U.S. forces deployed to war zones have been targeted using commercially available location data, according to reports fielded by military officials, an illustration of how the global surveillance economy is shaping the battlefield.
In a letter shared with Reuters by U.S. Senator Ron Wyden, an Oregon Democrat, U.S. Central Command said it had “received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.”
The message, sent on April 14, offered no further specifics, but CENTCOM’s area of responsibility includes the Gulf, where U.S. forces are facing off against the Iranian military over the Strait of Hormuz.
The disclosure was the first official confirmation that U.S. forces had been targeted in an active war zone, Wyden and a bipartisan group of legislators said in a letter sent on Thursday to the Pentagon.
“Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes,” the letter warned.
Wyden said in a statement that it was time to “start treating the adtech industry as a national security threat.”
The Pentagon did not return messages seeking comment. The lawmakers said in their letter that their efforts to obtain more information from military officials about the reported targeting had been unsuccessful.
LOCATION DATA TRADE FUELS PRIVACY CONCERNS
Location data is widely used in digital advertising, which is a key source of revenue for many tech companies. Such data is typically collected from smartphones or other devices by apps or service providers before being sold to data brokers who collate and resell the data, sometimes via complex networks of intermediaries.
Although the threat to privacy inherent in selling the details of people’s day-to-day movements on the open market has long been a matter of public discussion, its potential as a national security risk has recently drawn concern as well.
As far back as 2016, one U.S. defense contractor was able to leverage commercially available location data to track special operations forces from their bases in the United States to a sensitive staging post in Syria, according to an account first disclosed by the Wall Street Journal.
More recently, journalists at Wired and two German news outlets drew on billions of coordinates collected by a data broker to expose the granular comings and goings of people stationed at or around 11 U.S. military and intelligence sites in Germany.
Two groups that represent digital advertisers, the Interactive Advertising Bureau and the Association of National Advertisers, did not return emails seeking comment.
The letter from U.S. lawmakers to the Pentagon said that, given what military officials know about the trade in location data, they should have acted faster to protect their personnel, for example by disabling the unique advertising ID attached to military-issued devices, automatically turning off location sharing on smartphones in the field and steering staff away from Google’s Chrome web browser toward more privacy-focused alternatives.
One of the letter’s cosigners was U.S. Representative Pat Harrigan, a North Carolina Republican who was formerly a U.S. Army Special Forces officer.
Harrigan said that browsers like Chrome “are built from the ground up to collect and share user data” and that every day they remain on government-issued devices “is another day we are handing our adversaries a weapon against our own troops.”
In a statement, Alphabet’s Google said that Chrome had “industry leading security.” The company added that it had “long advocated for stronger rules and safeguards against data brokers.”