The pentagon is clamping down on wearable fitness devices, following a discovery in January that troop’s secret or confidential locations were revealed by a fitness heat map.
The new restriction means that military personal deployed in operational areas will not be allowed to use wearable trackers or smartphone apps, government issued or otherwise, that can identify their location.
“The rapidly evolving market of devices, applications, and services with geolocation capabilities (e.g., fitness trackers, smartphones, tablets, smartwatches, and related software applications) presents significant risk to the Department of Defense (DoD personnel both on and off duty, and to our military operations globally,” the memo issued by US Deputy Secretary of Defense Patrick Shanahan read. “These geolocation capabilities can expose personal information, locations, routines, and number of DoD personnel, and potential create unintended security consequences and increased risk to the joint force and mission.”
The new rule goes on to says that combatant commanders or their designees can authorize the use of geolocation functions on both non-government and government issued devices in certain locations.
The military also plans on providing personnel with training and more guidelines about the trackers. According to the memo, in the future the military will be looking into a “tiered structure” to look at how and when they should be restricted.
In January, analysts discovered that heat map data released by fitness app Strava showed the locations of US military bases and patrol routes. At the time WIRED UK reported that Strava’s API allows anyone to deanonymize user-share data to reveal a record user’s name, speed and even heart rate.
At the time Strava CEO James Quarles, wrote a blog, which stressed that users have always had the ability to opt out of the heat map feature, but noted that the company is “committed to working with military and government officials to address potentially sensitive data” and will be pursuing efforts to increase user awareness of privacy and safety tools.
But this wasn’t the only military leak. Fitness app Polar also has opt-in feature within the app posts users’ routes to an online map can become a gateway to their private information with diligent searching and a simple modification of the browser’s web address, according to a report from the Dutch publication De Correspondent. The paper worked with citizen journalists and discovered that from the app they were able to identify soldiers by name and address, as well as access a recorded history of their jogging routes within nuclear storage facilities, high security prisons, drone bases, and other military sites.
As for the US military, the plan is that within the next 30 days the DoD chief information officer and the under secretary of defense for intelligence will sit down and come up with a set of geolocation risk management guidelines, which will be presented at the annual cybersecurity training for DoD employees.