The United States spends more than $800 billion annually on defense, yet hostile actors can pinpoint American military personnel for the price of a programmatic ad buy. That absurdity is now receiving overdue congressional attention, with a senior senator warning that the advertising industry has become a "national security threat"—language that would have seemed hyperbolic a decade ago but now reads as understatement.

The immediate trigger is confirmation that U.S. troops have been targeted using commercially available location data, the kind harvested by weather apps, fitness trackers, and countless other services that monetize user movement. The data flows through a lightly regulated ecosystem of brokers, aggregators, and demand-side platforms, eventually surfacing in packages that anyone with a corporate credit card can purchase. Adversaries—state-backed or otherwise—need not hack the Pentagon; they can simply shop.

A vulnerability hiding in plain sight

Intelligence officials have warned about this vector for years. In 2018, fitness-tracking app Strava inadvertently revealed the outlines of secret U.S. bases when soldiers' jogging routes lit up heat maps in otherwise empty deserts. The lesson was clear: commercial data can expose operational security. Yet the advertising industry's response has been to lobby against privacy legislation while continuing to refine location-tracking precision. Today's geofencing capabilities can isolate a single building—or a single barracks.

The economics are straightforward. Location data is the lifeblood of targeted advertising, worth tens of billions of dollars annually. Brokers argue that data is "anonymized," but researchers have repeatedly demonstrated that a handful of location pings can uniquely identify an individual. For a soldier living on base, commuting to a classified facility, and visiting a known family address, anonymization is a polite fiction.

Why Congress has moved slowly

Privacy legislation has stalled in Washington for the better part of a decade, caught between industry lobbying, partisan disagreements over enforcement mechanisms, and a general reluctance to disrupt a digital advertising model that funds much of the open internet. National-security framing may finally shift the calculus. When the threat is framed as foreign adversaries tracking troops rather than corporations tracking consumers, bipartisan alarm tends to follow.

The senator's warning also arrives as the Trump administration pursues an aggressive posture on Iran and maintains pressure on China—two nations with documented interest in exploiting open-source and commercial intelligence. If American data brokers are, in effect, selling targeting packages to adversaries, the policy contradiction becomes untenable.

Our take

The advertising industry has spent years insisting that privacy concerns are overblown and that self-regulation suffices. The spectacle of U.S. service members' movements being sold on the open market should end that argument. Congress has the authority to restrict the sale of sensitive location data; it has lacked the will. A national-security framing may be the catalyst that privacy advocates alone could not provide. The irony is bitter: it took endangering soldiers to make lawmakers care about a surveillance economy that has endangered everyone else for years.