A group of 14 bipartisan lawmakers in both the House and Senate want answers on military service members’ protections as the Department of Defense for “the first time” acknowledged how location data is leading to active targeting in war zones.
The May 28 letter, signed by U.S. Sen. Ron Wyden (D-Ore.) and Rep. Pat Harrigan (R-N.C.), expresses “serious concern” that DOD has not taken the necessary steps to adapt to counterintelligence and force protection threats posed by the collection and sale of personal information, including cell phone location data, by data brokers.
The lawmakers wrote that while DOD has known about such concerns for over a decade, it “has failed to adopt commonsense cyber defenses that are recommended by federal agencies.” The letter was addressed to Kirsten Davies, chief information officer at DOD.
“This is the first time DOD has confirmed that adversaries are using commercial location data to target U.S. military personnel in an active war zone,” the letter reads. “Commercial location data can be used to identify where U.S. troops congregate and their pattern of life, which can be exploited by adversaries to target attacks such as missiles, drones and roadside bombs, as well as for counterintelligence purposes.
“That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DOD leadership's failure to prioritize this threat and implement common-sense cyber defenses recommended by federal cybersecurity experts.”
The admission from the DOD to Congress is quite recent. On April 14, U.S. Central Command (USCENTCOM) told Congress that it “received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil U.S. personnel in theater,†for Operation Epic Fury, or the U.S. military operation in Iran.
CENTCOM’s remarks came after Wyden’s office asked a series of related questions involving personal phones, government-issued phones, reports about adversaries using data to target U.S. service members, and whether any government vehicles in war zones are transmitting location data back to the manufacturers of those vehicles.
No further information on such reports requested by Congress has been delivered, lawmakers claim.
Military.com reached out for comment to the Pentagon. An official told Military.com that the department does not comment on congressional correspondence but may plan to reach out directly to the letter’s senders.
When asked about how such technology could negatively impact service members and operational security, the official declined to comment—citing not remarking on intelligence-related matters as a matter of practice.
The other 12 bipartisan members of Congress who signed the letter are Sens. Martin Heinrich (D-N.M.), Elizabeth Warren (D-Mass), Edward Markey (D-Mass.) and Alex Padilla (D-Calif); and Reps. Robert Garcia (D-Calif.), Elijah Crane (R-Ariz.), Matt Van Epps (R-Tenn.), Scott Perry (R-Pa.), Keith Self (R-Texas), Michael Cloud (R-Texas), Sara Jacobs (D-Calif.) and Greg Steube (R-Fla.).
Accusations of Neglect Dating Back to 2016
Earlier this month, according to lawmakers, CENTCOM for the first time gained the capability to disable location sharing on smartphones it manages.
But the issue goes back a decade. A press release suggests that DOD has known about this threat since at least 2016, when a government contractor briefed Joint Special Operations Command officials and demonstrated the ability to track phones traveling from U.S. special operations bases in the Middle East, citing a report from the Wall Street Journal.
Other outlets including WIRED and CNN in more recent years have reported and identified large commercial datasets allowing tracking of U.S. government and military personnel.
One portion of the lawmakers’ recent correspondence encourages DOD to pre-install privacy-focused web browsers on department-issued devices to protect users with anti-tracking cyber defenses, such as ad blocking and the Global Privacy Control (GPC)—the latter of which is already enforced by law in 12 states.
“The members are right to say Pentagon personnel need web browsers made to protect our service members,” Scott Montgomery, vice president of Federal at Island, told Military.com. “Much like we wouldn't rely on a homeowner's .38 on the battlefield, we also shouldn't rely on the consumer browser they used to buy it.
“Mission support and consumer monetization are conflicting goals. On the battlefield, exactly one of them is essential. Warfighters deserve technology that protects them better than the typical consumer expects.â€
