US Service Members Targeted Via Commercial Location Data, Pentagon Tells Senators

The rise of data‑broker ecosystems has turned everyday smartphone signals into a strategic intelligence source. Commercial location‑data firms aggregate billions of GPS pings, advertising IDs and Wi‑Fi triangulations, then sell them to marketers—and, as recent investigations reveal, to hostile actors. By stitching together millisecond‑level coordinates, adversaries can construct "pattern‑of‑life" profiles that reveal where troops congregate, supply routes and even guard schedules. This capability, once a theoretical concern raised in a 2016 Joint Special Operations Command briefing, has now materialized into a documented threat against U.S. forces in theater.

In response, the Department of Defense’s Central Command disclosed multiple threat reports to Senator Ron Wyden, confirming that enemy forces are actively leveraging commercial data to target U.S. personnel. The Senate’s bipartisan letter, signed by 14 members, calls for immediate mitigation: disabling advertising IDs on all DoD‑issued phones, mandating the same on personal devices taken overseas, and stripping data‑harvesting browsers like Google Chrome from unclassified military computers. These steps aim to cut the data pipeline at its source, reducing the granularity of location feeds that adversaries could exploit for missile strikes, drone attacks or roadside bombs.

Beyond the immediate force‑protection calculus, the episode underscores a broader policy dilemma. As the military increasingly relies on commercial off‑the‑shelf technology, it inherits civilian privacy risks that were never designed for battlefield secrecy. Legislators and defense leaders must balance operational efficiency with stringent data‑governance frameworks, potentially reshaping procurement standards and mandating privacy‑by‑design safeguards. Failure to act could erode tactical advantage and invite further exploitation of the digital breadcrumbs left by service members worldwide.