Reuters
U.S. military forces deployed to war zones are being targeted using commercially available location data, according to reports fielded by military officials, an illustration of how the global surveillance economy is shaping the battlefield.
U.S. Central Command said it has received ‘multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater.’ The message, sent on April 14, offered no further specifics, but Centcom’s area of responsibility includes the Gulf, where U.S. forces are facing off against the Iranian military over the Strait of Hormuz.
The disclosure was the first official confirmation that U.S. forces are being cyber-targeted in an active war zone.
‘Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can then be exploited by adversaries to target them with missiles, drones, and roadside bombs, as well as for counterintelligence purposes,’ the letter warned.
LOCATION DATA TRADE FUELS PRIVACY CONCERNS
Location data is widely used in digital advertising, which is a key source of revenue for many tech companies. Such data is typically collected from smartphones or other devices by apps or service providers before being sold to data brokers who collate and resell the data, sometimes via complex networks of intermediaries.
Although the threat to privacy inherent in selling the details of people’s day-to-day movements on the open market has long been a matter of public discussion, its potential as a national security risk has recently drawn concern as well.
As far back as 2016, one U.S. defense contractor was able to leverage commercially available location data to track special operations forces from their bases in the United States to a sensitive staging post in Syria, according to an account first disclosed by the Wall Street Journal.
More recently, journalists at Wired and two German news outlets drew on billions of coordinates collected by a data broker to expose the granular comings and goings of people stationed at or around 11 U.S. military and intelligence sites in Germany.
The letter from U.S. lawmakers to the Pentagon said that, given what military officials know about the trade in location data, they should have acted faster to protect their personnel, for example by disabling the unique advertising ID attached to military-issued devices, automatically turning off location sharing on smartphones in the field, and steering staff away from Google’s Chrome web browser toward more privacy-focused alternatives.
One of the letter’s cosigners was U.S. Representative Pat Harrigan, a North Carolina Republican who was formerly a U.S. Army Special Forces officer. Harrigan said that browsers like Chrome ‘are built from the ground up to collect and share user data’ and that every day they remain on government-issued devices ‘is another day we are handing our adversaries a weapon against our own troops.’