For almost a decade, the Pentagon has been warned by its own contractors, analysts, and intelligence agencies that commercially available location data could expose the whereabouts of American troops. Now, these warnings have materialized into a critical security threat in active war zones. A newly disclosed letter reveals that these warnings went unheeded. **US Central Command (CENTCOM)** has confirmed receiving “multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater.” This marks the first official acknowledgment that the data-broker economy is being leveraged to target American forces in the Middle East. ### Decade-Long Warnings Ignored The targeting was initially reported by **Reuters**, which obtained the CENTCOM letter. However, this confirmation is built upon a decade of consistent warnings regarding the dangers of commercially available location data. For years, US lawmakers have been presented with the same alarming intelligence assessments and expert testimonies as the Pentagon. Despite this, comprehensive privacy legislation has repeatedly stalled in Washington. The one measure that did pass—requiring that data shared with military contractors not be resold—left the broader data-broker industry untouched. ### Early Warnings and Internal Concerns One of the earliest warnings emerged in 2016 at the Joint Special Operations Command compound at Fort Bragg, California. A government technologist demonstrated how commercially purchased location data could track phones from Fort Bragg and MacDill Air Force Base in Florida, through Turkey, and into northern Syria, pinpointing a covert forward operating base. This data was accessible to any advertiser or foreign intelligence service. Even with these warnings, parts of the **Department of Defense (DoD)** explored becoming customers of the location-data marketplace. The **Defense Intelligence Agency (DIA)** disclosed to Congress in 2021 that it uses commercially purchased phone location data, including that of Americans, without a warrant. Reports also surfaced that the US military was buying location data harvested from popular consumer apps. ### Army-Commissioned Research Highlights Risks In 2023, the Army commissioned research that further highlighted the threat. Researchers at Duke University, under a grant from the US Military Academy at West Point, demonstrated how easily data on American service members could be purchased. They found thousands of listings advertising data on military personnel, including datasets like “Military Families Mailing List” and “Hard Core Military Families.” For as little as 12 cents a record, they purchased names, home addresses, health conditions, and financial details on active-duty troops with minimal vetting. Posing as a buyer operating through a Singapore-based domain, they also obtained data geofenced to Fort Bragg, Quantico, and other installations. One broker even offered to bypass identity checks for wire payments. ### Data Flowing Through Advertising Platforms A year later, **WIRED** found similar data flowing through **Google's** advertising platform. Working with data obtained by the Irish Council for Civil Liberties, WIRED identified marketing “segments” on Google's Display & Video 360 that targeted US government employees deemed “decision-makers” working “specifically in the field of national security,” as well as lists targeting individuals working for companies licensed to build missiles, space-launch vehicles, and cryptographic systems. ### Real-World Exposure Demonstrated A previous WIRED investigation demonstrated the practical implications of this exposure. In late 2024, reporters obtained a “free sample” of location data from a Florida broker, revealing the daily movements of American military and intelligence personnel stationed in Germany. This included 12,313 devices that passed through at least 11 US installations, including Büchel Air Base, where US nuclear weapons are believed to be stored. In response, a Pentagon spokesperson acknowledged the risks associated with geolocation services and urged service members to follow operational security protocols—an approach deemed insufficient by the Army's own research. ### Internal Army Research Calls for Changes The Army Cyber Institute at West Point found that over a fifth of the most-visited web domains on the service's stateside unclassified networks were commercial trackers. The report recommended restricting the installation of Google’s Chrome browser on Army workstations, as it was the only major browser that declined to block third-party cookies. Lawmakers are now echoing this call. A bipartisan group of lawmakers has written to the Pentagon, detailing the department's decade-long awareness of the threat and its failure to adopt recommended cyber defenses. The letter urges the department's chief information officer, **Kirsten Davies**, to disable the advertising ID on military phones, replace Chrome with privacy-focused browsers on government devices, and enroll service members in state data-broker opt-out systems.