- cross-posted to:
- privacy@lemmy.ml
- security@lemmy.ml
- hackernews@lemmy.smeargle.fans
Excerpts below. Article states that it is. “Adapted from Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State, by Byron Tau” Archive: https://ghostarchive.org/archive/5bsWU
2019:
Working with Grindr data, Yeagley began drawing geofences—creating virtual boundaries in geographical data sets—around buildings belonging to government agencies that do national security work. That allowed Yeagley to see what phones were in certain buildings at certain times, and where they went afterwards.
Then he started looking at the movement of those phones through the Grindr data. When they weren’t at their offices, where did they go? A small number of them had lingered at highway rest stops in the DC area at the same time and in proximity to other Grindr users—sometimes during the workday and sometimes while in transit between government facilities. For other Grindr users, he could infer where they lived, see where they traveled, even guess at whom they were dating.
No disciplinary actions were taken against any employee of the federal government based on Yeagley’s presentation. His aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story—one that people might prefer to keep quiet.
Our real-world movement is highly specific and personal to all of us. For many years, I lived in a small 13-unit walk-up in Washington, DC. I was the only person waking up every morning at that address and going to The Wall Street Journal’s offices. Even if I was just an anonymized number, my behavior was as unique as a fingerprint even in a sea of hundreds of millions of others. There was no way to anonymize my identity in a data set like geolocation. Where a phone spends most of its evenings is a good proxy for where its owner lives. Advertisers know this.
Governments know this too. And Yeagley was part of a team that would try to find out how they could exploit it.
PlanetRisk hired Yeagley in 2016 as vice president of global defense—essentially a sales and business development job. The aim was for him to develop his adtech technology inside the contractor, which might try to sell it to various government agencies. Yeagley brought with him some government funding from his relationships around town in the defense and intelligence research communities.
PlanetRisk’s earliest sales demo was about Syria: quantifying the crush of refugees flowing out of Syria after years of civil war and the advancing ISIS forces. From a commercial data broker called UberMedia, PlanetRisk had obtained location data on Aleppo—the besieged Syrian city that had been at the center of some of the fiercest fighting between government forces and US-backed rebels. It was an experiment in understanding what was possible. Could you even obtain location information on mobile phones in Syria? Surely a war zone was no hot spot for mobile advertising.
But to the company’s surprise, the answer was yes. There were 168,786 mobile devices present in the city of Aleppo in UberMedia’s data set, which measured mobile phone movements during the month of December 2015. And from that data, they could see the movement of refugees around the world.
The discovery that there was extensive data in Syria was a watershed. No longer was advertising merely a way to sell products; it was a way to peer into the habits and routines of billions. “Mobile devices are the lifeline for everyone, even refugees,” Yeagley said.
They realized they could track world leaders through Locomotive, too. After acquiring a data set on Russia, the team realized they could track phones in the Russian president Vladimir Putin’s entourage. The phones moved everywhere that Putin did. They concluded the devices in question did not actually belong to Putin himself; Russian state security and counterintelligence were better than that. Instead, they believed the devices belonged to the drivers, the security personnel, the political aides, and other support staff around the Russian president; those people’s phones were trackable in the advertising data. As a result, PlanetRisk knew where Putin was going and who was in his entourage.
Locomotive, the first version of which was coded in 2016, blew away Pentagon brass. One government official demanded midway through the demo that the rest of it be conducted inside a SCIF, a secure government facility where classified information could be discussed. The official didn’t understand how or what PlanetRisk was doing but assumed it must be a secret. A PlanetRisk employee at the briefing was mystified. “We were like, well, this is just stuff we’ve seen commercially,” they recall. “We just licensed the data.” After all, how could marketing data be classified?
Locomotive was renamed VISR, which stood for Virtual Intelligence, Surveillance, and Reconnaissance. It would be used as part of an interagency program and would be shared widely inside the US intelligence community as a tool to generate leads.
But VISR, by now, is only one product among others that sell adtech data to intelligence agencies. The Department of Homeland Security has been a particularly enthusiastic adopter of this kind of data. Three of its components—US Customs and Border Protection, US Immigration and Customs Enforcement, and the US Secret Service —have bought more than 200 licenses from commercial ad tech vendors since 2019. They would use this data for finding border tunnels, tracking down unauthorized immigrants, and trying to solve domestic crimes. In 2023, a government inspector general chastised DHS over the use of adtech, saying that the department did not have adequate privacy safeguards in place and recommending that the data stop being used until policies were drawn. The DHS told the inspector general that they would continue to use the data. Adtech “is an important mission contributor to the ICE investigative process as, in combination with other information and investigative methods, it can fill knowledge gaps and produce investigative leads that might otherwise remain hidden,” the agency wrote in response.
We all have a vague sense that our cell phone carriers have this data about us. But law enforcement generally needs to go get a court order to get that. And it takes evidence of a crime to get such an order. This is a different kind of privacy nightmare.
This was a super interesting read.
If you are looking for more info, I see that 404 media has a podcast with the book author, Byron Tau (I’ve not yet listened): https://www.404media.co/interview/