Democratic lawmakers are urging the Trump administration to close what they describe as major gaps in federal rules designed to stop foreign adversaries from purchasing sensitive location data collected from Americans’ cell phones.
In a letter sent Thursday to Trump administration officials, Sens. Ron Wyden (D-OR), and Martin Heinrich (D-NM) along with Rep. Sara Jacobs (D-CA) warned that key government sites including the White House, the U.S. Capitol and CIA headquarters were omitted from protected zones established under a Biden-era executive order.
According to the AP, the letter argued that the Justice Department’s implementation of former President Joe Biden’s 2024 executive order failed to fully shield critical national security facilities from foreign surveillance through commercial data brokers.
“The sale of Americans’ location data by data brokers poses a serious threat to U.S. national security, particularly when data about U.S. government employees is sold to foreign governments,” the lawmakers wrote. “Such data can reveal sensitive information that can be exploited for espionage purposes.”
The warning highlights growing bipartisan concern in Washington over the largely unregulated market for commercially available location data harvested from smartphones and mobile applications. Data brokers routinely collect geolocation information, consumer habits and behavioral profiles that are sold to advertisers, investors and government agencies. Intelligence officials and privacy advocates have increasingly warned that foreign governments could exploit those same datasets to track military personnel, intelligence officials and other federal employees.
The lawmakers’ complaint centers on regulations finalized after Biden signed an executive order in February 2024 directing federal agencies to curb the large-scale transfer of Americans’ sensitive personal data to “countries of concern,” including China, Russia, Iran and North Korea.
At the time, the White House said “bad actors can use this data to track Americans, including military service members, pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services.” The administration warned that commercially available data could enable “intrusive surveillance, scams, blackmail, and other violations of privacy.”
According to an earlier AP report, Biden’s executive order specifically targeted commercial data brokers and authorized the Justice Department to create safeguards covering sensitive personal and government-related information, including geolocation data tied to military installations and other sensitive federal facilities.
Related: Senate Bill Would Force Data Centers to Pay Full Cost of Power-Grid Upgrades
The resulting rules, which took effect in April 2025, broadly prohibited the sale of location data covering more than 1,000 U.S. devices to China, Russia, Iran, North Korea, Cuba and Venezuela. The regulations also created enhanced protections around 736 designated sensitive government sites where even the sale of information associated with a single device was barred.
But according to the lawmakers, several of the country’s most important national security locations never made the list.
Wyden’s office said staff members, working with the Congressional Research Service, analyzed the GPS coordinates included in the rule to determine which facilities were protected and which were excluded. The review found that the White House, Congress and CIA headquarters were among the omitted sites.
The lawmakers urged the administration to replace the current building-by-building approach with a broader “protection zone” encompassing the entire Washington metropolitan area. They also called on the Justice Department to expand the list of prohibited foreign countries covered by the restrictions.
The issue reflects broader concerns about how easily commercially available data can expose sensitive government operations. The AP article noted that commercially available datasets have previously been used to identify sensitive U.S. facilities, while consumer fitness applications have inadvertently exposed military activity, including a recent incident in which a crew member aboard a French aircraft carrier reportedly revealed the vessel’s location by logging a running route through a fitness app.
The Justice Department declined to comment on the lawmakers’ letter, according to the AP. The Office of the Director of National Intelligence also did not respond to requests for comment.
