About a for ten years, the Pentagon was warned—by its contractors, analysts, and intelligence agencies—that anyone with a credit card could buy a map of where American soldiers sleep, operate, and store nuclear weapons. Now the bill has reached the battlefield.
A newly disclosed letter shows ignored warnings: The US Central Command now confirms that it has received “numerous threat reports regarding the enemy’s exploitation of commercial geographic data to target or monitor US personnel in theater” – the first official acknowledgment that the data-broker economy is being used to hunt American forces in the Middle East.
The target was first reported by Reuters, which obtained the Centcom letter. But the confirmation reaches over a longer and more sinister record than the single document suggests.
For the better part of a decade, US lawmakers have heard similar alarms about the dangers of the Pentagon’s commercially available location data—from similar intelligence assessments, to witnesses, to colleagues. Yet broad privacy legislation has largely stalled in Washington, and one small amendment passed—a requirement that data shared with military contractors not be resold—left the broader industry untouched.
One of the earliest warnings came in 2016. At the Joint Special Operations Command center in Fort Bragg, California, a government expert told senior officials how commercial location data—bought, not stolen—can track phones from Fort Bragg and MacDill Air Force Base in Florida, home stations of America’s most advanced units, crossing Syria and operating in northern Syria. The same data was available from any marketer or external intelligence service.
Even as the Pentagon was warned that the location data market was putting its people at risk, parts of the department were eager to become its customers. The Defense Intelligence Agency disclosed to Congress in 2021 that it was using the location data of commercially purchased phones—including American ones—without a warrant, taking the position that none was needed. Months ago, Motherboard reported that the US military was buying location data collected from popular consumer apps.
In 2023, the Army pays to explain the threat. Duke University researchers—working under a grant from the US Military Academy at West Point—are willing to buy the information of American service members the way a foreign adversary might. They scoured hundreds of data vendor websites and obtained thousands of listing advertising data from military personnel, including data sets titled “Military Families Mailing List” and “Military Strong Families.”
Researchers began shopping. For 12 cents per record, almost without inspection, they bought names, home addresses, health conditions, and financial information from active duty soldiers. Posing as a buyer with a domain based in Singapore, they also received the same type of data that was posted on Fort Bragg, Quantico, and other installations. One merchant offered to bypass ID when paying by wire.
A year later, WIRED discovered the same kind of data flowing through Google’s advertising platform. Working with data obtained by the Irish Council for Civil Liberties—whose investigator gained access to the US marketer’s audience list by standing up a fraud analysis company—WIRED identified marketing “categories” in Google’s Display & Video 360 that featured US government employees considered “decision makers” working “mainly in the field of national security companies aimed at building national licenses. missiles, space vehicles, and cryptographic systems that protect classified data.
An investigator for the Irish Council for Civil Liberties said he expects his cover case to be investigated. “When I signed up, there were no questions asked,” he told WIRED at the time. “I could be anybody.”
