Foreign enemies have a shockingly simple way to track US troops overseas, lawmakers warn - Newsfortoday

Lawmakers Demand Pentagon Action on Location Data Threats

A bipartisan group of lawmakers is urgently seeking answers from the Pentagon regarding alarming disclosures made by the U.S. Central Command (CENTCOM). Reports indicate that foreign adversaries are exploiting commercially available location data to target or surveil American military personnel stationed overseas.

Concerns Over Data Brokers

In a pointed letter addressed to War Department Chief Information Officer Kirsten Davies, lawmakers led by Senator Ron Wyden (D-Ore.) and Representative Pat Harrigan (R-N.C.) highlighted the Pentagon’s failure to take essential measures to protect U.S. military personnel from a severe counterintelligence and force protection threat. This threat primarily arises from the collection and sale of personal information, particularly cell phone location data, by data brokers.

Threat Reports and Legislative Action

The lawmakers referenced information from U.S. Central Command, which informed Congress that it “has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.” This alarming revelation underscores the inherent risks posed by the vast commercial data broker industry, which aggregates and sells location information collected from smartphones, applications, and advertising networks.

Persistent Vulnerabilities

Despite having awareness of these vulnerabilities for years, the lawmakers asserted that the Pentagon has done little to mitigate them. In their letter, they stated, “The ability of foreign adversaries to purchase location data from U.S. personnel serving in military hotspots is a direct result of DOD leadership’s failure to prioritize this threat and implement common sense cyber defenses recommended by federal cybersecurity experts.”

Recent Developments in Data Security

According to the letter, it was not until May that CENTCOM rolled out a capability to administratively disable location sharing on government-issued smartphones. Lawmakers pointed out that advertising identifiers—unique tracking numbers utilized by advertisers and data brokers to monitor devices—remain active on government-issued devices. This is despite longstanding recommendations from cybersecurity agencies advocating for their deactivation.

Recommendations for Action

In light of these findings, the lawmakers urged the Pentagon to take immediate action. They called for the disabling of advertising identifiers on all government-issued smartphones and the issuance of guidance mandating personnel to do the same on personal devices used overseas or on military installations. Additionally, they called for the Department of War to consider replacing web browsers that facilitate advertising-related data collection with privacy-centric alternatives that incorporate anti-tracking features.

Historical Context of Data Vulnerabilities

The Pentagon’s concerns regarding the implications of commercially available location data are not new. In 2018, a fitness-tracking application, Strava, inadvertently disclosed the locations and movement patterns of military personnel by publishing a global heat map of its users’ activities. Similar issues arose with other fitness and location-based applications that risked exposing military installations and potentially identifying individual service members.

Ongoing Issues and Legislative Oversight

In response to these prior incidents, the War Department had previously issued guidance restricting the use of applications and devices that share geolocation data within operational areas. However, lawmakers contend that the department has not fully implemented more fundamental protections designed to restrict the collection and sale of location information from the outset.

The Broader Landscape of Location Data Exploitation

Experts in cybersecurity assert that the concern over location data extends well beyond just fitness-tracking applications. The commercial data ecosystem is vast, comprising numerous sources that collect and trade extensive amounts of location data generated through smartphones, mobile applications, and advertising technology systems.

Expert Insights on National Security Risks

Justin Sherman, CEO of research and advisory firm Global Cyber Strategies, shared insights on this pressing issue, stating, “The United States’ foreign adversaries have plentiful opportunities to exploit commercial location data on Americans, as vast amounts of such data is shared, sold, and inferred across the commercial market daily.” Sherman elaborated that foreign adversaries can readily access location data through various channels, including data brokers and digital advertising networks.

Implications for Military Personnel

According to Sherman, the sale of location data, particularly concerning American military personnel, poses significant risks. “It not only jeopardizes service members themselves but can also expose their families and close associates. Unauthorized access to such data enables anyone with the information to monitor sites visited, map routines, and conduct intelligence operations,” he noted. “This constitutes a serious national security threat.”

Persistent Questions Surrounding Pentagon Safeguards

The lawmakers’ letter raises crucial questions regarding the extent of commercially available data accessible to foreign adversaries and whether the Pentagon’s existing safeguards are adequate to protect American troops operating in sensitive locations globally.