The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

For nearly a decade, the Pentagon was warned by its own contractors, analysts, and intelligence agencies that anyone with a credit card could buy a map of where American troops sleep, work, and store nuclear weapons. Now, the consequences of ignoring those warnings have become clear: US Central Command has confirmed that it has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater. The alarming confirmation comes on the heels of a newly disclosed letter obtained by Reuters, which first reported the targeting.

However, the issue runs far deeper than a single document. For years, US lawmakers have been sounded on the dangers of commercially available location data, but comprehensive privacy legislation has stalled in Washington. A narrow fix did pass, requiring data shared with military contractors not be resold, but the broader industry remains untouched.

The earliest warnings date back to 2016. A government technologist demonstrated to senior officers at the Joint Special Operations Command compound at Fort Bragg, California, how commercial location data could track phones from Fort Bragg and MacDill Air Force Base in Florida through Turkey and into northern Syria. The same data was available to any advertiser or foreign intelligence service.

Despite these warnings, parts of the Pentagon were eager to become customers of the location-data marketplace. The Defense Intelligence Agency disclosed to Congress in 2021 that it uses commercially purchased phone location data, including on Americans, without a warrant. The US military has also been buying location data harvested from popular consumer apps.

In 2023, researchers at Duke University, working under a grant from the US Military Academy at West Point, bought data on American service members the way a foreign adversary might. They found thousands of listings advertising data on military personnel, including datasets titled 'Military Families Mailing List' and 'Hard Core Military Families.' For as little as 12 cents a record, with almost no vetting, they purchased names, home addresses, health conditions, and financial details on active-duty troops. A year later, WIRED found similar data flowing through Google's advertising platform.

Working with data obtained by the Irish Council for Civil Liberties, WIRED identified marketing 'segments' on Google's Display & Video 360 that singled out US government employees deemed 'decisionmakers' working 'specifically in the field of national security.'