In response to reports that the fitness-tracking platform Strava shared user information that could be used to identify military installations, members of the House Energy and Commerce Committee sought information about company data security practices and potential changes on Wednesday.
Strava uses GPS and wearable devices to track its users’ activities, movements, and locations. The company has published “heat maps” of user activity online in recent years, and revelations that some of those heat maps can be used to identify military outposts and sensitive locations emerged in recent days.
U.S. Rep. Frank Pallone, Jr. (D-NJ), ranking member of the committee, led other Democratic committee leaders in a letter requesting information from Strava about its data sharing practices, efforts to mitigate security risks and other information about the platform.
“In this case, Strava made no attempt to secure information, and instead published location information on the internet for anyone to see,” the letter stated. “Although the location information was aggregated and anonymized, analysts warned that the data Strava posted can easily be cross-referenced with other publicly available information to identify individual users.”
The committee members questioned whether Strava users were given advance notice of their information being included in heat maps that were published online in November. Lawmakers also sought information about the company’s default privacy settings, what privacy options are available and what user information is shared with third parties.
The lawmakers requested a response from the company no later than Feb. 9.