WASHINGTON, DC – Congresswoman Jackie Speier (CA-14), Ranking Member of the House Armed Services Military Personnel Subcommittee; and Congressman Seth Moulton (MA-6), Ranking Member of the House Armed Services Subcommittee on Oversight and Investigations; today were joined by a bipartisan group of Members in a letter sent to Defense Secretary James Mattis requesting information on the Defense Department’s plans to review and mitigate recent disclosures of data by the firm Strava from “smart” devices used by military personnel overseas.
“I’m gravely concerned that the Pentagon mistakenly advertised our classified military facilities via a FitBit app. It should be common sense to ensure getting one’s daily steps in doesn’t create a roadmap that could put our troops in harm’s way,” said Rep. Speier. “This letter ensures we assess the fallout from the disclosures, understand the full context of personal device use, and find ways for our soldiers to safely use “smart” devices while overseas. I look forward to a swift and thorough response.”
In the letter, Reps. Speier, Moulton, and their colleagues called on Secretary Mattis to provide information on the scope of the threat posed by the released data, how the Department plans on countering that threat, existing policies on personal “smart” device use, and potential future policies to address the issue. These include:
- What is the Defense Department’s current policy on use of “smart” technology that transmits user data at overseas bases? At classified overseas facilities? What processes does the Department have in place to periodically review such policies? Who is responsible for ensuring that these policies are implemented?
- What operational security training does the Department of Defense or individual military services require for individuals traveling or deploying overseas?
- What terrorist or foreign intelligence activity has been connected to the use of open source information, such as that generated by wearable devices?
- What are the Defense Department processes for mitigating security risks once a sensitive facility or program is publicly exposed? How is this information reported within the Department? How is this information reported to Congress?
A copy of the letter can be found here.