Summary
A federal effort to block foreign governments from buying Americans’ cellphone location data includes gaps that, according to three congressional Democrats, leave some of the country’s most sensitive federal sites outside the so-called “designated sites” list.
In a letter issued Thursday, Sens. Ron Wyden of Oregon and Martin Heinrich of New Mexico and Rep. Sara Jacobs of California warned that the Biden administration’s rules do not cover key locations in Washington, including the White House, Congress and the CIA’s headquarters. The lawmakers said those omissions matter because the location data in question can reveal patterns about U.S. government employees and be exploited for espionage.
“The sale of Americans’ location data by data brokers poses a serious threat to U.S. national security, particularly when data about U.S. government employees is sold to foreign governments,” the lawmakers wrote in the letter to Trump administration officials, according to the Associated Press.
The letter urged the administration to address what the lawmakers described as oversights and to expand protections beyond a limited list of buildings. Wyden, Heinrich and Jacobs urged creation of a “protection zone” that would encompass the entire Washington, D.C., region rather than selecting individual buildings, and they also urged the Department to expand the list of countries of concern barred from acquiring data on Americans.
The AP reported that the Biden administration spent almost a year drafting regulations aimed at preventing U.S. adversaries from purchasing commercial data gathered from cell phones at the federal government’s most sensitive locations. Those rules took effect in April 2025 and broadly restrict location-data sales involving more than 1,000 American devices to China, Russia, Iran, North Korea, Cuba and Venezuela.
But the lawmakers said the rules still contained “gaps,” including omissions of several major sites from the designated list. They said the rules identified which locations were protected by GPS coordinates, and staff using those coordinates analyzed which federal facilities and places were included and which were not.
The Associated Press reported that a Justice Department spokesman declined to comment, and that the Office of the Director of National Intelligence did not respond to a request for comment.
The letter also drew on broader warnings about how location data can be used. AP reported that data brokers have long sold such information for purposes including advertising targeting, analysis of consumer habits and assessments of investment opportunities, and that governments have increasingly used similar datasets for enforcement and intelligence gathering, including to map the patterns and activities of U.S. government personnel.
AP also noted that commercially available location data has previously been used to identify sensitive U.S. facilities, and that fitness apps have caused problems during military operations or at sensitive locations—for example, a reported incident involving a French aircraft carrier in the Mediterranean, when a crew member’s running route logged on the ship’s deck was said to reveal the ship’s location.
In their warning, the three Democrats focused on whether the protections built into the regulations sufficiently covered sensitive Washington sites under the GPS-coordinate approach, and said the administration should revise the framework to provide broader geographic coverage.
The lawmakers’ proposal to use a region-wide protection zone reflects a central concern: even where restrictions exist for certain device data and certain countries, gaps in how sensitive locations are designated could leave remaining opportunities for foreign buyers to acquire location information about U.S. government-related activity.