Pentagon: US military targeted using location data from smartphones

The Pentagon has admitted for the first time that commercially available location data is being used to target or monitor soldiers in a theater of operations. In response to a request from Senator Ron Wyden, the military branch responsible for the Middle East, East Africa, and Central Asia stated that it had received several threat notifications in this regard. The United States Central Command (CENTCOM) is responsible, among others, for the troops conducting the attacks against Iran. The response does not specify what kind of threat it was or which troop units were affected. Wyden and other representatives criticize that the US Department of Defense is neglecting the protection of the troops.

Wyden had asked, among other things, whether soldiers in the theater of operations were prohibited from using personal smartphones. If not, the senator demanded information about any measures to prevent location data from these devices from being collected and sold. In the response dated April 14, CENTCOM states that such a ban does not exist and that the recommendation to switch off location data collection is not sufficient. Soldiers should therefore implement further security measures. This primarily concerns data collected for online advertising.

Problem known for years

Wyden fears that enemies could use location data to determine the whereabouts and movement patterns of US troops and carry out targeted attacks with missiles, drones, or bombs. The fact that adversarial states can still acquire such data from crisis areas “is a direct consequence of the failure of the Department of Defense leadership to prioritize this threat.” Recommended cybersecurity measures must be implemented. At the same time, the Democratic senator criticizes that the US Department of Defense has known about the threat for at least ten years. Instead of addressing it with the necessary urgency, the Pentagon itself has bought such data and thus supported the industry.

The politician also refers to an investigation by Bayerischer Rundfunk, netzpolitik.org, and Wired, which in 2024 already dealt with the fact that location data sold online enables the spying of military bases in Germany. With the data, for example, the residential and work routes of people with access to a barracks could be reconstructed. Wyden demands that the underlying data collection on US military devices must be deactivated. At the same time, web browsers from companies whose business is based on collecting such data must be removed. This primarily applies to Google's Chrome. In an interview with Reuters, the company assured that it has “industry-leading security measures” and advocates for stricter regulations.

The data privacy issue associated with the advertising IDs of smartphones has been repeatedly discussed for years, but nothing has changed in the practices. These are actually intended to merge the profiles of different apps on a device to personalize advertising. Even if the ID is only linked to devices and not to people, it can be used for surveillance, which has been happening for a long time. Anyone who can track the movement of a smartphone over days, weeks, months, or even years can de-anonymize the user. So-called data brokers sell such data; customers include, for example, the German federal government.

(mho)