Somewhere in the Middle East, an American soldier finishes a shift and heads back to quarters. An adversary’s intelligence analyst has been monitoring that soldier’s movements all day—along with everyone else on the base. The analyst didn’t need a drone. He bought the location data from the same digital marketing firms that sell cereal ads based on your commute.
This isn’t a hypothetical. In April 2026, U.S. Central Command confirmed that commercial smartphone data was being used to target American forces abroad. After Iranian missile and drone strikes damaged or destroyed parts of U.S. installations across the Gulf, commanders dispersed thousands of troops into hotels and offices without perimeter security. Each service member still carried a phone broadcasting location data for sale to anyone with a credit card.
Sen. Ron Wyden (D-Ore.), along with Reps. Elijah Crane (R-Ariz.) and Scott Perry (R-Pa.), sent a formal letter to the Pentagon’s chief information officer demanding answers and immediate action. The threat isn’t new. The Pentagon was warned more than a decade ago but has done remarkably little.
In 2016, intelligence contractor Mike Yeagley showed Joint Special Operations Command leaders that he could reconstruct the training routines, deployments, and home lives of operators in one of America’s most secretive units—down to images of their own homes. He hadn’t hacked the data. He bought it cheaply from his home office in Maryland.
In 2018, the fitness app Strava’s public heatmap inadvertently exposed layouts of forward operating bases worldwide. In 2024, journalists purchased commercial ad data and tracked U.S. troops at bases across Germany, including to their homes. The response has been shockingly inadequate. While the military pours billions into F-35s and space weapons, troops are told to tap “Ask App Not to Track” or use DuckDuckGo. That misunderstands the threat entirely.
The problem isn’t GPS. Modern apps build a unique device fingerprint from hundreds of signals, creating a profile as precise as any coordinate—regardless of permission toggles. There are no standard criteria for a safe digital signature, and no protocol to enforce one. Meanwhile, China bars foreign cars like Teslas from government complexes and requires all data collected on its soil to stay there. The U.S. allows its own troops’ location data to be sold on the open market.
Fixing this requires more than tinkering with privacy settings. The military needs technologies that reduce the signals devices broadcast, and commanders must have visibility into what data their units are releasing. This week, as amendments are introduced to the National Defense Authorization Act, Congress can direct the Pentagon to meet that standard. The threat is confirmed, the remedy is within reach, and the bill is on the floor this year.
Erik Prince, a former Navy SEAL officer and defense entrepreneur, argues that Congress must act before the next conflict forces us to learn the hard way. For more on how digital tracking intersects with national security, see our coverage of the growing concerns over election data privacy and the tracking of political donors.
