Data Brokers Expose Troops — Enemies WATCHING…

Commercial data brokers are quietly selling the digital trails of American service members in ways that could help Iran, China, Russia, and other enemies track, profile, and even target our troops.

Story Snapshot

Researchers showed that U.S. military personnel data can be bought cheaply and easily from commercial data brokers.
New federal law restricts sales of sensitive American data to foreign adversaries, but gaps and enforcement challenges remain.
Location and behavior data from everyday smartphone apps can expose bases, patrol routes, and individual service members.
Lawmakers are pressing the Pentagon to treat commercial data as a battlefield threat, not just a privacy problem.

How Data Brokers Turn Troops’ Digital Lives Into a Targeting Map

Duke University researchers recently demonstrated that it is not difficult to purchase sensitive information on active-duty military members, veterans, and their families from U.S. data brokers, including non-public, individually identified data about health, finances, and religious practices.^[1] They acquired such data for as little as twelve cents per record using ordinary web domains, showing that gatekeeping on who can buy this information is weak and inconsistent.^[1] The same ecosystem also offers location data tied to devices, which the researchers confirmed was marketed even though they did not buy it.^[1]

Privacy and civil-liberties analysts warn that this commercial data can easily be weaponized by foreign or malicious actors to profile troops, map their routines, and identify vulnerabilities for blackmail or influence operations.^[1]^[6] A briefing from a digital-rights group notes that data brokers build extensive dossiers on Americans, including service members, by aggregating browsing histories, app activity, location records, and inferred traits, then reselling them to whoever pays.^[2] Once compiled, these dossiers can reveal patrol routes around bases, off-duty hangouts, and social networks that adversaries could exploit.^[2]^[8]

New Federal Law Targets Adversary Access—but Leaves Big Holes

Congress responded in 2024 with the Protecting Americans’ Data from Foreign Adversaries Act, which prohibits data brokers from selling, licensing, or otherwise making sensitive personal data available to foreign adversary countries such as China, Iran, Russia, and North Korea, or to entities they control.^[1]^[5] The law expressly covers precise geolocation information alongside other highly sensitive categories, and it empowers the Federal Trade Commission to pursue civil penalties when brokers violate these restrictions.^[5] Supporters describe this as a national-security measure, not just a consumer-privacy tweak.^[1]^[5]

Policy analyses, however, stress that the broader commercial data market remains largely unregulated at the federal level, and that the same data can still flow inside the United States or through intermediaries that are difficult to trace back to a foreign government.^[2]^[3] A research paper on data brokers and national security notes that, under the current landscape, both the U.S. government and foreign adversaries can legally buy highly detailed information on Americans, including location and behavioral profiles, because there are few limits on who brokers may sell to.^[3] Enforcement will also depend on identifying when a foreign intelligence service is hiding behind shell companies or domestic cutouts, which is notoriously hard.^[3]^[8]

Why Smartphone Apps and “Commercial” Data Are Now a Battlefield Risk

National security analysts emphasize that the data itself usually does not come from espionage or hacking, but from everyday smartphone apps and online services that quietly collect and share location, biometric, health, and financial information with advertisers and brokers.^[2]^[4] The Electronic Frontier Foundation explains that dozens of location data brokers track the precise movements of hundreds of millions of people through third-party mobile apps, with little meaningful consent, then sell that information to private and state actors.^[4] This reveals where people live and work, who they associate with, and where they worship or seek medical care—all powerful intelligence clues.^[4]

A 2020 assessment from the NATO Strategic Communications Centre of Excellence found that adversaries could assemble enough personal data from brokers to craft highly targeted messages, influence operations, or threats against soldiers.^[6] Later analysis from an American electronic-privacy group highlighted real-world examples in which data broker feeds and advertising systems exposed base locations, patrol routes, and even individual identifiers through seemingly harmless fitness and mapping data.^[2]^[8] Together, these findings undercut any notion that commercial data is benign; on a modern battlefield, it functions like a live sensor grid following every smartphone in a formation.

What Lawmakers Want the Pentagon to Do Next

Defense-focused experts argue that the military must treat commercial data as an operational threat and not merely a legal or policy issue.^[5]^[7] An internal Army-oriented report stated there is still no comprehensive national data-privacy framework protecting soldiers or civilians from vulnerabilities created by brokers, leaving commanders to manage risk on an ad hoc basis.^[7] Outside analyses recommend that the Pentagon sharply limit the types of apps allowed on government-issued devices, provide clear guidance for personal-device use in sensitive areas, and work with Congress to push for stronger baseline privacy protections.^[4]^[5]^[7]

Seems like it'd be smarter to regulate how tech companies collect and sell user data, rather than trying to keep US troops one step ahead of data brokers by controlling which browsers they use and which advertising settings they select devices. https://t.co/4411xpOsp2 pic.twitter.com/4qwxk5KFqO

— Kyle Rempfer (@kyle_rempfer) May 28, 2026

Legal scholars and privacy advocates also argue that reducing the volume of data collected and traded in the first place would be one of the most effective national-security safeguards, because “you do not have to protect what you do not collect.”^[2] Proposals under consideration would treat many data brokers as covered entities under federal credit-reporting rules, sharply narrowing the purposes for which they can gather and share personal information.^[2] For conservatives who prioritize a strong military and limited, accountable government, the core message is straightforward: Washington should finally rein in the shadow data economy that is putting U.S. troops and their families at needless risk.^[2]^[3]^[8]