Overview
- U.S. Central Command told Congress it had “received multiple threat reports” that hostile actors bought and used commercially available phone location data to target or surveil deployed U.S. personnel, a confirmation made public by lawmakers on Thursday, May 28.
- A bipartisan group of senators and representatives pressed the Pentagon in a letter for specific fixes including disabling advertising identifiers on government phones, automatically turning off location sharing for personnel in theater, and removing browsers that collect large amounts of telemetry.
- CENTCOM said its Threat Fusion Cell identified, tracked, and shared these threats with force protection teams and that it is migrating government devices to a Mobile Device Management server that can disable location services.
- Lawmakers and reporters note that location records are routinely gathered by apps and sold through data brokers and that prior investigations have shown such commercial datasets can reveal troop movements and patterns of life near sensitive sites.
- The Pentagon has not publicly detailed incidents or responded to requests for more information, and lawmakers warn that without faster, clearer DoD action and greater limits on the adtech market service members will remain exposed to targeting risks.