TAMPA, Fla. — An adversary could transform the digital footprints created by modern smartphones into grid coordinates, which can then be used to target U.S. troops with deadly precision weapons, the head of U.S. Special Operations Command warned recently.
That potentially grim scenario painted by Adm. Frank M. Bradley — which shows how the same technology that tracks our driving, shopping, socializing and exercise habits can be weaponized — is an example of the “ubiquitous technical surveillance” (UTS) rapidly becoming a major national security vulnerability for the U.S. and its allies.
Smartphone users, including military personnel and perhaps even the most elite Special Forces units, could inadvertently share location data or other sensitive information that exposes their whereabouts or movements.
In some instances, a bad actor could simply buy that information legally, much like companies buy data to deliver highly targeted advertisements on phones, tablets and computers.
In other cases, without specific app privacy protections enabled, military or law enforcement personnel could directly upload their locations to social media or elsewhere on the internet.
The extreme dangers posed by UTS are a major priority for the FBI, intelligence agencies and even immigration enforcement organizations whose agents could accidentally reveal their movements before a raid to an actor who knows how to access and interpret that data.
But nowhere are the stakes higher than in the world of the military’s Special Forces.
Those elite units, such as the famed Delta Force and Navy SEALs, conduct the most complex and dangerous missions on the planet. And their commanders are well aware of the risks of modern digital surveillance.
“We now fight in a space of pervasive surveillance, a ubiquitous information environment driven by technical surveillance. Exquisite information is no longer the guarded property of governments or of the state. It is increasingly crowdsourced, exploitable and available to anyone with the will to look,” Adm. Bradley said in a May 19 keynote address to the Special Operations Forces Week convention in Tampa.
“We accept this passive surveillance as background in today’s modern societies,” he said. “But take that same commercial technology and apply it to the battlefield — that same tracking, the open-source data, the digital exhaust from your web searches — and drop it into that contested battlefield environment. Suddenly that digital footprint you’ve created doesn’t generate a targeted ad. It generates a grid coordinate for a precision munition.”
Adm. Bradley’s comments have been echoed throughout the upper echelons of the military and law enforcement. In a report from last June, the Justice Department’s Office of the Inspector General assessed the stakes of a new world largely defined by UTS and its impact on law enforcement, intelligence and military operations.
“The FBI is aware of prior and ongoing UTS compromises that have impacted FBI operations, threatened the safety of its sources, and are currently being used by adversaries to challenge the United States government on a global scale. Some within the FBI and partner agencies like the CIA have described the threat as ’existential,’” the report reads in part.
Grasping the threat
For military leaders and defense industry insiders, an important piece of the puzzle is determining what kinds of data a future adversary could find valuable. What may not seem important today could, several years from now, become a critical piece of information that a potential enemy could use to identify or locate specific individuals, units or teams.
“Data persists forever,” said Erik Wittreich, CEO of Veilant, a multidomain technology company that specializes in helping military outfits and government agencies control their digital footprints and manage potential sensitive data exposure.
“What may not be valuable today costs very little to retain and store, and it might be the missing piece to an operation in the future,” he told The Washington Times in an interview on the SOF Week conference floor in Tampa.
As a relatively new threat, it’s difficult to use raw data to quantify the degree to which UTS affects America’s national security. No detailed figures specify the number of cases or individuals whose locations, movements or actions may have been compromised by the data collected from their devices.
But there are plenty of anecdotal examples.
A November report from the Center for Internet Security detailed how Mexican drug cartels use location and other data uploaded to social media to target rival gangs. The same approach could target law enforcement personnel.
In late 2024, a joint investigation by WIRED, Bayerischer Rundfunk and Netzpolitik.org found that U.S. companies legally collecting digital advertising data from smartphones offer detailed insights into the locations and daily routines of American military personnel stationed in Germany.
Russian soldiers fighting in Ukraine have reportedly given away their positions by using Tinder, which tracks users’ locations.
In March, the French newspaper Le Monde reported that it could geolocate the aircraft carrier Charles de Gaulle because a French sailor was using the Strava fitness app to track daily runs.
The newspaper previously reported how workout data shared via the same app inadvertently revealed the locations of French submarines.
In a statement after the March carrier incident, French military spokesman Col. Guillaume Vernet said the Strava usage reported by Le Monde “does not comply with the current guidelines. Appropriate measures are being taken by the command.”
“In the course of their duties, sailors are regularly made aware of the security risks associated with connected devices, notably the use of social media in their private lives and the potential for geolocation through digital applications,” he told The Associated Press.
Strava, a popular fitness app often used by runners, cyclists and hikers, did not immediately respond to a request for comment. Like other apps and companies, Strava has maintained that users can adjust the settings or turn off location permissions to prevent any sharing of potentially sensitive information.
In 2018, after initial concerns that the app could inadvertently reveal military sites or sensitive information, then-Strava CEO James Quarles said in an open letter the company would review “features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent.”
In 2024, the company outlined changes regarding privacy and user control, including “the decision to limit the ability of a user’s data to be displayed by third-party apps in ways the user may not expect,” the company said on its website.
Still, critics say Strava’s default setting remains public, meaning new users share their location data unless they manually opt out.
