America's massive military buildup in the Middle East, assembled in anticipation of a possible strike on Iran, has thrust an uncomfortable question to the front of the Pentagon's agenda. The problem isn't a foreign spy service or a sophisticated cyberattack. It's ordinary civilians on social media tracking US warplanes in real time – and sometimes getting it catastrophically wrong.
The phenomenon of civilian surveillance of US military movements is nothing new. But it burst into the headlines recently, prompted in part by the sheer scale of the military surge. At a late January conference hosted by the Mitchell Institute, Maj. Claire Randolph – head of the weapons and tactics branch at the US Air Forces Central Command (AFCENT), and a planner of Operation Midnight Hammer (the US strikes on Iran's nuclear sites) – laid bare her alarm.
"You have feeds on Twitter of random people who are just researching where our planes are flying and posting that," she said. "If American analysts were doing some of these things, we would classify that as secret or perhaps even top secret. But this stuff is just out there on the open internet," she added, barely concealing her frustration.
The tools enabling this surveillance are widely available. For anyone willing to pay for a premium subscription, apps like FlightRadar and FlightAware offer a comprehensive real-time picture of commercial, civilian, and military aircraft around the clock. The platforms rely on a web of commercial and civilian-owned sensors, while private companies – and state-aligned organizations with their own interests – supply satellite imagery of sensitive bases. That imagery allows followers to confirm the presence of aircraft they had tracked hours earlier, shortly after landing.
The Pentagon's anxiety over the surging power of open-source intelligence practitioners on social media has been building for years. At a 2023 conference, a senior, unnamed US Air Force official put it in stark terms, saying "the Department of Defense views open-source flight tracking and the accumulation of data on our aircraft as a direct threat to our ability to conduct military air operations worldwide."
Few voices in the debate carry more authority than Robert Spaulding – a senior fellow at the Hudson Institute and a retired brigadier general who commanded the 509th Bomb Wing. He argued that open-source data and a social media ecosystem "riddled with vulnerabilities" are "more dangerous than the B-21." "That's why I left the military," Spaulding said. "Because we are not protecting data. I think it's the most dangerous thing we can do as a nation."
Operational security, he said, is all too often an afterthought. There are "areas of awareness" about the risks posed by open-source flight-tracking data, varying by mission type, he noted. But "there is a general lack of awareness, and it exists at the highest levels of the military and in the places where the rubber meets the road," he added.
