Cybersecurity – US Lawmakers Raise Alarm Over Sensitive Data Exposure Risks

Cybersecurity –  Democratic lawmakers in the United States have raised fresh concerns over the government’s handling of mobile phone location data, warning that gaps in federal safeguards may leave several highly sensitive sites vulnerable to foreign surveillance and intelligence operations.

The issue was highlighted in a strongly worded letter sent to Director of National Intelligence Tulsi Gabbard and Acting Attorney General Todd Blanche by Senator Ron Wyden, Senator Martin Heinrich and Representative Sara Jacobs. The lawmakers argued that current regulations do not adequately prevent the sale of sensitive location information that could be obtained by hostile foreign governments through commercial data brokers.

Concerns Over Sensitive Government Locations

According to the lawmakers, the Justice Department’s current framework leaves several major national security facilities outside officially protected areas where location data sales are restricted. They warned that this creates potential risks for intelligence gathering and espionage activities involving countries such as China and Iran.

Among the locations reportedly missing from the protected list are the White House, the headquarters of the CIA, Congress, the Supreme Court and laboratories linked to the development of nuclear weapons. The lawmakers said information collected from mobile devices in these areas could expose the movements and identities of government personnel.

They stressed that commercially available data can reveal sensitive patterns about officials working in critical agencies, potentially allowing foreign actors to monitor their activities or identify confidential operations.

Rules Introduced After Biden Executive Order

The concerns stem from an executive order issued in 2024 by former President Joe Biden. The order instructed the Justice Department to create rules limiting the transfer of sensitive American data to countries considered security threats, including China, Russia, Iran, North Korea, Cuba and Venezuela.

Under regulations finalised in January 2025, the department identified 736 government-related locations where location data tied to even a single device could not legally be sold to designated foreign adversaries. However, lawmakers argued that several of the nation’s most important intelligence and defence facilities were excluded from the restrictions.

The letter specifically mentioned that the headquarters of agencies such as the National Reconnaissance Office and the National Geospatial-Intelligence Agency were not included in the protected network.

Push for Broader Protection Measures

The lawmakers are now urging federal authorities to expand the current restrictions and establish a wider security zone covering the entire National Capital Region surrounding Washington, DC.

They argued that limiting restrictions to only six countries may not be sufficient, as nations with weak privacy protections or aggressive surveillance practices could still obtain American data through indirect channels. According to the lawmakers, data brokers may resell information to entities connected to hostile governments, increasing the overall security threat.

The officials also pointed to growing concerns about artificial intelligence systems that can combine multiple datasets to uncover hidden links between government employees and federal agencies. They warned that advanced AI tools could make it easier for foreign intelligence services to identify officials whose government connections may otherwise remain difficult to detect.

Rising Debate Around Data Brokers and Surveillance

The debate over mobile location data and digital privacy has intensified in Washington in recent years as tensions between the United States and China continue to grow. Policymakers from both major political parties have repeatedly warned that location tracking data sold through commercial markets could expose military personnel, intelligence officers and senior government officials to surveillance, blackmail attempts and espionage threats.

Security experts have also cautioned that rapidly improving AI technology increases the risk of foreign adversaries analysing massive datasets to track sensitive government activity more efficiently than before.