New DoD Policy Prohibits GPS Tracking in Deployed Settings

Deputy Defense Secretary Patrick M. Shanahan recently issued a memorandum prohibits the use of GPS enabled personal devices while deployed. These include physical fitness aids, applications in phones that track locations, and other devices and apps that pinpoint and track the location of individuals.

During a media event last week, Pentagon spokesman Army Col. Robert Manning III told reporters, “Effective immediately, Defense Department personnel are prohibited from using geolocation features and functionality on government and nongovernment-issued devices, applications and services while in locations designated as operational areas,” adding they, “potentially create unintended security consequences and increased risk to the joint force and mission.”

Commanders may apply the rule to other areas as well but may also make exceptions, but only after conducting a thorough risk assessment.

The concern is that the data collected by these devices is vulnerable to access and exploitation by unauthorized personnel. These could be criminal threats as well as enemy.

20 Responses to “New DoD Policy Prohibits GPS Tracking in Deployed Settings”

  1. Jonathan Demler says:

    Well yeah. So this is like the Space Force’s version of dog-legging into your patrol base?

  2. Iheartptbelts says:

    There was an article that came out a couple months back that mentioned Russian forces had used an app that some Ukranians had on their phones to locate them and jack them up with arty. I Dont think it will be long before any unissued electronics wont be allowed in the field.

  3. Kirk says:

    This issue was brought up at least ten-fifteen years ago. It got laughed at.

    Same as the shit we see being done to the Russians at sites like bellingcat. All those pictures guys post up at sites like FaceBook? LOL… OPSEC nightmares, and even the “officially approved” shit gives stuff away, more so than you’d like to know. GPS and meta-data is a two-edged sword; don’t think that the enemy can’t make at least as much use of it as we can.

    I don’t have a lot of hope for the hide-bound idiots we have running our military. After they lose the next major war, maybe then we’ll start to get in some people that can actually look at things, and grasp the implications. My expectation is that the next major peer-competitor war we see is going to light off with a digital Pearl Harbor the likes of which we can only imagine in our worst nightmares, and that the follow-on attacks are going to be done on our own soil by infiltrators that are going to make Emilio Mola’s wettest of wet dreams come true, on a continental scale.

    First thing that’s going to go? Probably every single drone pilot and operator living in off-base housing, followed by whatever and whoever else they think valuable or accessible. I wouldn’t even rule out attacks on base housing, to be honest.

    • SpankDadddyCool says:

      Jeez. I would be interested to see what you think of the pre-9/11 mil. If there is any comfort, the rest of the world’s mils are so much worse.

      • Kirk says:

        Having actually served in that military, and having been a part of trying and failing to prepare it for things like the IED campaign in Iraq and Afghanistan…?

        I would have to characterize that opinion as being that we were incredibly f**ked up and unprepared for what transpired, mostly due to hide-bound idiots in the bureaucracy who refused to pay attention to the world around them, and then do the extrapolation we taxpayers pay them to do. Nearly everything that came at us during Iraq and Afghanistan was foreseen back during the 1990s–It was just that nobody in the hierarchy saw fit to take ownership and actually do anything about what they were being told.

        It’s the little things that are most indicative–The folks who were doing the FMTV development program and procurement were told, multiple times, that a cab-forward design was foolish, because that put the lead axle (voted most likely to detonate, in high school…) directly under the crew cab. They were told that the vehicles needed uparmor kits from the get-go; the program managers replied to those of us raising these issues that the FMTV program did not “envision” the vehicle family ever having to do anything in a direct-combat probable area.

        Clearly, someone forgot to tell the enemy.

    • Reseremb says:

      “OPSEC nightmares, and even the ‘officially approved’ shit gives stuff away”
      Like SOCEUR showing pictures of Swedish SOG, including unblurred faces and equipment details, only to quickly delete the pictures 3 or 4 days later? Hehe

      And is not only Bellingcat, in Twitter there are guys that are constantly geolocating exact positions of Coalition/Syrian/Russian/… patrols and bases just with a couple pics.

    • AbnMedOps says:

      Back in ’96, I helped evaluate an FTX of a full-up Combat Support Hospital (which is big, and noisy, and pretty much static behind berms and wire). The young medical NCO briefing us on their perimeter security and gate control operations proudly brought up a then high tech unit webpage (AOL, I think), and explained that thing were so efficient and everyone was on the same sheet of music, because the entire unit Field SOP, security procedures, standard site layout, Alert Roster (with phone numbers and street addresses, and Family Support Group contacts, were all on the website, so all the troops now knew everything.

      You could see his mouth fall open and almost hear his brain start spinning when I said “That’s very innovative thinking. It sure looks like computers are the way of the future. But…what stops the bad guys, from anywhere in the world, from clicking onto your web page and knowing everything, down to the exact position of every guard post and the commander’s tent?” Corrective action was taken, sort of…but it’s scary/astounding just how institutionally stupid the Big Green Machine can be.

  4. Steve says:

    Pretty much rules out every Garmin device including the Foretrex series. Garmin is an example – they all seem to operate their own databases and have their own “communities” of users and their own (un-named) business partners with access.
    Proprietary software and the drivers, if permissions allow it to operate to any useful degree, snags too much data to satisfy any security considerations.
    If there is a COTS Garmin device app or software bundle that keeps its mouth shut but still serves the operational requirement, I haven’t found it.
    Only a stand-alone GPS device using stand-alone software makes sense or ever did make sense for use in any sensitive application.
    When paired with smart phones and computers the problems can grow much worse.
    Why it took this long to start taking decisive action on the matter is beyond me.

  5. swiss says:

    I first saw this in 09 in SWA. The USO had a yelp review with location data… I sorta freaked out, but in hindsight someone could have pulled up good old google maps and gotten cords for it.

  6. CAVStrong says:

    Can you post a link to the actual Memo?

    This has been something bothering me as a Commander for sometime now. The biggest thing that drives me crazy is running around during PT and seeing people walking with their phones Blaring music.

    • GANDIS says:

      Wow, this is a lame attempt at a troll. What does disabling gps have to do with music during pt? The power must have gone to your head.

      • CAVstrong says:

        Its called professionalism, discipline, and training like you fight. Concepts that must be foreign to you.

  7. Aaron says:

    There are other garmins that you can use for GPS that don’t upload to anything if you really need a tracker for your run. But I suppose if it’s not on strava it never happened?

  8. GANDIS says:

    Ah yes, I forgot. We do push-ups, run, and sit ups when we fight. Again, Your desire is totally unrelated. Your taking this whole policy out of context. It says that disabling gps is mandatory, not get rid of your phones when working out. If you give a mouse a cookie…… well, you know the rest.

    • Kirk says:

      The problem here is that it’s not just what you do intentionally, like log your runs in with FitBit or an app; the problem is that Google is neither American in outlook, or at all trustworthy. The company consciously makes decisions not in the interest of the nation.

      My bet is that even when you do turn everything off… You’re still being tracked, and there’s likely a record of it accessible to someone at Google, which means that it’s probably accessible to any foreign nation willing to pay the mercenary bastards. Do remember that it’s Google who is building a new Chinese search engine, in cooperation with their government.

      Anything you own that can talk to the internet or the phone network is either compromised, or easily compromisable. You’re gonna learn that the hard way, when they start targeting American military personnel on and off duty, at home station. My guess is that some of those “anonymous” fitness apps are already compromised, and they’re being used to target specific key personnel that are going to experience either home invasions, or just targeted assassination as they go about their daily business. Fitness training is only a part of it, although the most likely place to target people. What other time are you out and about, on your own, in isolated areas that they could easily use to either grab you or kill you? How many of us go running with a self-defense weapon, here in the US?

      Couple of things that could be done to mitigate this crap, and I hope someone is doing them–One, we should be creating “honey pots” on all these tracking sites, such that the real people using them are harder to distinguish. Two, some of those “honey pot” accounts ought to be set up such that they’re extremely tempting, and that there are security teams available to conduct counter-strikes on anyone seeking to take advantage of those vulnerabilities.

      Basically, we need to pollute the data to the point that there are enough false accounts out there that real military personnel are difficult to distinguish, and be prepared to start doing false flag operations using them in order to take down any entities seeking to use this sort of thing for real-world targeting. If I were running things, there’d be false FaceBook accounts for invented drone pilots and support personnel at Nellis, coupled with all sorts of things like FitBit accounts or RunTastic. Make them super-tempting, like with faked media interviews, identifying those pilots and crew as people directly responsible for high-value targets being taken out, and then watch what happens.

      My paranoid supposition is that we’re nowhere near as secure here in the US as we’d like to think we are, going about our daily business. And, the effect of even one attack based on this vector being successful would be huge; just consider how hard it would be to pull everyone into secure base housing after an “event” targeting someone living off-post. The dislocation would be enormous.

      Oh, and let’s not forget that the Chinese have probably been inside the OPM database enough to have created false identities of their own, and for them to be able to distinguish any attempt by us to create false “honey pot” targets. So, there is that, to consider… Thank you, Mr. Obama.

      You have no idea how glad I am to no longer be doing security work. It was starting to get really “interesting” when I retired, and now? The increasing network effect of all this cool new technology opens up so many possibilities in this realm that it’s almost more than a paranoiac can bear…