20/11/2024

The CTO

The Best Chief Technology Officer

Fitbit, Fun, Forensics, and Foes

Fitbit, Fun, Forensics, and Foes

Have you tracked your 10,000 steps today? Has anyone else tracked them?

Fitness trackers are big business, helping people get and stay fit, and helping them share their progress with friends – and sometimes with strangers.

Probably the most well-known of these devices (and apps) are the FitBit and apps paired with the Apple Watch, but also include the Moov Now, Samsung Gear Fit, Huawei Band, Tom Tom Spark, and about 350 others. The ability to map your movements is one of the more fun and attractive features about these devices.

FitBit data helps to catch a potential murderer.

Fitness trackers in less light-hearted circumstances can provide evidence in the most serious of cases. At the end of 2015, Richard Dabate told Connecticut law enforcement a tale of a break-in where the robber killed his wife while he was fighting the intruder off. The problem was that subpoenaed records of her FitBit showed her active an hour after the murder was said to have taken place, and that she walked ten times further then what would have taken her into the now-fictional perp’s view. Along with other computer, Facebook, and cellphone evidence, and the fact that Dabate had a pregnant girlfriend he was arrested for the crime. As of this writing, Mr. Dabate is still free on a million dollars bail.

FitBit data helps an innocent man go free

In May of 2016, Nicole Vander Heyder went out on the town in Green Bay, Wisconsin, but never came home. Her bloodied and naked body was found in a farm field nearby. Signs at first pointed to her boyfriend, Doug Detrie, who was arrested but nonetheless seemed shocked at the news and protested his innocence. Detrie was held on a million-dollar bond, but the apparent evidence (blood in the car, in the garage, and a suspicious spot on the sole of his shoe) didn’t hold up (blood in the car wasn’t the victim’s, blood in the garage wasn’t a human’s, and the suspicious spot wasn’t blood) so he was released. Data from Doug’s FitBit showed that he took only about a dozen steps during the time frame in which Nicole died.

DNA evidence from Nicole’s clothes pointed at another man altogether, George Burch. Burch’s Android phone had Google Dashboard data associated with his Gmail account that showed GPS location data leading right to Nicole’s house. Eventually, he was charged, found guilty of first degree murder, and sentenced to life in prison where he still insists he’s innocent.

FitBit data used to try to find a missing person

In July of 2018, Iowa student, Mollie Tibbett went for a jog and hasn’t been seen since. Police have received her FitBit data in an attempt to locate her but haven’t released what they found in that data to the public. It appears that the geolocation information therein wasn’t enough to find her. Additional data from her cell phone and social media accounts has been sifted for clues, but as of August 6, 2018, there are no reports of her being found, although there appear to be people of interest. Hopefully location data from her FitBit will eventually help lead investigators to her current location.

FitBit data banned by the military

You may have heard news stories of late that the Army has expressed concern about military movements and security being compromised by data from fitness trackers and devices like the Apple Watch. A military official was quoted as saying, “The moment a soldier puts on a device that can record high-definition audio and video, take photos, and process and transmit data, it’s very possible for him or her to be tracked or to reveal military secrets… The use of wearables with Internet access, location information, and voice-calling functions should be considered a violation of national security regulations when used by military personnel.” But did you know that this news was from May 2015? And did you know it was a Chinese military official in the Chinese Army newspaper, the Liberation Army Daily?

That’s right, some foreign governments have been banning such devices for years now.

FitBit geolocation data banned by the US Military

In 2013, the DOD distributed 2,500 FitBits to military personnel; in 2015 the Navy planned to run a pilot program to help the enlisted and their superiors keep track of fitness goals, and “allow Army leaders to track their Soldiers’ fitness in real time.”

Aside from military members, Fitbit has a user base of over 10 million people. The information is viewable online, on a mobile device, or through the desktop application. Fitbit logs movement and allows users to log other health information in the app. Fitbit then uses this information to display progress over time.

The manager of a companion app, called Strava, helps to map and display maps of subscribers’ movement using FitBit and other fitness tracking devices. In November 2017, Strava released their Global Heat Map of 3 trillion individual global GPS data points uploaded from the previous two years. Zooming in on the maps, as Australian security student Nathan Ruser did, revealed favored trails used in previously undisclosed bases by military fitness buffs. Heat map trails around and in Mogadishu could have provided potential targets of locations frequented by military personnel for Somalian dissidents.

As one might imagine, the Army on August 7, 2018 banned use of geolocation features in iPhones, Apple Watch, FitBit and other fitness trackers with the following directive: “Effectively immediately, Defense Department personnel are prohibited from using geolocation features and functionality on government and non-government-issued devices, applications, and services while in locations designated as operational areas.” It hasn’t banned the use or possession of the devices altogether.

The (FitBit) Law of Unintended Consequences

There are three types of unintended consequences (according to Wikipedia)

An Unexpected benefit: A positive unexpected benefit – such as an accused murderer going free and shown to be innocent of charges due to his FitBit. Rather than showing the accomplishment of an athletic endeavor it instead showed inaction when the crime would have required much movement, as with Doug Detrie and Nicole Vander Heyder.

An Unexpected drawback: An unexpected detriment occurring in addition to the desired effect of the policy, such as a FitBit showing a purported victim of a crime instead being the perpetrator as with Richard Dabate and his wife.

A Perverse result: A perverse effect contrary to what was originally intended, as when military personnel using a FitBit to keep track of their fitness progress reveal themselves as potential targets to an adversary.

With any luck, none of these occasions will fall into lives of any of my readers.

Keep fit, keep track, but be aware that you may be revealing more than you intend to.