Pentagon Confirms Threat Reports on Adversary Use of Location Data

The Story

A newly disclosed letter reveals that US Central Command has confirmed receiving multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater, according to a Wired report. This marks the first official acknowledgment that the data-broker economy is being used to hunt American forces in the Middle East. The warning comes after nearly a decade of alerts from Pentagon contractors, analysts, and intelligence agencies that commercially available location data could expose troop movements and sensitive sites. The earliest known demonstration occurred in 2016 at Fort Bragg, showing how purchased data could track phones from US bases to a covert forward operating base in Syria. In 2023, Army-funded researchers at Duke University bought personal data on service members for as little as 12 cents a record. A May 2025 Army Cyber Institute report found over a fifth of the most-visited web domains on Army stateside networks were commercial trackers, recommending restrictions including removal of Google’s Chrome browser. A bipartisan group of 14 lawmakers has now written to the Pentagon, stating the department was warned for more than a decade and failed to adopt commonsense cyber defenses.

Key Facts

• US Central Command confirmed “multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater.”
• The first warning came in 2016 at Joint Special Operations Command, Fort Bragg, where a demo showed commercial location data could track phones from US bases through Turkey into Syria.
• The Defense Intelligence Agency disclosed in 2021 it uses commercially purchased phone location data without a warrant.
• In 2023, Duke University researchers under an Army grant bought names, addresses, health conditions, and financial details on active-duty troops for as little as 12 cents a record.
• A 2024 investigation obtained 3.6 billion coordinates tied to roughly 11 million phones in Germany, including movements of US personnel at 11 installations.
• The Army Cyber Institute at West Point’s May 2025 report found more than a fifth of the most-visited web domains on Army unclassified networks were commercial trackers.
• Centcom rolled out the ability to switch off location sharing on government smartphones this month, roughly 10 years after the first warning.
• The Army earlier this month told soldiers to use personal phones for government work, which broadcast advertising IDs to data brokers.
• A letter signed by 14 bipartisan lawmakers was obtained by Wired, pressing the Pentagon’s chief information officer to disable advertising IDs, remove Chrome, and enroll troops in data-broker opt-out systems.
• The Pentagon did not immediately respond to questions for the story.

Conflicting Reports

No conflicting reports identified in the source article.

Still Unclear

What specific actions the Pentagon took in response to the Army Cyber Institute’s recommendations and how it used a 2017 law authorizing cyber protection for personnel in vulnerable positions. Also unclear whether Congress will pass broader privacy legislation after a previous bill was blocked.

Misconceptions

The article addresses the misconception that individual operational security protocols are sufficient to protect personnel from data-broker tracking, noting the Army’s own research found that approach inadequate. It also counters the idea that surveillance is inherently good for security, stating that privacy is critical to keeping people safe.

Key Figures

• Kirsten Davies, Pentagon chief information officer
• Sean Vitka, executive director of Demand Progress
• 14 bipartisan lawmakers (not individually named in the article)
• Duke University researchers (not individually named)
• Irish Council for Civil Liberties investigator (not named)
• Pentagon spokesperson (not named)

Sources: Wired