The National Security Agency (NSA) is asking government employees, specifically those in the national security sector and at the Department of Defense, to take precautions to defend their location data from third parties.
Mobile devices, the NSA wrote in an August 4 advisory, are designed to store and share device geolocation, which can be “extremely valuable” to third party actors. The data can reveal user location, movements, routines, and other sensitive associations. “When location exposure could be detrimental to a mission,” the NSA advises, “users should prioritize mission risk and apply location tracking mitigations to the greatest extent possible.”
NSA clarifies a misconception about geolocation data, asserting that it will not affect GPS services to disable location services on a mobile device. Just turning off a device will not always limit action to location data, either. NSA specifically recommends disabling location services settings on a device and giving apps as few permissions as possible to mitigate the potential threats.
The security agency also recommends minimizing web-browsing on mobile devices, using virtual private networks to obscure location data, and minimizing location data stored in the cloud as much as possible.
“While it may not always be possible to completely prevent the exposure of location information, it is possible— through careful configuration and use— to reduce the amount of location data shared,” the advisory states. “Awareness of the ways in which such information is available is the first step.”
During especially sensitive missions, wireless devices should be secured and stored in a non-sensitive location, NSA advises.