Employees are now barred from using geolocation features on personal and government-issued devices in operational areas including deployed locations and sensitive bases, according to a new Department of Defense policy.
The change, which is effective immediately, applies to fitness trackers, smartphones, tablets and smartwatches. The rapidly evolving market of such devices presents significant risks to DoD personnel both on and off duty, and to global military operations, Deputy Defense Secretary Patrick M. Shanahan said in an Aug. 6 memo announcing the policy.
“These geolocation capabilities can expose personal information, locations, routines and numbers of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” he wrote.
Geolocation identifies the geographical location of a person or device using digital information processed via the Internet. It commonly uses Global Positioning System and related technologies to assess and specify geographical locations. The data could be used to identify military installations or troop movements and patterns in places like the Middle East or other sensitive locations, said Matt Baker, manager of operations security for
DLA Intelligence.
“DLA employees assigned to or traveling to operational areas such as those in [the U.S. Central Command] must ensure the geolocation function of any of their devices are disabled so they’re not vulnerable,” he said.
Combatant commanders in operational areas may authorize the use of geolocation services on government-issued devices based on mission necessity, but must take into account potential risk to operations security. They may also authorize use of geolocation services on personal devices after conducting a “threat-based comprehensive operations security survey.”
DLA employees can help maintain information security by understanding the capabilities of their GPS-enabled devices and being aware of default settings, unintentional data sharing and untrusted network connections, Baker added.
DoD officials began reassessing employees’ use of electronic devices early this year after it was discovered Strava, a fitness app, used satellite information to map users’ locations at multiple overseas military bases and inadvertently revealed those locations. The department issued a ban on personal and government-issued mobile devices in classified areas of the Pentagon in May.
More information on mobile device tracking and information security is available at the
Defense Information Systems Agency’s Information Assurance Support Environment website.