The Pentagon is clamping down on geolocators on wearable devices following the discovery in January that the confidential locations of military installations had been revealed by a fitness app, with troops on deployments ordered to disable GPS trackers.
The new restriction means personnel deployed in operational areas are not allowed to use wearable trackers or smartphone apps that geolocate their positions.
“The rapidly evolving market of devices, applications, and services with geolocation capabilities (e.g. fitness trackers, smartphones, tablets, smartwatches and related software applications) presents significant risk to the Department of Defense (DoD personnel both on and off duty, and to our military operations globally,” the memo issued by US Deputy Secretary of Defense Patrick Shanahan read.
“These geolocation capabilities can expose personal information, locations, routines and number of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission.”
The military also plans to provide personnel with training and more guidelines about the trackers.
According to the memo, the military will be looking into a “tiered structure” of how and when they should be restricted.
In January, analysts discovered that heat map data released by fitness app Strava showed the locations of US military bases and patrol routes.
WIRED UK reported Strava’s API allowed anyone to deanonymise user-share data to reveal a user’s name, speed and heart rate.
At the time, Strava CEO James Quarles wrote a blog that stressed users have always had the ability to opt out of the heat map feature but noted the company is “committed to working with military and government officials to address potentially sensitive data” and will be pursuing efforts to increase user awareness of privacy and safety tools.
But this wasn’t the only military leak. Fitness app Polar also has an opt-in feature that posts users’ routes to an online map and can become a gateway to their private information with diligent searching and a simple modification of the browser’s web address, according to a report from Dutch publication De Correspondent.
The media outlet worked with citizen journalists and discovered that from the app they were able to identify soldiers by name and address, as well as access a recorded history of their jogging routes within nuclear storage facilities, high security prisons, drone bases and other military sites.
As for the US military, the plan is that within the next 30 days the DoD chief information officer and the Under Secretary of Defense for Intelligence will devise a set of geolocation risk management guidelines to be presented at the annual cybersecurity training for DoD employees.
Originally published on Mobihealthnews, a sister publication of HITNA.
To share tips, news or announcements, contact the HITNA editor on firstname.lastname@example.org