A new memorandum from the Pentagon is restricting select U.S. military personnel from using fitness-tracker and mobile applications that may reveal sensitive geographic location data, according to an August 7 report by the Associated Press.
The Associated Press obtained the government memo that, while not banning wearable devices, stresses wearables’ ability to collect and publicly share GPS data via digital apps presents a major security risk to military personnel.
“These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” the memo said, according to the Associated Press.
The memo follows a series of controversial episodes in which the location of military personnel purposely or inadvertently opting to share their personal GPS data via Polar and Strava apps was exposed. In July, a group of Dutch journalists used the now-defunct Explore function of the Polar Flow app to uncover the personal data and locations of 6,460 U.S. military and security personnel.
Commanding officers now have the authority to determine when and if their subordinates can activate GPS functions on their devices, relative to the sensitivity of their subordinates’ duties and locations.
“It goes back to making sure that we’re not giving the enemy an unfair advantage and we’re not showcasing the exact locations of our troops worldwide,” Army Col. Rob Manning told the Associated Press on behalf of the Pentagon.
Moving forward, the Pentagon will also provide additional cybersecurity training that covers risks related to personal mobile devices and fitness trackers.
A Fitbit spokeswoman told the Associated Press that location data is not collected by Fitbit unless a user allows Fitbit access to their data—and users can always revoke that access. After the Polar controversy in July, the Finland-based company released a similar statement that emphasized the company itself never exposed any sensitive information related to military personnel.
“Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” the July 6 statement said. “While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API.”