[Editor’s Note: Today’s post welcomes back Dr. Anna Gielas with another insightful post! Dr. Gielas discusses the significant security concerns surrounding the storage and retention of data collected in urban areas, such as smart-cities. The accumulation and maintenance of smart-city data over time can offer adversaries the ability to leverage different forms of information into patterns of life, social networks, and favored routes, posing a threat to U.S. Soldiers and operations abroad.
In March 2026, a real world example of an actor mining these vast sources of data played out — Israel’s multi-year operation to hijack Iran’s own surveillance infrastructure. By co-opting Iran’s vast network of security cameras into a “trojan horse,” Israel was able to achieve numerous operational successes in Operation EPIC FURY. — Read on!]
When U.S. Armed Forces return stateside after deployments, leaders may assume their presence abroad has faded. Yet in today’s smart-city environments, municipal data-retention policies can generate enduring archives of military activity across foreign urban areas. Through extended or ambiguously defined storage policies, seemingly mundane data—ranging from transit card swipes to CCTV footage—can be stored indefinitely and shared unpredictably. What begins as routine municipal recordkeeping can evolve into a persistent intelligence repository, raising operational and security concerns.
For an adversary, access to these archives offers at least four advantages: patterns of life reconstruction, organizational network mapping, event back-tracing, and shaping narratives in information warfare. Because adversarial advantage grows with longer data retention, storage duration should be treated as a risk factor—not a neutral technical detail. Doctrinally, the U.S. Armed Forces should incorporate this data-duration risk across the information, intelligence, and protection functions, much as it does other enduring threats.
Retention policies for smart-city data vary widely across the globe. In Europe, the General Data Protection Regulation sets a “storage limitation” principle that pushes controllers to keep data “for the shortest time possible.” National approaches vary from 24 hours in Italy to one month in Spain. By contrast, in some Indian cities, municipal departments store CCTV footage for six months before archiving it indefinitely. Researchers have also highlighted how “regulatory ‘grey-zones’ affect smart city policies in Brazil,” where municipal authorities regularly delegate biometric and other types of surveillance to private companies without sufficient oversight and accountability. Similarly, in Uganda’s capital, Kampala, Huawei’s “Safe City” system operates 1,800 cameras directly connected to police headquarters, yet reports highlight minimal oversight and inconsistent compliance with storage policies.
These issues are compounded by the dominance of Chinese vendors such as Huawei, the country’s leading telecommunications company. These vendors export smart-city technologies across Africa, South Asia, and Latin America. They secure access to municipal data in a variety of ways, including through troubleshooting logs, remote system updates, and analytics archives. As a result, even if local authorities in Africa or Latin America purge their records, vendor copies may persist on Chinese servers far longer—and become available to military institutions. As a Brookings Institution report notes, “Should a Chinese company have access to user information, that information would be available to the Chinese government under the provisions of the 2017 National Intelligence Law.” For U.S. units rotating through partner cities, that means yesterday’s patrol or convoy can live on in a faraway server—ready to be queried, copied, or weaponized long after soldiers returned home.
Risks for the U.S. Armed Forces
The accumulation of smart-city data over time offers more than isolated snapshots of activity. It enables the reconstruction of patterns of life. When cameras, license-plate readers, facial-recognition systems, cell-tower logs, and public transit card readers record movements for months at a time, they collectively create a map of daily routines—where individuals travel, the routes they prefer, the places they pause, and the people they associate with. Such insights can be leveraged in several problematic ways, from extorting service members to planning ambushes. Beyond the individual level, the same data streams reveal how people and organizations intersect. Repeated co-location can help trace networks: which units routinely interact, which contractors support them, which local partners are essential, and where supply nodes cluster. Longer data retention increases both the number and depth of insights. In this way, the seemingly mundane exhaust of urban monitoring technologies can, when aggregated, provide adversaries with a blueprint of both personal lives and institutional structures.
Smart-city data also amplifies risks by enabling event back-tracing. This movement profiling is highly dependent on data retention. Imagine a short-duration operation in a dense city: the team enters and exits within minutes, with routes varied and radios disciplined. If an adversary later gains access to months of retained municipal data, the incident becomes a fixed anchor in time. Long archives let them rewind from the target block across intersections and toll points, correlate traffic-camera views with license-plate reader hits, and identify the entrance at a partner facility or a safe house used for staging. The adversary can then run the timeline forward from the same anchor to see where vehicles dispersed, mapping out pre-positioned equipment caches or exposing communication nodes used for coordination. None of this depends on daily habits or long-term relationships; it depends on the existence of a rich historical record around that specific moment. The longer the retention period, the farther back and farther forward the reconstruction can reach, turning a brief, well-executed mission into a recoverable chain of locations, timestamps, and support nodes that can expose routes, logistics sites, and identities.
Moreover, the length of smart-city data retention is an underrecognized force multiplier for information operations. The actor that holds long-horizon, multimodal urban datasets enjoys an advantage in establishing attribution and shaping narratives. These datasets provide a verifiable baseline for confirming or challenging claims about military personnel, including their locations, activities, movements, and timing. Moreover, the same repositories that enable smart-city planning can also serve to construct deepfakes. By blending authentic time and location data with fabricated details, an adversary can create false accounts that appear credible—complete with maps, timelines, and video snippets. Such narratives could not only sow confusion among troops but also provoke misdirected responses, ultimately weakening the cohesion of the force.
Adversaries can acquire this data in several ways. Lawful access is possible through official channels that compel agencies to release records, such as court orders, subpoenas, or partnerships with local authorities. Legal purchase routes involve buying information from vendors who collect and sell location or other device data or from commercial data brokers. Insiders with legitimate credentials—such as employees, contractors, or technicians—may misuse their access to look up, copy, or pass along records. System compromise represents another illegal avenue and includes hacking into poorly secured systems and exploiting default vendor passwords. In practice, these pathways can overlap: a buyer may recruit an insider, a hacker may pose as a legitimate requester, or a lawful request may be paired with commercial datasets to close information gaps.
Examples of Countermeasures
Military decisionmakers should treat the urban data environment—including data retention—as part of the terrain and plan for it. Before deployment, intelligence and communications teams could identify where smart-city technologies are in operation and how long they retain information. Such mapping could also account for who can access the data. This mapping can then guide choices of routes, gates, and timing to reduce exposure. Moreover, training can help mitigate both data availability and data persistence. This is achieved by highlighting how seemingly minor details—such as facial recognition, gait signatures, or shopping habits—can be linked over time to reveal identity and routine. Instruction should include details on how small shifts in behavior can further reduce adversary advantage.
During deployment, leaders could use decision aids that flag when a planned route passes through areas dense with foreign-supplied sensors or systems with long data-retention practices. This could allow them to select lower-exposure alternatives. Red-team exercises can be built into each rotation by tasking an authorized partner to attempt a reconstruction of unit activity from municipal archives. Reviewing recent activity patterns can identify choke points or unit habits that city records might expose, allowing leaders to make small, deliberate changes that break those patterns. Together these practices help reduce the usable data trail an adversary can assemble.
Where feasible, host ministries and municipal authorities could be engaged to implement protective measures. Annexes to the Status of Forces Agreement or local memoranda of understanding could set short retention windows for data collected in designated military-adjacent zones, require signed deletion attestations, and prohibit vendors from exporting copies without explicit government approval. Additionally, financial and technical support could be offered to implement verifiable safeguards that are acceptable to host authorities, such as on-premises data storage with locally held encryption keys, strict access-control logs, and independent audits that verify deletion.
How long smart-city data is retained is not a problem for lawyers or technologists alone. It warrants command-level attention tied to movement planning, training, and alliance diplomacy. Because municipal and vendor archives often persist beyond a unit’s deployment—and can be easily accessible even through lawful purchase—failing to treat retention length as an operational risk can confer an asymmetric advantage on U.S. competitors. And it can enable adversaries to mine yesterday’s movements to inform tomorrow’s attacks.
If you enjoyed this post, check out the T2COM G-2’s Operational Environment Enterprise web page, brimming with authoritative information on the Operational Environment and how our adversaries fight.
About the Author: Anna M. Gielas holds a PhD in the history of science from the University of St Andrews (United Kingdom). After earning fellowships at Harvard University and, most recently, the University of Cambridge, she is currently working on a monograph on the integration of emerging technologies into the Armed Forces.
Disclaimer: The views expressed in this blog post do not necessarily reflect those of the U.S. Department of Defense, Department of the Army, or the Transformation and Training Command (T2COM).
