Newspaper reports claim that hundreds of personnel, ranging from troops to senior officers, have unwittingly enabled the public to identify them and their location by use of a popular app

Following revelations that more than 500 serving military personnel had exposed their location and personal information via a widely used fitness app, a minister has claimed that government “has long recognised” the risks created by such technology – and will issue edicts where it is deemed necessary to address specific dangers.

The i Paper recently published an investigation which found that 519 personnel stationed at a range of sensitive sites operated by the UK Armed Forces had provided publicly available details of their location – by recording workouts on the Strava app, used by many runners.

The newspaper found that one jogging route followed by soldiers around a joint US-UK military base had been titled ‘Security Breach’, seemingly as a shared joke.

In light of the revelations, Conservative MP Mike Wood filed a written parliamentary question asking whether the Ministry of Defence has formally assessed “the potential risks of the public availability of geolocated fitness data on national security… and what guidance, policies or restrictions are in place governing the use of such applications by service personnel and contractors”.

Related content

• MoD signs £240m Palantir deal as ministers insist UK defence data ‘remains sovereign’
• ‘We are being imaginative to make defence appeal to young people with new skill sets’
• MoD lifts lid on almost 50 data breaches affecting Afghan resettlement schemes

In response, Armed Forces minister Al Carns indicated that the MoD is well aware of such risks, and maintains and updates guidelines in order to mitigate potential dangers.

While he declined to address the specific examples recently uncovered by the media, the minister indicated that, if government believes there is a severe enough risk posed by certain uses of consumer technology, it will respond accordingly.

“Defence takes the security of its personnel, operations and sites extremely seriously,” he said. “The department has long recognised the potential risks associated with the public sharing of geolocated data through fitness and other digital applications. Defence personnel are required to comply with departmental security policies and locally issued direction, and to manage their personal data responsibly to reduce the risk of inadvertent disclosure that could compromise personal or operational security.”

Carns added: “While it would be inappropriate to comment on specific security arrangements, defence routinely monitors risks arising from emerging technologies and online behaviours, and issues guidance to personnel where such risks are identified. This guidance is kept under review and reinforced as necessary.”