They knew.
For ten years.
Ten years of warnings from contractors, analysts, people paid to tell them exactly how exposed our troops are. Anyone with a credit card and a moment to spare can buy a map of where soldiers sleep. Where they work. Where we keep the nuclear weapons.
Now. The bill comes due.
In a war zone, no less.
The Admission
US Central Command finally sent a letter.
It’s ugly to read, but honest enough.
“Multiple threat reports concerning adversary exploitation of commercial data.”
That is the first time anyone in charge admitted that data brokers are actively being used to hunt American soldiers in the Middle East.
Reuters got the letter. But the letter is just the tip of the iceberg.
The record goes back much further.
Congress heard these same alarms. Same intelligence. Same witnesses. Yet nothing happened. Laws stalled.
There was one tiny fix, sure—a rule saying military contractors can’t resold shared data—but that left the rest of the industry wide open.
The warning started way back in 2016, at Fort Bragg. A government tech brief for senior officers showed something chilling. Commercial location data—bought legally, not hacked—could track elite units from MacDill Air Base to Turkey, then right into Syria.
They clustered at covert bases. The data showed it.
So did any foreign spy.
Buying Danger
Even while warned, parts of the Pentagon loved this market.
The Defense Intelligence Agency told Congress in 2020s that it bought phone location data. Including data on Americans.
No warrants. They didn’t think they needed them.
Motherboard confirmed it a few months earlier. The military was feeding on consumer app data.
Then in 2023.
The Army paid to find out just how bad it was.
Duke researchers, funded by West Point, posed as adversaries.
They scraped data brokers. Found lists titled “Military Families” and “Hard Core Military Families.”
The cost? Twelve cents per record.
They bought names. Home addresses. Health issues.
They pretended to be a Singaporean buyer and got data geofenced around Fort Bragg and Quantico. One broker waived ID checks for a wire transfer.
It got worse.
WIRED found this same data in Google’s advertising platform.
Thanks to the Irish Council for Civil Liberties, investigators saw segments on Google Display & Video 360.
Targeting US “decisionmakers” in national security.
People working at missile plants.
Creators of cryptographic systems.
The investigator set up a fake analytics firm.
He said:
“When I signed up there was no questions asked.”
He could have been anyone. A terrorist? A child? A random person off the street. It didn’t matter.
Real Consequences
This isn’t hypothetical.
Last year, German reporters and WIRED got a “free sample” from a Florida broker.
3.6 billion data points. 11 million German phones. Two months of tracking.
Inside that data? American troops.
12,300+ devices moved through 11 US bases. Wiesbaden headquarters.
Kids’ schools.
Devices at Büchel Air Base where nukes sit in bunkers.
Devices zigzagging through armored vehicle courses at Grafenwöhr, just before suspected saboteurs got arrested there.
Asked about this, a Pentagon spokesperson gave the tired answer.
Remember OPSEC. Be careful.
But individual responsibility doesn’t fix systemic rot.
The Army’s own West Point institute noted that a fifth of the domains visited on their unclassified networks were trackers.
Fix it? Cheap. Easy.
Recommendation: Ditch Google Chrome on government devices. It refuses to block third-party cookies. Everyone else does. Chrome just says no.
A year later.
Lawmakers are asking the exact same thing.
Still Ignoring
Fourteen members of Congress wrote to the Pentagon. Bipartisan.
They laid it out. You’ve known for ten years.
You “failed to adopt commonsense defenses.”
They want Kirsten Davies, the CIO, to actually act. Turn off advertising IDs on military phones. Replace Chrome with a secure browser. Enroll soldiers in state opt-out lists.
They specifically asked about that West Point report. And a 2010 law meant to protect vulnerable personnel.
The timing is brutal.
Centcom says it only started turning off location sharing on gov smartphones this month.
Ten years late.
And the Army?
This month, they told soldiers to use personal phones for work.
Same phones broadcasting ad IDs to brokers.
The Army says only the work app is monitored. Private stuff stays private.
Brokers don’t care about that distinction.
Data brokers have no walls. They have data.
And apparently they’re still selling it.
