Pentagon Restricts Use of Fitness Trackers, Other Devices

Military troops and other defense personnel at sensitive bases or certain high-risk warzone areas won't be allowed to use fitness tracker or cellphone applications that can reveal their location, according to a new Pentagon order. From a report: The memo, obtained by The Associated Press, stops short of banning the fitness trackers or other electronic devices, which are often linked to cellphone applications or smart watches and can provide the users' GPS and exercise details to social media. It says the applications on personal or government-issued devices present a "significant risk" to military personnel so those capabilities must be turned off in certain operational areas. Under the new order, military leaders will be able to determine whether troops under their command can use the GPS function on their devices, based on the security threat in that area or on that base. "These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission," the memo said. Zack Whittaker, a security reporter at TechCrunch, said, DoD's statement today appears to be a response to the revelation that fitness tracker app Polar was exposing locations of spies and military personnel.

So the GPS blackout ...

[CaptainDork]

... locations get the Streisand Effect.

Re:

[kiehlster]

I'd like to see him Hang Clean for America, because weight lifting is a great way encourage America to get fit, and start a good rivalry with Putin's fitness score.

Re:

[Anonymous Coward]

Except these bases are typically in remote areas where the only fitness tracker activity is from military personnel.

Re:So the GPS blackout ...

[arth1]

It's not just a problem with bases and exact positions. It's a problem that individuals can be tracked over time. If you see someone one week do runs in Langley, and the next week do runs in a remote location in Nicaragua, you may have a diplomatic crisis on your hands.

Re:

[wired_parrot]

It's more than that. By looking at users whose location corresponded to CIA HQ in Langley during the day, for example, they could determine those individuals who worked in the CIA. And by backtracking the location of those individuals to where they were early in the morning, their home address could be determined. When cross-referenced against public databases, this allowed them to determine the identities of any CIA agent working at Langley using the app, along with their home addresses and daily routine.

Re:

[mysidia]

they could determine those individuals who worked in the CIA. And by backtracking the location of those individuals to where they were early in the morning, their home address could be determined

Shoot.. this could probably done without an app just by triangulating IMEIs as multiple cellular stations detect the same IMEI; I imagine the carriers could already easily do this --- monitor what IMEIs are frequently detected near a known CIA location, and where that same IMEI is during the early morning, lat

Re:

[EvilSS]

Or war-driving their cars. I live near an interstate and my wifi system (ubiquity) logs "near-by" access points by default. I see 30-40 GM vehicles an hour with their onboard wifi hotspots blasting out their SSID and unique MAC. Seems like they are on by default because they way out number any other maker. I only see a handful of Fords, for example.

Re:

[fish_sauce]

What is it called if someone from for example UK exposes those identities?
Internet is global and we have satellites that can read news papers from space with ease.
Anyone with such access can monitor CIA HQ and see who are there and expose them that way. So why focus on fitness trackers and such?! Seems odd to me when the same info can easily be collected another way which is just as easy.

Re:

[fahrbot-bot]

Except these bases are typically in remote areas where the only fitness tracker activity is from military personnel.

Ya, but how are people stationed at CIA black-sites supposed to track their cardio now?

Re:

[Anonymous Coward]

on Android, IPBike (afaik) stores workouts locally on the phone, not in the cloud. So if you have an Ant+ phone (or dongle), and ant+ hrm, you could then track your workouts on your phone. The only problem that I then see is plotting one's route, as that'll use Google Maps API to track the lat/long locations into the map. So there's a data leak there the DOD may not want

Good

[Anonymous Coward]

No point it letting an easily compromised cloud GPS reporting service track your movements.

Why not mobiles too?

[sanf780]

I understand fitness trackers (app and/or device) are too happy to share your location with friends and strangers. However, Google Maps probably uses your data for some function of Google Maps. I know it can record where your workplace is and where you last parked your car. So, why do Pentagon workers are allowed to bring mobile phones is my guess.

Re:Why not mobiles too?

[Kenja]

They already restrict the carrying and usage of [mobile devices [defense.gov], including phones.

Re:

[jellomizer]

That and I expect approved devices if having tracking on them would have appropriate safeguards with the vendors.
Otherwise the bad guys can just buy Google Ads, that would target troops, and based on their impression counts, they can keep track of the opposing troops.

Re:

[ole_timer]

...the only way these trackers work is if there's a cell phone or wifi signal...most use bluetooth to that signal...

Re:

[thomn8r]

the only way these trackers work is if there's a cell phone or wifi signal...most use bluetooth to that signal.

What you're missing is that these devices store the information until such time as they get a network, and then upload the stored data.

Re:

[ole_timer]

...I didn't miss that at all - i'm technical, I have one, I know how they work...when I went to Germany a few years ago and came back it tracked me in waldorf...

Re:

[bhcompy]

All SCIFs at the Pentagon already required that any electronic devices(computers, cellphones, smartwatches, etc) be placed into a secure locker before entering. This is redundant.

Regardless, 6ft thick granite walls does a number of cell signal. Other than the metro entrance and the interior quad, you don't have reception inside the building

Re:

[bhcompy]

This is public [washingtonpost.com] information [dni.gov].

And it's wrapped in limestone rather than granite, my bad.

Re:

[hey!]

Frankly, for many jobs I think having a smartphone at all is probably not a good idea -- for that matter devices like smart speakers. Anything like that needs to have a hardware "off" button that ensures they aren't listening or transmitting.

But I'm not sure how secure modern feature phones either in the era of enhanced 911.

Re:

[hawguy]

Frankly, for many jobs I think having a smartphone at all is probably not a good idea -- for that matter devices like smart speakers. Anything like that needs to have a hardware "off" button that ensures they aren't listening or transmitting.

But I'm not sure how secure modern feature phones either in the era of enhanced 911.

How do you know that hardware off button is really a hardware off button on your particular device? Even if you take out the batteries, maybe there's a hidden capacitor that's powering the secret listening device. Do you need to do a complete tear-down periodically?

Re: Why not mobiles too?

[c6gunner]

If you're susceptible to that level of paranoia you should probably wear a full-body tinfoil suit, just in case someone put a tiny listening device on your clothes.

What to do if they put a listening device on your tinfoil suit ... you'll have to figure that one out on your own.

Re:

[hawguy]

If you're susceptible to that level of paranoia you should probably wear a full-body tinfoil suit, just in case someone put a tiny listening device on your clothes.

you mean like the level of paranoia where you don't trust the off button on your phone? I you think someone has tampered with your phone or software enough to disable the soft-off button, why don't you think that they've tampered it in such a way that the device can still record when it's "off"?

Re:

[hey!]

Well, *I* could trace the circuit. Also, a switch position could cut out the mic as well.

Re:

[thegarbz]

I know it can record where your workplace is

I'm working on site at the moment and I get constant notifications from Maps asking me "do you still work here? Update your work address".

So not only does it know where I work, but it knows I haven't been there for a while.

Re:

[CaptainDork]

Certainly not towards burial costs due to GPS tracking.

Re:

[CaptainDork]

And cattle ranchers can't identify wild horse shit?

Re:

[CaptainDork]

OK.

When I want expertise about honey I find in the wild, I rely on my beekeepers.

When I want to identify fecal deposits in a pasture, I depend on local cattle ranchers.

So, my recommendation to you (and you need it) comes from experience:

When you don't know bullshit from wild honey, go looking for a cattle rancher and a beekeeper. ~ CaptainDork

Re:

[CaptainDork]

Bob's yer uncle.

Re:

[CaptainDork]

Actually, I can agree with your logic.

I should OR the AND.

Thanks.

Re:

[CaptainDork]

I'd say Manning, but she's not a hacker. She's a copier. And Lady Gaga. Seriously?

Snowden won't do. He's a copier as well. He didn't hack. He walked off with the stuff.

Reality Winner is also a copycat.

All the former Anonymous people are in jail, of course ...

WikiLeaks is a repository; a one-way one at that.

And you know dang well that Russia and China have no topnotch hackers. Those peeps are good and they simply embed a few strands of DNA into the code.

The NSA can't do it because an insider gave away the ke

Re:

[CaptainDork]

Schrödinger's cat.

Re:

[anegg]

It would appear that most people have zero clue about how these things work. I wouldn't be surprised to find out that a lower-level security worker was trying to sound the alarm for years but being squelched until a couple of big data breaches were published a year (or more?) ago. Then it takes this long before a change percolates through the system... The "oh, look - bright and shiny!" crowd always seems to undermine common sense.

but...

[zlives]

how will the spies know if they are healthy or not... when they compare their data with the other spies of the world. How will will know whose spies are the best of the best.
i mean if i couldn't look at the weather data with location activated how ill i know if its raining outside or not...

Re:

[zlives]

also... cell phones...

uuum

[iggymanz]

I'm dumb. Wouldn't using a cell phone at all expose your location the way cell towers work?

Sorry for the stupid question.

Re:

[Gilgaron]

If you were using the phone in a restricted area, sure. But you're not supposed to do that. I imagine the concern with a fitness tracker is that they often upload your route and steps to the cloud so you can gamify fitness with your social networks or whatever crap, which means that someone can hack into Fitbit and look up patrol routes, even if the good solider left his phone out of the secure area like he was supposed to.

Re:

[iggymanz]

unfortunately my phone isn't smart enough to know it's in a restricted area and immediately stop functioning.

these military dudes and dudesess must have really smart phones.

Re:

[EvilSS]

https://www.digitaltrends.com/mobile/how-to-turn-on-airplane-mode/ [digitaltrends.com]

Duh!..

[mi]

Took them a while. The problem's been known for years — even in peaceful Finland [yuki.la]... And Russians have used malware to get location-data to target Ukrainian forces [reuters.com]. And, of course, the NATO [wsj.com].

Re:

[guacamole]

And Russians have used malware to get location-data to target Ukrainian forces.

I am sorry, but you need to spend about 20 seconds of your google time to find out that this story has been debunked and Crowdstrike partially retracted its claims. This was pretty much a manufactured story released in December of 2016 back when the media hysteria about Russian hacking and interference was just picking up steam.

Re:

[mi]

When claiming anything having been "debunked", you absolutely must include a link to the debunking...

Crowdstrike partially retracted its claims

And to the retraction.

Allegedly "smart" so-called "telephones"

[jabberw0k]

Unsafe at any speed. Does the Pentagon not still prohibit cameras of any type on secure installations?

Re:

[AHuxley]

So contractors and the US mil would be happy.
Relaxed workers are productive workers beyond just their pay.
The other fun question AC is why the NSA and GCHQ did not do some sort of "testing" and tell everyone that they had a device broadcast problem.

They know we can geolocate POTUS, right?

[WillAffleckUW]

Still.

Fitness track that.

dog-ate-my-programming-skills

[epine]

If Android didn't have its security model completely inside out and upside down, the rule from on high would be that military personnel on sensitive assignment aren't allowed to enable the gather-location API altogether.

Then the apps would need to decide whether to limp along without those services available on that particular installation, or pull the chute with a feeble dog-ate-my-programming-skills excuse in the mold of "Javascript required" as if 90% of the site's functionality (99% of the site's useful