Defense Secretary Jim Mattis has directed a DoD-wide review of fitness app use policies following the news this weekend that an app used by troops revealed sensitive military information, the Pentagon said Monday.
“Secretary Mattis has been very clear about not highlighting our capabilities to aid the enemy or give the enemy any advantage,” said Pentagon spokesman Army Col. Rob Manning. “The secretary is aware [of the breach] and we are taking a look at our department-wide policies to determine if [they] need to be updated.”
Manning could not specify who was going to lead the review or whether it would result in a formal report. He said the review would look at whether DoD needed additional policies regulating wearable fitness trackers.
Manning said additional policies could include new limitations on any kind of wearable device that trackers user locations, to include smart phones.
Manning said the Pentagon became aware of the breach over the weekend.
The recent release of a global heat map by GPS tracking app Strava sources the data from users’ smartphones and watches to produce an overlay of popular running paths.
Naturally, secure military facilities and outposts downrange are lit up with trails of activity.
“[The] DoD takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad,” Maj. Audricia Harris, a Pentagon press official, said in a statement to Military Times.
However, Harris reiterated that the military does currently have policies in place that are supposed to guide members’ actions at home and overseas.
“Annual training for all DoD personnel recommends limiting public profiles on the internet, including personal social media accounts,” Harris said. “Furthermore, operational security requirements provide further guidance for military personnel supporting operations around the world. Recent data releases emphasize the need for situational awareness when members of the military share personal information.”
Most of those operational security requirements focus on controlling the flow of information to open-source, or publicly available, media. Some common choke points the military has historically worked around include social media, newspapers, academic journals and GPS mapping.
Strava’s recent map seems to fall into that category. The app has been available for several years, but the recent buzz focuses on the expansion that occurred relatively recently.
“I am happy to announce our first major update to the global heatmap on Strava Labs since 2015,” Drew Robb, a data engineer at Strava, posted on the group’s Medium page in November. “This update includes six times more data than before — in total one billion activities from all Strava data through September 2017.”
As some have pointed out, the concern isn’t simply over what is already visible, but also over what other information Strava has access to but didn’t layer on the map.
As the map exists now, there are privacy settings a user can toggle on and off so that “private activities are excluded outright,” according to the website posting.
Additionally, “activities are cropped to respect user defined privacy zones,” and “activities at higher than reasonable running speeds are excluded from the running heat layer because they are most likely mislabeled,“ the posting reads.
Although the information may not be published, commentators have noted that it is still collected and stored by Strava, and it is up to them how the data is used.