Sovereignty Support Movement Sovereignty for West Asia
by Jamal Meselmani, published on The Cradle, June 4, 2026
Users who turn to Starlink believing it grants anonymity may be stepping into a far more dangerous trap. An Israeli investigation suggests that satellite internet users can be detected, located, and linked to real identities within minutes.
This is not necessarily by hacking Starlink or breaking its encryption, but by exploiting the commercial data economy that follows every phone, app, and advertising ID.
In West Asia, and especially in Lebanon, the danger is immediate. Starlink users may believe they are slipping past broken infrastructure, censorship, or wartime shutdowns.
Instead, they may be handing Israeli and US intelligence-linked systems the very data needed to identify, map, and target them – from journalists and doctors to bank employees, refugees, fighters, aid workers, and civilians in border villages.
On 12 May 2026, Haaretz revealed that two Israeli-linked companies had developed systems capable of locating Starlink terminals worldwide and linking many of them to identifiable users without intercepting communications or breaking Starlink’s encryption.
The first company, TargetTeam, is based in Cyprus and managed by engineers with Israeli intelligence backgrounds. It developed a system called Stargetz, which, according to marketing material reviewed by the newspaper, can monitor nearly one million Starlink terminals worldwide and identify about 200,000 of them by linking the terminals to specific individuals.
The second company, Rayzone, was founded in Israel, and its sales are subject to oversight by the Israeli Ministry of Defense. It offers similar capabilities as part of a wider intelligence package.
The Haaretz investigation makes clear that the intelligence trade no longer needs to crack open a communication channel when it can map everything surrounding it. Interception has given way to inference: who connected, from where, through which device, at what time, and alongside which other digital traces.
For states like Lebanon, that shift tears through the old assumptions on which digital sovereignty was supposed to rest.
Governments should no longer ask only what adversaries can steal from their networks. The more urgent question is what those adversaries can infer about citizens from digital infrastructures that present themselves as commercial, neutral, and detached from war.
From interception to inference
For decades, signals intelligence (SIGINT) in satellite communications rested on the single structural assumption that every satellite eventually connects to the ground through a gateway, and every gateway sits inside a national jurisdiction.
On that basis, intelligence agencies installed interception equipment at the terrestrial points where satellite beams met national telecommunications infrastructure. Starsky, the system sold by the Israeli company Verint to India in 2016, represented the peak of that doctrine: an interception platform physically installed at the ground gateways of traditional satellite communications operators.
Starlink effectively ended that doctrine. With SpaceX deploying more than 8,000 satellites in low Earth orbit, and with ground gateways distributed in locations selected by the company outside the states being targeted, physical interception has become, as the investigation describes it, “physically impossible” from a signal-engineering perspective.
A state that wants to spy on Starlink users on its own territory has no physical-layer interception option. This applies to China, Russia, and Iran as much as it does to smaller states.
But the death of interception did not create an intelligence vacuum. It produced a qualitative shift toward what can be called multi-source inference – a model that does not try to access the content of communications, but instead maps the full context around them.
In addition to the message, the target is now the user: where he is, what device he uses, which app he opens, when he connects, and how he relates to other users. This changes the definition of an intelligence target and reshapes the economy of the intelligence industry itself.
The ad auction where coordinates are sold
The operational model exposed by Stargetz deserves technical unpacking because it reflects a new logic that will likely be reproduced in other tools. The system operates across three layers.
The first layer is the digital advertising exchange, the hidden infrastructure where real-time auctions take place whenever a user opens an app or website. This market is worth tens of billions of dollars annually and runs on bidstream data – a constant stream of offers containing user identifiers, geographic coordinates, and device characteristics.
According to the Israeli financial outlet Globes, Rayzone established two Israeli subsidiaries – Impulse Programmatic and Oxylon – that connect advertisers with ad exchanges, giving the company a commercial foothold inside the same advertising markets from which Advertising Intelligence (ADINT) systems draw their data.
The second layer is the unified advertising identifiers assigned by Apple and Google to every smartphone: IDFA and AAID. These identifiers were originally created to serve advertisers by linking user activity across different apps to one stable ID.
When these identifiers are combined with geolocation data collected by apps in the background, every movement of a user becomes readable inside a continuous timeline.
The third and most important layer is data fusion.
A system such as Stargetz does not invent a new way to access a Starlink terminal. It links the internet terminal – known through its connection address and network signatures – to the phones that connect through it, which are known through their advertising identifiers and locations.
The time–space correlation between the two is enough to attribute identity. When the same advertising ID appears on other networks outside Starlink, the full user profile begins to take shape: movements, relationships, and patterns of use.
According to the investigation, TargetTeam presented a live demonstration in Vienna showing an interactive map updated every six minutes. The map displayed Starlink terminals from West Asia to the Arabian Peninsula, the Persian Gulf, the Arabian Sea, and the Bay of Bengal.
Among the examples presented was a Starlink account opened with a Mexican phone number, operated from Pakistan, whose owner traveled regularly to Iran. The “target” was identified in less than a single demonstration session.
One salesperson quoted in the investigation said: “The ship may hide itself, but its crew still needs porn and TikTok.”
ADINT and the Israeli intelligence market
The importance of this investigation extends well beyond Starlink. It exposes the maturity of an entire industry known as ADINT.
This industry was examined in a 2023 investigation by Globes, which identified several Israeli firms active in the field, most prominently Rayzone, founded by Yohai Bar Zakay Hassidof, a former deputy commander in Israeli military intelligence Unit 8200. Other companies include Bsightful in Herzliya, in which Cognyte – the former defense arm of Verint – has invested.
The main US competitor is Virginia-based Venntel, which was investigated by a US congressional committee at the initiative of Senator Elizabeth Warren over contracts with the Department of Homeland Security and the FBI.
From an export-control perspective, the Haaretz investigation reveals that the Israeli Ministry of Defense, through the Defense Export Controls Agency (DECA), supervises Rayzone sales in the same way it supervises weapons sales.
That places the product inside the Israeli regulatory category of a dual-use weapon. Any sale requires sovereign approval.
In other words, these are not merely commercial firms selling a controversial civilian product. They are part of a regulated export system that serves Tel Aviv’s foreign policy objectives.
When this is read alongside the 3 May Haaretz report that Israeli companies, including Rayzone, exploited Swiss telecommunications networks and the old SS7 protocol to track users worldwide by impersonating telecom operators, it becomes clear that this is not an isolated product, but an integrated operational doctrine marketed as a service to states.
The geopolitical implications of this industry must be read through the framework of the “gray zone,” the term developed by US strategists to describe operations that sit below the threshold of conventional war but above ordinary competition.
ADINT technologies produce operational intelligence effects equal to, and sometimes greater than, costly traditional espionage operations. They do so with almost no political cost and without leaving a legal attribution trail.
This explains why these tools have become preferred instruments in asymmetric conflicts between technologically advanced states and institutionally weak states.
The digital kill chain
The danger becomes clearer when ADINT technologies are read as one link in a longer chain.
The Business and Human Rights Centre has collected reports alleging that US firm Palantir Technologies provides data analytics tools used by Israel in AI-assisted targeting operations in Gaza, placing the company inside what military doctrine calls the digital kill chain – the process through which raw data is converted into a targeting decision.
Subsequent press investigations revealed that Microsoft and OpenAI provided AI tools and cloud services used in automated targeting operations in Gaza and Lebanon.
Inside this wider structure, Stargetz and similar systems occupy a foundational position – target identification.
The next layer is analysis and aggregation, handled by platforms such as Palantir. Then comes verification through other intelligence sources, followed by the targeting decision.
In traditional operations, this sequence could take hours or days. In the current Israeli model, it has been reduced to minutes.
A 2024 investigation by +972 Magazine and Local Call revealed that Israeli military intelligence used an AI system known as Lavender to generate vast lists of Palestinians marked for assassination in Gaza, accelerating target production to a scale unthinkable in earlier wars.
All these systems rest on the same assumption. The targeted society has been turned into a data structure that can be read in real time.
Lebanon’s loss of digital sovereignty
Seen in this light, Lebanon’s decisions on Starlink carry implications very different from how they were presented domestically.
On 11 September 2025, the Lebanese cabinet issued Decision No. 5, granting Starlink Lebanon a license to operate in the country after years of documented security objections from the parliamentary Media and Telecommunications Committee, as well as security and digital-rights experts.
The decision theoretically required the creation of a “security control center” in Qatar, giving Lebanese security agencies a level of access to the monitoring architecture of the service.
On 5 March 2026, Decision No. 11 amended the earlier decision and introduced a shift that deserves close scrutiny.
According to documentation from SMEX, a digital-rights organization covering West Asia and North Africa, the amended decision allows Starlink to operate before the Qatar-based security oversight center is operational, shifts responsibility for security-agency approvals to the telecommunications minister, and strips away the earlier safeguard requiring Lebanese security access to the oversight infrastructure.
From a national security perspective, this creates three structural breaches.
First, there is no sovereignty over data. Lebanon has no national point from which it can see what happens in the deeper layers of the system, and no national management of encryption keys.
This means data generated by Starlink use in Lebanon is not subject to Lebanese jurisdiction. It is theoretically and legally exposed to the US CLOUD Act, which allows US authorities to request data from companies under US jurisdiction regardless of where that data is stored.
Second, exposure is asymmetric. In the current war with Israel, there is no symmetry between the Lebanese user’s understanding of the service and the adversary’s ability to exploit it.
The Haaretz investigation documents that at least one adversary possesses ready-made commercial tools to exploit the identity layer linked to the service, while Lebanon does not even possess a basic analytical structure to read the threat.
Third, the institutional handling of the risk is ethically indefensible.
When decisions to authorize such a service are taken without a public national debate and without public reports from security agencies, the end user – a bank employee, a hospital doctor, a village journalist, a refugee in a camp – is forced to carry risks he neither consented to nor was informed about.
A tool designed to bypass the failure of national infrastructure has become an infrastructure through which identities can be compromised. In Lebanon, the service becomes a point of compounded exposure because the host state lacks the sovereign tools needed to manage the risk.
What Lebanon must do
This case carries political consequences beyond Lebanon. It concerns every fragile state receiving offers of satellite communications services in the middle of a regional conflict. These consequences can be summarized across three levels.
At the legislative level, Lebanon and similar states need a modern data-protection framework that classifies sensitive information nationally and forces any foreign service provider to disclose the legal architecture governing its data.
The European General Data Protection Regulation (GDPR) cannot simply be copied into Arab contexts. But its core principles – informed consent, the right to know, and the right to deletion – must form a baseline.
At the operational level, the state needs to build a national technical capacity, even if modest, to monitor cyber threats and analyze digital fingerprints.
This does not mean building an Israeli-style electronic intelligence agency. It means establishing a minimum attribution capability, allowing the state to understand what is happening inside its own digital space.
Here, the experiences of states such as Estonia and Singapore, which built cyber capabilities on limited budgets through academic partnerships, offer useful models.
At the strategic level, Beirut needs a fundamental review of its licensing doctrine for foreign digital services during war.
Simply put, the general rule of national security is that technology developed by adversarial intelligence services, or emerging from their ecosystem, requires additional scrutiny.
This is not a call to reject Starlink or similar services outright. It is a call to subject licensing decisions to a comprehensive review that addresses the deeper layers of risk, not only the surface-level utility.
When intelligence speaks the language of advertising
US political scientist Ian Bremmer, president of Eurasia Group, describes the contemporary international system as “technopolar,” meaning that major technology companies possess computing power and research budgets that place them on a level comparable to entire states.
The Haaretz piece adds another layer to this framework. Major technology companies are not the only actors. Small, specialized firms operating in the gray zone between markets and intelligence can also reshape informational power between states.
These firms do not need the budget of a national intelligence agency. They need access to open advertising markets, engineers trained in intelligence units, and export approval from a sponsoring Defense Ministry.
The new intelligence trade no longer needs to break the signal when the advertising market already sells the trail.
The old intelligence model depended on interception. The new one thrives on inference. It does not need to seize the message when it can reconstruct the person around it.
That shift moves the battlefield from state networks to civilian behavior, with private firms supplying states the tools to read, rank, and expose individual lives.
Fragile states that license satellite communications services without sovereign oversight are opening digital spaces to adversaries and turning citizens into coordinates on maps drawn elsewhere.
Perhaps the biggest take from the Israeli investigation is that Tel Aviv may now know more about the digital terrain of Beirut, Damascus, and Baghdad than those capitals know themselves.
That is where any serious debate on digital sovereignty in the region must begin.
Jamal Meselmani is a consultant, researcher, and lecturer specializing in digital transformation, artificial intelligence, and digital security. His expertise also spans creativity and innovation, the digital economy, and educational leadership. He writes and conducts in-depth analysis on technology-related issues at both local and global levels, with a particular focus on the geopolitical impact of technology on international conflicts, national security, and the global economy.
