Pentagon says US troops targeted using location data

• CENTCOM warns troops targeted via location data
• Lawmakers label adtech a national security threat
• Data brokers may expose troop movements to adversaries
• Congress urges stricter device security measures

In the first official confirmation of its kind, the United States military has acknowledged that American forces deployed to active war zones have been targeted by adversaries utilizing commercially available smartphone location data.

The revelation, detailed in a newly disclosed Pentagon letter, underscores the growing national security risks posed by the global surveillance economy and the loosely regulated digital advertising trade.

Centcom confirms 'in-theater' threat

According to an internal April 14 communication from US Central Command (Centcom) shared with Reuters by Senator Ron Wyden (D-Oregon), military officials have fielded "multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater."

While Centcom did not provide specific coordinates or list casualties resulting from the data leaks, its area of responsibility includes the highly volatile Gulf region, where American forces routinely face off against the Iranian military over the strategic Strait of Hormuz.

A bipartisan coalition of lawmakers sent a follow-up letter to the Pentagon on Thursday, stating that this is the first explicit confirmation that commercial data networks are actively weaponizing the battlefields where US troops are stationed.

"Commercial location data can be used to identify where US troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones, and roadside bombs, as well as for counterintelligence purposes." -Extract from bipartisan congressional letter to the Pentagon.

Senator Wyden was more blunt in his assessment of the tech sector, stating that the time has come to "start treating the adtech industry as a national security threat."

Adtech pipeline exposes military

The data in question is generated constantly by standard digital advertising frameworks.

Apps and digital service providers harvest highly precise coordinates from smartphones, which are then sold to data brokers.

These brokers collate, package, and resell the detailed day-to-day movements of individuals through complex networks of corporate intermediaries.

While consumer privacy advocates have long criticized this open-market trade, the national security vulnerabilities have compounded dramatically in recent years:

• In 2016: A US defense contractor successfully used commercial data to track American special operations forces entirely from their domestic bases to a sensitive staging outpost in Syria.
• Recently: Investigative journalists in Germany and at Wired mapped billions of coordinates bought from a data broker to expose the highly granular, daily comings and goings of personnel stationed across 11 US military and intelligence sites in Germany.

The Interactive Advertising Bureau and the Association of National Advertisers -two powerful groups representing digital advertisers- did not return emails seeking comment on the matter.

Demands to dump Google Chrome

Lawmakers argue that the Pentagon has known about these structural leaks for years and should have acted far more aggressively to shield field personnel.

Congress is now demanding the military implement immediate defensive protocols, including disabling unique advertising IDs on all military-issued devices, forcing automatic location-sharing shutdowns in combat zones, and banning Google's Chrome web browser from state equipment.

Representative Pat Harrigan (R-North Carolina), a co-signer of the letter and a former US Army Special Forces officer, leveled harsh criticism at standard tech infrastructure.

Harrigan stated that web browsers like Chrome "are built from the ground up to collect and share user data," adding that every day they remain on official government devices "is another day we are handing our adversaries a weapon against our own troops."

In response to the congressional pushback, Alphabet's Google issued a brief defense, claiming that Chrome features "industry leading security." The tech giant added that it has "long advocated for stronger rules and safeguards against data brokers."

The Pentagon stated in an email that it intends to respond directly to the lawmakers' inquiries but declined to elaborate on what measures are currently being taken to protect troops from commercial surveillance.

Lawmakers noted that their prior attempts to extract further operational details from military officials regarding the reported targeting had been entirely unsuccessful.