by Stephen Bryen*
[Significant parts of this post were quoted in Defense News.]
The essence of the story is quite simple. An Israeli army driver and a squad commander entered the Qalandia Palestinian camp by mistake while using the Waze smartphone GPS navigational app. People in the camp attacked the Israeli military vehicle with firearms and molotov cocktails. The two soldiers, for unknown reasons, split up. Israeli security forces were sent in, there was serious violence, and of the ten member rescue squad made up of five soldiers and five members of the Border Police, one was moderately wounded. One armed Palestinian was killed. The first of the two missing soldiers was picked up almost immediately; the other was found after an hour long search.
The Qalandiyah refugee camp was set up in 1949 by the United Nations’ UNRWA. Between 1949 and 1967 the camp was located in the area under Jordanian control and, in fact, UNRWA leased the land for the camp from the Jordanians. After the 1967 war the camp fell under Israeli control; today the camp is controlled by the Palestinian Authority. This camp, which should long ago have been liquidated (just as the other Palestinian refugee camps), is located just outside the Jerusalem municipal boundary. For Israeli military patrols who provide protection for Israeli settlements and run counter-terrorism operations, Qalandiya is a no-go area. There have been, nevertheless, previous conflicts in this camp brought about because of terrorists fleeing to the camp for protection.
Waze is an Israeli developed app (or application) that runs on most smart phones. The app was invented by Ehud Shabtai and the company was originally called Freemap. In 2009 it became Waze Mobile Ltd. In 2013, after becoming wildly popular with millions of users, Waze was bought by Google for $1.1 billion.
Waze is a crowd sourced mapping and directions tool that is used regularly by millions of drivers to get updates on traffic issues, to locate police radar and speed traps, and provide location specific alerts. By 2013 Waze had over 50 million users.
The two Israeli army drivers used Waze for directions and for traffic updates. It is an open question whether they were explicitly authorized to do so; but it is clear they were not explicitly authorized not to do so. Waze has features that can warn about certain “no go” areas, and in addition Waze can be programmed to make sure that no direction through such an area is possible. According to news reports and Waze personnel, this special feature was not enabled on the phone used by the soldiers.
Waze, nonetheless, can be spoofed. It is possible, for example, for a hostile organization to set up a fake accident or other event and steer users from a popular route onto a route that could, potentially lead them into a trap. In fact, two Israelis , Shir Yadid and Meital Ben-Sinai, at the time fourth-year students at Technion-Israel Institute of Technology, did just that by setting up a thousand or so fake accounts that provided fake coordinates and claimed to be stuck in traffic, sending users off on alternative routes. The project-scam worked as the students imagined it would.
If Waze can be faked, it can be used to set traps that could prove fatal. In Israel it is a genuine threat-risk. For example, Hamas and Hezbollah, not to mention the Syrian Electronic Army and its equivalent in Iran, and probably Isis too, can spoof an app like Waze and use it to lead both military, police and private citizens into ambushes.
Waze is just one example of a social media app that brings with it considerable risks. The fact that two Israeli soldiers got into terrible trouble shows just how serious the risks can be.
In the United States, and in Israel too, the line between commercial products and military-defense applications is extremely blurry. Both countries, and their counterparts around the world, are using social media type apps and other commercial hardware and software products for security. This leads to a growing perfect storm of risk that the enemies of peace and freedom are exploiting and will do even more to exploit in future.
It has been true for a number of years that senior officials, top military officers, and police and law enforcement officials have been using social media where they often exchange sensitive information and confuse personal and private matters with their official responsibilities. This opens them up to exploitation that can include threats to their families and friends as happened when the families of US Army personnel were threatened by al-Qaeda and other radical groups. Just recently a group called the Islamic State Hacking Division posted the names, photos and addresses of about 100 U.S. troops online, calling for attacks against them. In a Tweet claiming to come from ISIS, as reported by CNN, was one saying “”We won’t stop! We know everything about you, your wives and children. U.S. soldiers! We’re watching you!” ”
The US government has not issued any clear rules on social media, including Waze which is a social media product because it is crowd sourced. Nor, as far as is known, has Israel.
Israel has vowed to investigate the circumstances of the Waze incident at Qalandiya. Perhaps more will be learned; perhaps not. But the real bottom line is that government, military and law enforcement are lacking sound policy about social media and treating it as if it is not a problem. That, it seems, is a big mistake.
*Dr. Stephen Bryen is author of the new book, Technology Security and National Power: Winners and Losers (Transaction Publishers).