Defense Department Issues Opsec Guidelines For Safe And Secure Pokemon Hunting
from the pokemon-go:-now-literally-played-by-everyone dept
Given the cultural phenomenon that is Pokemon Go, it was only a matter of time before security-conscious government agencies would be forced to confront the inevitable: that their employees would be joining in the quasi-AR madness.
Kristan J. Wheaton of the Sources and Methods blog was handed an apparently official document from the Defense Department that lays down several common sense rules for employees throwing imaginary balls at imaginary creatures. (A screenshot of the original document can be seen in Thomas Rid’s tweet, embedded at the bottom of this post.)
One of my contacts (Thanks!) within the intel community put together a tip sheet for friends and family and, having read it, it sounds like good advice for anyone who wants to play Pokemon Go with a reasonable level of safety and privacy. Remember, it is a tip sheet and is designed to be helpful, not comprehensive. If it is not covered here, just remember D2S2 – Don’t Do Stupid Stuff.
Considering the source, the list of do’s and do not do’s is straightforward and on point. And, as Wheaton points out, good advice for anyone playing the game, not just those with high-level security clearances chasing down rarities behind CIA filing cabinets.
In short, make sure you’re downloading the authentic application, be aware your location will be recorded, and — more importantly, given the nature of DoD components — the photos taken during Pokemon hunts might accidentally reveal something meant to stay hidden.
Be mindful of your surroundings when using this augmented reality (AR) mobile game, especially when taking pictures of Pokemon during the capture process. Note what’s in the foreground and background, including reflective surfaces and information revealing identity and or location (street signs, vehicle license plates, Government buildings, etc.). Disabling AR makes Pokemon easier to catch! The location where you take a picture of a Pokemon is also likely embedded in the picture’s metadata.
In addition, the DoD suggests employees use something other than their personal Google account to log in and to select usernames that do not reflect their IRL names.
Some classic military-industrial complex paranoia surfaces in the penultimate bullet point, however.
When physically visiting Pokestops and gyms, maintain awareness of your surroundings. Travel with a buddy or remain in your vehicle with the doors locked. It is not necessary to physically enter the real-world establishment where a Pokestop or gym is located, you may be able to interact with the Pokestop/gym from the curb or even across the street.
While there have been reports of strongarm robberies at bogus Pokestops, the whole “situational awareness” vibe adds far more cloak-and-dagger than seems absolutely necessary.
The full list at Wheaton’s blog is worth a read, though, whether you’re a normal citizen or a DC insider neck deep in redacted drone strike reports/Rattatas.
US Government operational security guidance for intelligence officers and friends playing Pok?mon GO
— Thomas Rid (@RidT) July 16, 2016