SouthernWorldwide.com – A bipartisan group of lawmakers has issued a stern warning to the Pentagon, demanding answers regarding the alarming ease with which foreign adversaries can track U.S. military personnel stationed overseas. This concern stems from disclosures by U.S. Central Command (CENTCOM) that it has received numerous threat reports indicating that hostile nations are exploiting commercially available location data to target or surveil American service members.
In a formal letter addressed to Kirsten Davies, the Chief Information Officer of the Department of War, lawmakers spearheaded by Senator Ron Wyden of Oregon and Representative Pat Harrigan of North Carolina, expressed their deep dissatisfaction. They asserted that the Pentagon has “failed to take basic steps to protect U.S. military personnel from the serious counterintelligence and force protection threat posed by the collection and sale of personal information, including cell phone location data, by data brokers.”
The lawmakers’ concerns are directly supported by information provided by CENTCOM. The command explicitly informed Congress that it “has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.” This revelation underscores a significant vulnerability in the protection of American troops.
The crux of this warning lies in the vast and largely unregulated commercial data broker industry. This industry systematically collects and disseminates location information, which is generated by millions of smartphones, various applications, and advertising networks. Lawmakers fear that foreign adversaries can readily purchase or otherwise acquire this data. Such access could then be leveraged to pinpoint military installations, meticulously monitor troop movements, or even track individual service members with alarming precision.
The lawmakers are highlighting that even after CENTCOM reported threats related to adversaries exploiting commercial location data, the Pentagon has not adequately addressed a vulnerability that has been recognized for years. This inaction is viewed as a critical failure in prioritizing the safety of U.S. personnel.
They stated, “That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DOD leadership’s failure to prioritize this threat and implement common sense cyber defenses recommended by federal cybersecurity experts.” This suggests a disconnect between expert recommendations and actual implementation within the Department of Defense.
Read more : MLB's May Surprises and June Forecasts
According to the letter, CENTCOM only recently, in May, implemented a capability to administratively disable location sharing on government-issued smartphones. Furthermore, lawmakers pointed out that advertising identifiers—unique tracking numbers used by advertisers and data brokers to monitor devices across different apps and services—remain active on government-issued devices. This is despite long-standing recommendations from cybersecurity agencies to disable them.
In response to these critical findings, the lawmakers have urged the Pentagon to take immediate action. They are calling for the disabling of advertising identifiers on all government-issued smartphones. Additionally, they recommend issuing clear guidance that requires all personnel to disable these identifiers on their personal devices when operating overseas or on military installations.
Their recommendations also extend to the type of web browsers used by military personnel. They are calling for the Department of War to replace current browsers that facilitate advertising-related data collection with privacy-focused alternatives. These alternatives should inherently include robust anti-tracking protections to further safeguard user data.
The Pentagon has been aware of the security implications associated with commercially available location data for several years. A notable incident occurred in 2018 when the fitness-tracking app Strava inadvertently exposed the locations and movement patterns of military personnel worldwide. This occurred after the company published a global heat map illustrating user activity. Similar concerns later surfaced regarding other fitness and location-based applications that compromised the security of military installations and, in some instances, could be used to identify individual service members.
Following these earlier incidents, the Department of War did issue guidance restricting the use of applications and devices that share geolocation data in operational areas. However, lawmakers argue that the department has not yet fully implemented more fundamental protections aimed at preventing the collection and sale of location information in the first place.
Cybersecurity experts emphasize that the threat posed by the commercial data ecosystem extends far beyond fitness-tracking applications. This ecosystem collects an enormous volume of location information derived from smartphones, mobile applications, advertising technology systems, and a myriad of other digital services.
According to Sherman, a cybersecurity expert, foreign adversaries can gain access to this sensitive location data through various channels. These include data brokers, digital advertising networks, and other commercial entities that actively collect and sell user movement data. This creates a readily available, albeit illicit, market for such information.
Sherman articulated the strategic advantage this presents to adversaries: “If you’re one of the United States’ foreign adversaries, you have advanced cyber capabilities, but you see all this U.S. data out there on the commercial market, you’d think: ‘why hack when I can buy?'” This highlights a cost-effective and potentially less risky method for intelligence gathering.
He further explained that foreign adversaries can exploit existing gaps in U.S. privacy laws, lax data protection in other countries, and the pervasive nature of digital systems to acquire location data. This data can be sourced from data brokers, real-time bidding networks for digital advertisements, and numerous other commercial avenues, creating a complex web of potential intelligence sources.
Once this location data is obtained, Sherman noted that it can be used for various intelligence purposes. This includes identifying individuals, tracking their movements over extended periods, and constructing what intelligence professionals term “patterns of life.” These patterns provide detailed insights into a person’s daily routines, habits, and activities, which can be invaluable for intelligence operations.
Sherman concluded with a stark warning: “The sale of location data in particular on Americans’ devices puts military personnel at risk, can expose their families and other people in their lives, and allow anyone with the data to see the sites they visit, map patterns of life, run intelligence operations against them, and more. It’s a serious national security threat.” This underscores the profound implications for both individual service members and the broader national security of the United States.
The letter penned by these lawmakers raises critical questions about the extent to which foreign adversaries can access commercially available data and whether the current safeguards implemented by the Pentagon are truly sufficient to protect American troops operating in potentially hostile and sensitive environments across the globe.
