US service members can be tracked on missions in multiple countries, including Syria, using commercially available phone data that also shows their travels to military bases and their homes in the United States, according to a new report.
The Wall Street Journal has reported that such data sets surfaced in 2016 when PlanetRisk, a US defense contractor, was working on a software prototype to monitor the travel of refugees.
At the time, employees of the company discovered that they were able to track US military operations through data from the apps on soldiers’ phones.
While the data sets don’t contain the names of the soldiers, it does depict their movements, which could reveal clues about an individual’s identity.
In some cases, devices appeared at military bases like Fort Bragg in Fayetteville, North Carolina, and Fort Hood in Texas, according to the Journal.
US special forces can be tracked on missions in Syria with commercially available phone data that also shows their travels to military bases in the US and to their homes, according to a new report. This graphic shows the locations where military personnel’s phones were tracked to
While the data sets don’t contain the names of the soldiers, it does depict their movements, which could reveal clues about an individual’s identity. Soldiers are seen near At-Tanf Garrison, Syria in May 2020
The data also showed soldiers at the US-run Camp Buehring in Kuwait before they later traveled to the Lafarge Cement Factory in Syria. US personnel had operated the factory with allies, Syrian Democratic Forces, up until it was evacuated and destroyed in 2019.
The devices would eventually reappear in the US and many times at private residences that were believed to be the homes of military personnel.
Obtaining such commercial data, which is being generated by cell phones, poses a risk to US military operations, especially since it’s challenging to monitor what software soldiers are downloading on their devices.
To combat the issue, a bipartisan group of lawmakers proposed ‘The Fourth Amendment Is Not For Sale Act’.
The act would present significant action against the widespread proliferation of facial recognition technology using images scraped from social media and the warrantless supply chain of location data from ordinary smartphone apps, through middlemen, and eventually to agencies.
Sen Ron Wyden, an Oregon Democrat, who is spearheading the legislation announced the intention to introduce the bill last year after reports that several government agencies had purchased citizens’ location data through a service called Venntel rather than obtaining it through a warrant.
In some cases, devices appeared at military bases like Fort Bragg (pictured) in Fayetteville, North Carolina, and Fort Hood in Texas
Concerns were also raised in January 2018 when an Australian researcher’s analysis of data posted by Strava, a fitness tracking app, on activities of its users revealed locations of American forces in Syria and Iraq (file image in 2018)
‘There’s no reason information scavenged by data brokers should be treated differently than the same data held by your phone company or email provider,’ Wyden said in a statement.
He also said: ‘Our country’s intelligence leaders have made it clear that putting Americans’ sensitive information in the hands of unfriendly foreign governments is a major risk to national security.’
A spokeswoman for the Department of Defense pointed to their 2018 policy that prohibits the use of geolocation features.
‘This policy, and its implementing risk guidance, protects DoD personnel and operations while still allowing flexibility to benefit from geolocation capabilities in certain low-risk situations,’ the spokeswoman said.
She was referring to the US military prohibiting its deployed personnel from using geolocation features on smartphones, fitness trackers and other devices because of the potential security risks associated with revealing their location.
However, that decision followed concerns that were raised in January 2018 when an Australian researcher’s analysis of data posted by Strava, a fitness tracking app, on activities of its users revealed locations of American forces in Syria and Iraq.
The Pentagon said at the time that geolocation capabilities presented a ‘significant risk’.
‘These geolocation capabilities can expose personal information, locations, routines, and numbers of Department personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,’ the memo from the Pentagon said.
The memo said Defense Department personnel were prohibited from using ‘geolocation features and functionality on government and non-government-issued devices, applications, and services while in locations designated as operational areas’.
At the time, Strava shared heat maps showing movements of people exercising while wearing fitness tracker devices and publicly sharing the time and location of their workouts via the app. Outlines of US outposts in Syria and Iraq could be seen in the maps.
Mike Yeagley, who was the vice president for global defense at PlanetRisk in 2016, told the Journal that while the US government likely won’t change the convenience of apps, it still needs to build some type of technology that will protest Americans.
‘We’re not going to change the convenience of apps and mobility. That doesn’t mean that we can’t build our own firewall to protect ourselves against the malicious adversaries who will take advantage of our liberal democratic attitudes to use against our people,’ Yeagley said.