US military reviewing its rules after fitness trackers exposed sensitive data
WASHINGTON — Pentagon officials could adjust policies governing the use of wearable electronics, such as fitness tracking wristbands, after an interactive map was published online that could reveal sensitive information about servicemembers in war zones, a Defense Department spokesman said Monday.
The Pentagon is reviewing the use of wireless technology, including fitness bands such as Fitbits and smartphones, in an effort to ensure servicemembers are not endangered by information collected by gadgets that could be made public, said Army Col. Rob Manning, a Pentagon spokesman. The review follows the publishing of a global heat map over the weekend by GPS tracking company Strava. The map shows regular routes used by some 27 million people around the world, according to the company.
In unpopulated areas – such as in areas American troops operate in Syria and Afghanistan – Strava’s map appears to show the outlines of known U.S. military posts and reveals routes Americans use to exercise on the posts or move between bases.
Manning said Monday that he was unaware of the data revealing any sensitive or classified information. He said the Pentagon had not asked Strava to remove any of the data it published.
Manning also said he was unaware of any security breaches occurring in recent days that could be attributed to the published information. He said the Pentagon was not considering the data an immediate force protection issue.
He could not immediately say how long a review of policies might take.
“The rapid development of technology requires constant refinement of policies and procedures to enhance force protection and operational security,” Manning said. “[Defense Department] personnel are advised to emplace strict privacy settings on wireless technologies and applications.”
The exact policies governing the use of wearable fitness trackers by uniformed servicemembers vary slightly from service to service. The Navy, for example, has allowed their use since at least 2015, but the service’s policy specifies they are only authorized if their GPS systems are “receive-only,” meaning they do not transmit their GPS information.
Manning said such wireless devices are also prohibited at certain Defense Department sites, likely sensitive locations, and during “specific activities,” but he declined to elaborate.
The Washington Post on Monday reported experts and internet users had discovered Strava’s data could be used to identify specific users by name. The newspaper reported a user had used the heat map and Google to identify an Army major who frequented a running route on a base in Afghanistan.
Strava said in a statement that the company is committed to helping users better use privacy settings and said they “are committed to working with military and government officials to address sensitive areas that might appear” on their map.
Defense Secretary Jim Mattis was aware of the issue, Manning said, adding the Pentagon is taking the matter seriously.