assistant professor of law at Penn State Dickinson Law.
In 2018, Strava, a social fitness network that uses GPS data to track workouts for cyclists and runners who wear fitness devices, released a map of the 13 trillion GPS points collected from their users during their workouts. The map included data points that security analysts say could reveal the locations of secret U.S. special forces bases.
“All it took was a startup company using aggregated data from publicly available sources to create a national security crisis overnight,” said McKenna. “The Strava case is just one example of the types of adverse effects a lack of interdisciplinary scholarship on this subject can have on an unaware public. Privacy law scholars need to address how government-owned satellite data is made available to private organizations and who can access it.”