Fitness trackers and other mobile devices that use geolocation can no longer be used by military troops and other personnel working in sensitive areas.
An Aug. 3 memo, released by the Pentagon on Monday, states geolocation capabilities can expose “personal information, locations, routines and numbers of Defense Department personnel, and potentially create unintended security consequences.”
The policy bars DoD personnel from using geolocation applications or services while in operational areas like war zones.
That includes FitBits, fitness apps on mobile phones, and any other applications that follow users.
Combatant commanders of operational areas may authorize the use of geolocation devices and applications after conducting a threat-based survey of the effects. Combatant commanders may also authorize the use of geolocation capabilities on government devices for missions.
Locations and bases that are not in operational areas are required by the memo to consider the risks of geolocation devices and to create restrictions on the use of the devices based on their risks.
The new policy also requires the DoD chief information officer and undersecretary for intelligence to develop geolocation risk management guidance and training to “inform commanders and heads of DoD components when making risk decisions regarding these devices.”
The instructions from the Pentagon are just the latest in the saga over security and personal technology use.
DoD first started taking notice of the challenges presented by geolocation applications and devices in January, when tech company Strava released a map of fitness activities that also exposed military bases and troop movement trends.
Using data from fitness trackers, Strava’s map shared 13 trillion GPS points from their users from 2015 to September 2017.
Although some of the military services authorized the use the personal fitness devices for troops as as recently as 2016, the map caused government officials to rethink smartphone and wearable device policy.
“Strava heat map forces all to look at risks of big data analytics. It goes well beyond fitness trackers,” Rob Joyce, then-special assistant to the president and cybersecurity coordinator for the National Security Council, tweeted Jan. 29. “Security and operational security need to be considered in our new reality. While policy evolution is needed, it is important to make good security policy balanced by not over reacting too.”
The incident also led Defense Secretary Jim Mattis to consider banning all cell phones from the Pentagon and bases. Mattis did not follow through on that threat, and in May, released a memo that mostly reinforced existing policies that prevent cell phones from being brought into secure areas.
Geolocation isn’t the only headache the Pentagon had to deal with this year regarding cell phones.
DoD stopped selling Chinese-based ZTE and Huawei products in some exchanges due to concerns that the Chinese may use the devices to track troops or get personal information.
In June, Mattis released a memo reminding troops to “Be Alert!”
“The potential consequences of compromised data could be serious, not just for you and your families, but for the readiness and resiliency of this department,” he wrote.