On March 24, German federal prosecutors announced the arrest of two people for spying on behalf of Russian intelligence. The target was a person in Germany who supplies drones and components to Ukraine. One suspect filmed the target’s workplace. The other visited the target’s home and photographed it with a phone.

The Generalbundesanwalt’s own language is worth noting. The surveillance served “the preparation of further intelligence operations against the target person.” In plain language: they were building a kill file.

This is not an isolated case. It is the latest entry in an escalation pattern that has been tightening across Europe for two years.

The Ladder

Apr 2024	Germany	Two German-Russian nationals arrested in Bayreuth for photographing military installations and railway tracks, including the US training base at Grafenwöhr. Planning arson and explosions to disrupt arms logistics to Ukraine.
Jul 2024	Germany	US and German intelligence foil Russian plot to assassinate Armin Papperger, CEO of Rheinmetall, Europe’s largest ammunition producer.
Jul 2024	UK / Germany	Incendiary devices disguised inside vibrating cushions and cosmetics tubes shipped via DHL through Leipzig. One detonates at a DHL hub in Birmingham. Another catches fire in Leipzig before loading onto a cargo flight.
Sep 2025	UK	Three arrested for running sabotage and espionage operations for Russia. Follows convictions of a Wagner-directed arson cell and a Bulgarian spy ring that surveilled a US military base.
Oct 2025	Poland / Romania	Poland arrests eight for espionage and sabotage, bringing total detentions to 55 over three years. Romania intercepts two Ukrainian citizens placing explosive packages at a delivery company under Russian intelligence coordination.
Nov 2025	France	Four detained for spying for Russia and promoting wartime propaganda.
Jan 2026	Germany	Ilona W. arrested in Berlin. GRU agent posing as Ukrainian community advocate, sat rows behind Zelenskyy and Merz at political events. Gathered intelligence on drone test sites, arms deliveries, defense industry personnel. Her GRU handler, operating as deputy military attaché, expelled within 72 hours.
Mar 2026	Germany / Spain	Ukrainian and Romanian nationals arrested for surveilling a single drone supplier. Structured handoff when first agent relocated. Filming workplace and home address. Prosecutors cite preparation for “further operations.”

The Pattern

Sweden’s defense research agency FOI published a study in January 2026 analyzing 70 individuals convicted of espionage across 20 European countries between 2008 and 2024. The taxonomy it produced reads like a field guide to what German prosecutors keep uncovering: the Observer, the Disposable, the Mobile Spy who exploits Schengen to operate across jurisdictions, the Connected Agent recruited through diaspora networks. The categories overlap. An observer may also be mobile. A disposable may be embedded in a criminal network.

The operational signature is consistent. Russia recruits non-Russian nationals for deniability. It uses Telegram for tasking and cryptocurrency for payment. It treats agents as expendable. When one relocates, another steps in. The March 24 case is textbook: a Ukrainian and a Romanian, a structured handoff, a target in the drone supply chain.

S&P Global’s November 2025 analysis warned that while sabotage incidents appeared to decline in 2025, this likely represented strategic recalibration rather than de-escalation, with increased activity expected in 2026. NATO described the threat level as “record high.”

The Timing

The March 24 arrests came 24 days into the American Operation Epic Fury. Russia is fighting a hybrid war on two fronts simultaneously.

• In Europe, it continues targeting the logistics chain that supplies Ukraine.
• In the Middle East, it is providing Iran with intelligence on US military positions, including the locations of American warships and aircraft.

Zelenskyy stated on March 24 that Ukrainian intelligence has “irrefutable evidence” of Russian intelligence sharing with Tehran. The EU’s foreign affairs chief Kaja Kallas said the same thing publicly. CNN and the Washington Post reported it independently, citing US officials.

And yet the US intelligence community’s own 2026 Annual Threat Assessment, released March 18, contains fewer references to Russia than the 2025 edition. References dropped from 152 to 99. The document explicitly warns about both inadvertent and deliberate escalation with NATO, but the analytical attention has thinned.

CEPA analysts framed it clearly: the question is whether Europe can use Washington’s distraction to strengthen its own posture on Ukraine while the Americans aren’t looking. The flip side is that Russia can use the same distraction to intensify operations that European counter-intelligence services are already struggling to contain.

The counter-sabotage response remains largely national. Coordination between governments is limited. Coordination between governments and the private sector is worse. The people being surveilled, the drone suppliers and logistics operators who keep Ukraine in the fight, are mostly on their own.

From Papperger to Any Drone Shop

Two years ago, Russia tried to kill the CEO of Europe’s largest arms manufacturer. Now it is filming the home address of someone who ships drone parts. The target selection has moved from the strategic to the granular.

This is not a reduction in ambition. It is an expansion in scope. The supply chain that delivers weapons to Ukraine is long, distributed, and staffed by people who do not have security details.

Russia has evidently decided that every link in that chain is worth mapping. The Generalbundesanwalt just called it preparation for further operations.

Update April 3: U.S. intelligence estimates that Iran still has at least 50% of capacity remaining, despite relentless U.S. attacks that have severely diminished America’s own arsenal.

---

The United States blew more money in 16 days of war, without objective, than Iran spends in a year on its entire military. That asymmetric cost model is a problem for America.

The red wall on the chart above is US war spending at $750 million per day. The flat black line along the bottom is Iran’s entire annual military budget spread over 365 days.

Same money. The US is blowing dollars 23 times faster. By March 15, of Operation Epic Fury, the Pentagon had spent over $12 billion. Iran’s total annual military expenditure, according to the IISS Military Balance, is approximately $10 billion.

Then the Pentagon asked Congress for $200 billion more, because it can’t sustain itself. That is the dashed red line shooting off the top of the chart. Twenty years of Iran’s entire military budget, was requested as a supplemental.

The missile math

	United States	Iran
Pre-war stockpile	3,000-4,500 Tomahawks	8,000-10,000 ballistic missiles
Fired in 4 weeks	850+ Tomahawks	1,191 ballistic missiles
% of stockpile spent	~25%	~13% (fired only)
Confirmed destroyed	N/A	~33% of total arsenal
Still operational	~75% (globally)	~33% confirmed + recoverable
Monthly production	5 Tomahawks	100+ missiles (Rubio’s number)
Cost per unit	$2.2-3.6 million	~$50,000-300,000
Build time per missile	Up to 24 months	Unknown, far shorter
Time to replace what was fired	14+ years at current rate	~9 months

The United States burned a quarter of its global Tomahawk inventory to confirm-destroy only a third of one country’s missile arsenal. That is to say US intelligence are struggling to verify that a third is destroyed. Another third is damaged or buried underground, potentially recoverable when fighting stops. The remaining third is operational. The $12B spent doesn’t seem to have obliterated Iran missile strength, only confirmed the resilience of it.

Iran launched 15 ballistic missiles at the UAE on March 27 alone.

The IDF says 70% damaged (and rebombing needed). US intelligence says 33% confirmed destroyed. Trump says 99% decimated. Iran launched over a dozen ballistic missiles at the UAE the same day. Three governments, three numbers, none of it reconcilable with what’s still flying.

The production asymmetry

Secretary of State Marco Rubio said it himself on March 2:

[Iran is able to produce] over 100 of these missiles a month. Compare that to the six or seven interceptors that can be built a month.

The Tomahawk production rate is worse. The Pentagon budgeted for 57 Tomahawks in the FY2026 budget. Actual recent production has averaged roughly 60 per year, or 5 per month. Iran builds in a single month what the US builds in 20 months.

Raytheon has signed a framework to scale to 1,000 Tomahawks per year. That capacity will not arrive until approximately 2028. Each missile takes up to two years to build. The FPRI’s Payne Institute documented that the coalition expended 5,197 munitions across 35 types in the first 96 hours alone, at a replacement cost of $10-16 billion, and that the single domestic source for warhead high explosives, the Holston Army Ammunition Plant in Tennessee, had not received any orders to increase production as of March 12.

The Pacific problem

Every Tomahawk fired at Iran is one fewer available for a Taiwan contingency. CSIS estimated that a conflict in the Western Pacific could consume 5,000 long-range missiles in three weeks. At current depletion rates, the US may not have enough for either theater. Pentagon officials described the Middle East Tomahawk supply as approaching “Winchester”, military slang for out of ammunition.

Trump said it at a Cabinet meeting on March 26:

The problem with the straits is this: let’s say we do a great job. We say we got 99%. 1% is unacceptable, because 1% is a missile going into the hull of a ship that cost a billion dollars.

He described the unsolvable problem without realizing it. You cannot get to zero when the target has underground production, a dozen hardened facilities at 500 meters depth, and the attacker’s stockpile is finite and shrinking.

Houthis also are firing ballistic and cruise missiles at Israel for the first time since Epic Fury began.

The war is expanding, not contracting.

An E-3 Sentry AWACS was damaged in the Iranian strike on Prince Sultan Air Base in Saudi Arabia, along with KC-135 refueling aircraft. That’s a $700m one-of-a-kind surveillance aircraft, limited fleet, not easily replaced. Iran hit it with a missile that cost a fraction. The US has 12 wounded from that single strike, bringing the total to 303 Americans wounded, 13 killed.

The math does not work. America is walking off a missile cliff.

Google’s Pixel Watch has been fabricating health data.

The March 2026 update to the Fitbit app caused it to double and triple users’ step counts, invent calorie burns, and simultaneously delete SpO2 and skin temperature tracking entirely. The device was deleting and fabricating health data at the same time.

Google’s fix for this serious integrity breach?

Stop generating new bad data going forward. Leave corrupted records permanently in your health log. Reboot your own watch to receive the correction. The company that broke your data leaves it to you to take an action to receive the repair.

This is a data integrity governance story.

The gross promotion engine

Google has shut down over 280 products since 2010. Roughly one every two weeks for fifteen years. This is not a failure rate. This is an incentive structure producing its intended output.

Inside Google, engineers get promoted for launching new things. Maintaining existing products is career poison. Fixing bugs, preserving data integrity, honoring the promises made to users who bought hardware based on software commitments — none of this advances a career. A former Google Sheets lead described it plainly: teams that focus on users get passed over, while teams that ignore users get promoted first. The metrics become the objective. The product becomes the byproduct.

Fitbit was someone else’s product.

Google acquired it. Maintaining it with care is the opposite of what their internal grindstone system of shiny-new objects rewards.

The acquisition

Google paid $2.1 billion for Fitbit in 2021. Alphabet generated 83% of its $161.86 billion in 2019 revenue from targeted advertising. Fitbit’s value was its data back then. It came with heartbeats, sleep patterns, calorie intake, walking distances, menstrual cycles, health conditions. Twenty-eight million users’ worth.

The EU saw it coming.

The European Commission approved the deal only with conditions: a ten-year data silo keeping Fitbit health data separate from Google Ads, API access commitments for third-party developers, interoperability guarantees for competing wearables on Android. A monitoring trustee was appointed. Civil society groups across Europe had begged regulators to block the deal. The European Data Protection Board warned:

the possible further combination and accumulation of sensitive personal data regarding people in Europe by a major tech company could entail a high level of risk to the fundamental rights to privacy and to the protection of personal data.

The Commission approved it anyway. The EU’s stated preference is to regulate tech giants, not to prevent their expansion.

The squeeze

Five years later, here is what Google has done with its regulated acquisition.

It deprecated the Fitbit web app in July 2024, removing the only robust food tracking and data analysis tools without porting them to mobile. It forced all users to migrate from Fitbit accounts to Google Accounts. Forced as in comply by May 19, 2026, or lose all your historical health data, which gets deleted starting July 15, 2026. It launched a Gemini-powered “AI Coach” that requires users to share medical records through third-party partners including Clear, the facial recognition company best known for expediting airport security checks.

And it shipped an update that caused the health tracking device to hallucinate fitness data while deleting real biometric readings.

NOYB, the European privacy organization, filed complaints in Austria, the Netherlands, and Italy arguing that Fitbit forces consent from users who have no real choice.

Their lawyer put it simply: you buy a watch for a hundred euros, you sign up for a paid subscription, and then you’re told to “freely” agree to global data sharing or lose everything you’ve tracked for years.

The mechanism

Google does not sell fitness trackers. Google sells attention to advertisers.

Fitbit’s users are not customers. They are inventory.

The promotion culture ensures no one inside the company is incentivized to care about product integrity after launch. The acquisition model ensures that purchased products get absorbed into the data ecosystem and then neglected. The forced migration ensures that users cannot exit without losing their own health records. The regulatory framework ensures that commitments are narrow enough to honor in letter while violating in spirit.

Every piece of the system is functioning as designed. The step count fabrication is not a failure of the system. It is a product of a company where the word “maintenance” means “no one’s job.”

Integrity as threat

Google killed Google Reader despite 129 million active users. It killed Inbox despite widespread devotion. It killed Google Play Music, Hangouts, Google+, Stadia, and roughly 275 other products — each one representing a set of promises made to users who organized some part of their lives around the product’s continued existence.

The pattern reveals the value system and the lack of integrity breach reporting.

Launching is rewarded. Maintaining is tolerated. Caring about whether the thing you shipped still works correctly is not just unrewarded, it is structurally incompatible with Google’s internal concepts of skill and career advancement.

When maintaining integrity is career poison, you get a company that fabricates health data, ships the fix without repairing the damage, and leaves it to users to reboot their own devices to receive the correction.

When maintaining integrity is career poison, you get a company that buys a health platform, strips its best features, forces account migration under threat of data deletion, and then uses the captive user base to feed its AI model.

This is a management decision and direction. Everyone involved understands exactly what they are doing. That is what makes it a governance story, which exposes integrity breaches as still very different than confidentiality breaches.

The people inside Google who know this system is broken and continue operating it because the business model depends on it? They have a name. They are the product.

In related news: