A handful of technology companies now claim that they can track and identify users of Starlink, the satellite internet communications service operated by SpaceX, according to a spate of new documents. These services not only raise privacy questions for Starlink consumers, but also a growing number of government agencies that deploy SpaceX’s service for internet and communications networks.
Sales documents, highlighted recently by the Israeli newspaper Haaretz, detail how software might be used to monitor terminals used to access the SpaceX internet service. At least two companies named by Haaretz, TechTarget and Rayzone, appear to be marketing tools that use a variety of data sources to surmise where Starlink terminals might be operating. The tools seem to be designed for government clients, per Haaretz, and aren’t designed to access or exploit any SpaceX system directly. Fast Company was also able to identify a website for a third company, Shoghi, advertising Starlink user identification services for government clients.
SpaceX and a series of resellers who sell Starlink to U.S. government agencies did not respond to Fast Company’s request for comment. Rayzone, one of the companies listed in the Haaretz story, tells Fast Company that it operates out of the Israeli Ministry of Defense’s Defense Export Control Agency and that “export of our products or technologies is subject to the required governmental approvals, in addition to our own strict internal compliance procedures.” The company said it would not comment on any media reports or its capabilities, and added that its products “are designed to assist governmental agencies in addressing terrorism and criminal activity.”
Of course, a range of actors use satellite internet services like Starlink, including activist groups, drug smugglers, and even military vessels, and there are plenty of reasons a government might want to purchase Starlink identification data from one of these firms. The fact that satellite terminals can potentially be identified isn’t new, but the story is a reminder that companies exist to find and catalog them at scale.
But there’s a flip side, since the existence of the tools also raises questions about whether government agencies have adequately protected themselves, since they also use Starlink.
“The U.S. Space Force takes the cybersecurity of our satellite communications and data networks extremely seriously,” says a spokesperson for U.S. Space Force Space Systems Command, which helps buy Starlink services for the military. “While we do not discuss specific operational security measures, threat assessments, or potential vulnerabilities due to OPSEC [operations security], we continuously monitor all integrated commercial systems to ensure they meet our rigorous security standards. We work closely with our commercial partners to identify, assess, and mitigate potential risks to our networks.”
A State Department spokesperson said the agency “does not comment on alleged vulnerabilities, specific communications capabilities, or protective measures associated with systems used by our personnel.”
Still, a growing number of U.S. government agencies, including the State Department, are now using Starlink, or Starshield, a military version of the service that runs on Starlink’s network. While these tools are sometimes marketed differently, they’re interconnected: A Starlink outage last year impacted Starshield, as FedScoop first reported, and also impacted Navy drone tests, Reuters later reported. Sometimes, the use of Starlink isn’t authorized: A few years ago, a Navy chief was demoted after sneaking Starlink onto a warship in order to access social media.
For Sascha Meinrath, a Penn State professor who has studied Starlink’s network capacity, the existence of these firms is “unsurprising,” given that satellite imagery has been used to identify communications infrastructure in the past.
“This begs the question of why Starlink is becoming the provider of choice for criminals around the globe, including everyone from Myanmar’s spam farms to paramilitary death squads in Sudan,” Meinrath tells Fast Company. “If both Starlink and, presumably, the U.S. government both know the precise locations of Starlink terminals, why are so many criminal elements able to continue using these systems with relative impunity?”
