dChan
Anonymous ID: c60ef8 June 14, 2022, 8:04 a.m. No.16444850   🗄️.is 🔗kun   >>4858 >>4875 >>4881 >>4922 >>4988 >>5056 >>5083

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATA

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

WHERE DOES THE DATA COME FROM?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

 

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

 

One app developer received the following marketing email from data broker Safegraph:

 

SafeGraph can monetize between $1-$4 per user per year on exhaust data (across location, matches, segments, and other strategies) for US mobile users who have strong data records. We already partner with several GPS apps with great success, so I would definitely like to explore if a data partnership indeed makes sense.

 

But brokers are not limited to data from apps they partner with directly. The ad tech ecosystem provides ample opportunities for interested parties to skim from the torrents of personal information that are broadcast during advertising auctions. In a nutshell, advertising monetization companies (like Google) partner with apps to serve ads. As part of the process, they collect data about users—including location, if available—and share that data with hundreds of different companies representing digital advertisers. Each of these companies uses that data to decide what ad space to bid on, which is a nasty enough practice on its own. But since these “bidstream” data flows are largely unregulated, the companies are also free to collect the data as it rushes past and store it for later use.

 

The data brokers covered in this post add another layer of misdirection to the mix. Some of them may gather data from apps or advertising exchanges directly, but others acquire data exclusively from other data brokers. For example, Babel Street reportedly purchases all of its data from Venntel. Venntel, in turn, acquires much of its data from its parent company, the marketing-oriented data broker Gravy Analytics. And Gravy Analytics has purchased access to data from the brokers Complementics, Predicio, and Mobilewalla. We have little information about where those companies get their data—but some of it may be coming from any of the dozens of other companies in the business of buying and selling location data.

 

If you’re looking for an answer to “which apps are sharing data?”, the answer is: “It’s almost impossible to know.” Reporting, technical analysis, and right-to-know requests through laws like GDPR have revealed relationships between a handful of apps and location data brokers. For example, we know that the apps Muslim Pro and Muslim Mingle sold data to X-Mode, and that navigation app developer Sygic sent data to Predicio (which sold it to Gravy Analytics and Venntel). However, this is just the tip of the iceberg. Each of the location brokers discussed in this post obtains data from hundreds or thousands of different sources. Venntel alone has claimed to gather data from “over 80,000” different apps. Because much of its data comes from other brokers, most of these apps likely have no direct relationship with Venntel. As a result, the developers of the apps fueling this industry likely have no idea where their users’ data ends up. Users, in turn, have little hope of understanding whether and how their data arrives in these data brokers’ hands.

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:05 a.m. No.16444858   🗄️.is 🔗kun   >>4875 >>4881 >>4922 >>4988 >>5056 >>5083

>>16444850

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART II

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

WHO SELLS LOCATION DATA?

Dozens of companies make billions of dollars selling location data on the private market. Most of the clients are the usual suspects in the data trade—marketing firms, hedge funds, real estate companies, and other data brokers. Thanks to lackluster regulation, both the ways personal data flows between private companies and the ways it’s used there are exceedingly difficult to trace. The companies involved usually insist that the data about where people live, sleep, gather, worship, and protest is used for strictly benign purposes, like deciding where to build a Starbucks or serving targeted ads.

 

But a handful of companies sell to a more action-oriented clientele: federal law enforcement, the military, intelligence agencies, and defense contractors. Over the past few years, a cadre of journalists have gradually uncovered details about the clandestine purchase of location data by agencies with the power to imprison or kill, and the intensely secretive companies who sell it.

 

This chart illustrates the flow of location data from apps to agencies via two of the most prominent government-facing brokers: Venntel and Babel Street.

 

The vendor we know the most about is Venntel, a subsidiary of the commercial agency Gravy Analytics. Its current and former clients in the US government include, at a minimum, the IRS, the DHS and its subsidiaries ICE and CBP, the DEA, and the FBI. Gravy Analytics does not embed SDKs directly into apps; rather, it acquires all of its data indirectly through other data brokers.

 

Few data brokers reveal where their data comes from, and Venntel is no exception. But investigations and congressional testimony have revealed at least a few of Venntel’s sources. In 2020, Martin Gundersen of NRK Beta filed requests under the GDPR’s Right to Know in order to trace how data about his location made its way to Venntel. He installed two navigation apps from the company Sygic, as well as an app called Funny Weather, and granted them location permissions. Funny Weather sold his data to location broker Predicio, which then sold it to Gravy Analytics. The Sygic apps sold data to both Predicio and another firm, Complementics, which sent data to Gravy as well. All of the data ended up inside Venntel’s database. In 2021, following a lengthy investigation by Sen. Ron Wyden, broker Mobilewalla revealed that it too had sold data to Venntel.

 

Gravy Analytics shares some information about its location-data practices on its website. Gravy claims it has access to “over 150 million” devices. It also states outright that it does not gather data from the bidstream. But government officials have told Congress that they believe Venntel’s data is derived both from SDKs and from the bidstream, and there is other evidence to support that belief. One of Venntel’s sources, Mobilewalla, has testified to Congress that it gathers and sells bidstream-based location data. Government contracts describe Venntel’s dataset as containing data from “over 80,000 apps.” Data brokers that rely solely on SDKs, like X-Mode, tend to maintain direct relationships with just a few hundred apps. Venntel’s incredible app coverage makes it likely that at least a portion of its data has been siphoned from the bidstream.

 

Venntel’s data is disaggregated and device-specific—making it easier for this data to point right to you. Motherboard reported that Venntel allows users to search for devices in a particular area, or to search for a particular device identifier to see where that device has been. It allows customers to track devices to specific workplaces, businesses, and homes. Although it may not include explicitly identifying information like names or phone numbers, this does not mean it is “anonymous.” As one former employee told Motherboard, “you could definitely try and identify specific people.”

Venntel has sold several annual licenses to its “Venntel Portal,” a web app granting access to its database, at a price of around $20,000 for 12,000 queries. It has also sold direct access to all of its data from a region, updated daily and uploaded to a government-controlled server, for a more lavish $650,000 per year.

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:07 a.m. No.16444875   🗄️.is 🔗kun   >>4922 >>4988 >>5056 >>5083

>>16444858, >>16444850

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART III

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

Babel Street first registered Locate X with the U.S. Patent and Trademark Office in 2017. The service allows Babel’s clients to query a database of app-derived location data. Locate X can be used to draw a digital fence around an address or area, pinpoint devices that were in that location, and see where else those devices went in prior months. Records obtained by Motherboard from DHS reveal that, according to a DHS official, “Babel Street basically re-hosts Venntel’s data at a greater cost and with significant constraints on data access.” Babel Street employees have also said Venntel is the ultimate source of most of the location data flowing to the federal government that we are aware of.

 

Although Babel Street has many public-facing marketing materials, it has attempted to keep details about Locate X a secret. Terms of use provided by Babel Street to its clients ban using Locate X data as evidence, or even mentioning it in legal proceedings. Still, several buyers of Locate X have been reported publicly, including the Air National Guard, the U.S. Special Forces Command (SOCOM), CBP, ICE, and the Secret Service.

 

Anomaly 6 (or “A6”) also sells app-derived location data to the government. Its existence was first reported by the Wall Street Journal in 2020.

A6 was founded by a pair of ex-Babel Street employees, Brendan Huff and Jeffrey Heinz. At Babel Street, the two men managed relationships with large government clients, including the Defense Department, the Justice Department, and the intelligence community. After striking off on their own, A6 allegedly began developing a product to compete with Babel Street’s Locate X, and catering its services to a very similar clientele. In 2018, Babel Street sued the company and its founders, and the two companies eventually settled out of court.

 

A6 presents very little information about itself publicly. Its website comprises just a company logo and an email address on an animated background. It is not registered as a data broker in either California or Vermont. Not much is known about A6’s data sources, either. The Wall Street Journal reported that it collects data via SDKs in “more than 500” mobile apps. According to a 2021 report by Motherboard, these SDKs are deployed by “partners” of the company, not A6 itself, creating a buffer between the company and its data sources. A6 claims its contracts with the government are “confidential” and it can’t reveal which agencies it’s working with. Public procurement records reveal at least one relationship: in September 2020, SOCOM division SOCAFRICA paid $589,000 for A6’s services.

 

In April 2022, The Intercept and Tech Inquiry reported on presentations that A6 made in a meeting with Zignal Labs, a social media monitoring firm with access to Twitter’s “firehose.” A6 proposed a partnership between the two firms that would allow their clients to determine “who exactly sent certain tweets, where they sent them from, who they were with,” and more. In order to demonstrate its capability, A6 performed a live demonstration: it tracked phones of Russian soldiers amassed on the Ukrainian border to show where they had come from, and it tracked 183 devices that had visited both the NSA and CIA headquarters to show where American intelligence personnel might be deployed. It followed one suspected intelligence officer around the United States, to an American airfield in Jordan, and then back to their home.

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:09 a.m. No.16444890   🗄️.is 🔗kun   >>4922 >>4988 >>5056 >>5083

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART V

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

HOW IS LOCATION DATA USED?

While several contracts between data brokers and federal agencies are public records, very little is known about how those agencies actually use the services. Information has trickled out through government documents and anonymous sources.

 

DEPARTMENT OF HOMELAND SECURITY

Perhaps the most prominent federal buyer of bulk location data is the U.S. Department of Homeland Security (DHS), as well as its subsidiaries, Immigrations and Customs Enforcement (ICE) and Customs and Border Patrol (CBP). The Wall Street Journal reported that ICE used the data to help identify immigrants who were later arrested. CBP uses the information to “look for cellphone activity in unusual places,” including unpopulated portions of the US-Mexico border. According to the report, government documents explicitly reference the use of location data to discover tunnels along the border. Motherboard reported that CBP purchases location data about people all around the United States, not just near the border. It conducts those searches without a court order, and it has refused to share its legal analysis of the practice with Congress.

 

The Federal Procurement Database shows that, in total, DHS has paid at least $2 million for location data products from Venntel. Recently released procurement records from DHS shed more light on one agency’s practice. The records relate to a series of contracts between Venntel and a recently-shuttered research division of DHS, the Homeland Security Advanced Research Projects Agency (HSARPA). In 2018, the agency paid $100,000 for five licenses to the Venntel Portal. A few months later, HSARPA upgraded to a product called “Geographic Marketing Data - Western Hemisphere,” forking over $650,000 for a year of access. This data was “delivered on a daily basis via S3 bucket”—that is, shipped directly to DHS in bulk. From context, it seems like the “Venntel Portal” product granted limited access to data hosted by Venntel, while the purchase of “Geographic Marketing Data” gave DHS direct access to all of Venntel’s data for particular regions in near-real-time.

 

The HSARPA purchases were made as part of a program called the Data Analytics Engine (DA-E). In a Statement of Work, DHS explained that it needed data specifically for Central America and Mexico in order to support the project. Elsewhere, the government has boasted that ICE has used “big data architecture” from DA-E to generate “arrests, seizures, and new leads.” ICE has maintained an ongoing relationship with Venntel in the years since, signing at least six contracts with the company since 2018.

 

FEDERAL LAW ENFORCEMENT

The FBI released its own contracts with Venntel in late 2021. The documents show that the FBI paid $22,000 for a single license to the Venntel Portal, but are otherwise heavily redacted. Another part of the Department of Justice, the Drug Enforcement Administration (DEA), committed $25,000 for a one-year license in early 2018, but Motherboard reported that the agency terminated its contract before the first month was up. According to the Wall Street Journal, the IRS tried to use Venntel’s data to track individual suspects, but gave up when it couldn’t locate its targets in the company’s dataset. Some of Babel Street’s law enforcement customers have had more success: Protocol reported that the U.S. Secret Service used Locate X to seize illegal credit card skimmers installed at gas pumps in 2018.

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:10 a.m. No.16444893   🗄️.is 🔗kun   >>4922 >>4988 >>5056 >>5083

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART VI

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

MILITARY AND INTELLIGENCE AGENCIES

Military and foreign intelligence agencies have used location data in numerous instances. In one unclassified project, researchers at Mississippi State University used Locate X data to track movements around Russian missile test sites, including those of high-level diplomats. The U.S. Army funded the project and said it showed “good potential use” of the data in the future. It also said that the collection of cell phone data was consistent with Army policy as long as no “personal characteristics” of the phone’s owner were collected (but of course, detailed movements of individuals are actually “personal characteristics”).

 

Another customer of Locate X is the Iowa Air National Guard, as first reported by Motherboard. Specifically, the Des Moines-based 132d wing—which reportedly conducts “long-endurance coverage” and “dynamic execution of targets” with MQ-9 Reaper drones—purchased a 1-year license to Locate X for $35,000. The air base said the license would be used to “support federal mission requirements overseas,” but did not elaborate further.

 

Anomaly 6 only has one confirmed federal client: the U.S. Special Operations Command, or SOCOM. In 2020, SOCAFRICA - a division which focuses on the African continent - spent nearly $600,000 on a “commercial telemetry feed” from A6. In March 2021, SOCOM told Vice that the purpose of the contract was to “evaluate” the feasibility of using A6 services in an “overseas operating environment,” and that the government was no longer executing the contract. In September 2021, federal procurement records show that the U.S. Marines’ special operations command, MARSOC, executed another contract for $8,700 for “SME Support” from A6. (SME could stand for Subject Matter Expert, implying that A6 provided training or expertise.)

 

Finally, the Defense Intelligence Agency (DIA) has confirmed that it, too, works with location data brokers. In a January 2021 memo to Senator Ron Wyden, DIA stated that it “provides funding to another agency” that purchases location data from smartphones on its behalf. The data is global in scope, including devices inside and outside the United States, though the DIA said it segregates U.S. data points into a separate database as it arrives. The U.S. location database can only be queried after a “specific process” involving approval from multiple government agencies, and the DIA stated that permission had been granted five times in the previous two and a half years. The DIA claimed it needs a warrant to access the information. It’s unclear which data broker or brokers the DIA has worked with.

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:11 a.m. No.16444905   🗄️.is 🔗kun   >>4988 >>5056 >>5083

HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART VII

Published: June 14, 2022

SOURCE: ELECTRONIC FRONTIER FOUNDATION

 

WHAT CAN WE DO?

Congress must ban federal government purchase of sensitive location information. The issue is straightforward: government agencies should not be able to buy any personal data that normally requires a warrant.

 

But legislatures should not stop there. Personal data is only available to government because it’s already amassed on the private market. We need to regulate the collection and sale of personal data by requiring meaningful consent. And we should ban online behavioral advertising, the industry which built many of the tracking technologies that enable this kind of mass surveillance.

 

The developers of mobile operating systems also have power to shut down this insidious data market. For years, both Apple and Google have explicitly supported third-party tracking with technology like the advertising identifier. They must reverse course. They also must crack down on alternative methods of tracking like fingerprinting, which will make it much more difficult for brokers to track users. Furthermore, OS developers should require apps to disclose which SDKs they pack into their apps and whom they share particular kinds of data with. Both Apple and Google have made strides towards data-sharing transparency, giving users a better idea of how particular apps access sensitive permissions. However, users remain almost entirely in the dark about how each app may share and sell their data.

 

Fortunately, you can also take steps towards preventing your location data from winding up in the hands of data brokers and the federal government. As a first step, you can disable your advertising identifier. This removes the most ubiquitous tool that data brokers use to link data from different sources to your device. You can also look at the apps on your phone and turn off any unnecessary permissions granted to third-party apps. Data brokers often obtain information via apps, and any app with location permission is a potential vector. Revoke permissions that apps do not absolutely need, especially location access, and uninstall apps that you do not trust.

 

https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html

Anonymous ID: c60ef8 June 14, 2022, 8:40 a.m. No.16445070   🗄️.is 🔗kun   >>5085 >>5087 >>5107

why NS night shift?

 

Because other shifts never seemed to be able to handle the fucking TRUE TRUE!

Its not like anyanon wanted it that way

Its just the way it always was…..

Guardians and Gatekeepers sometimes don't even know that they are guardians and gatekeepers!

Its just what they become…..

What the DS made them and they cannot break the programming

They are here, trying…..

Its terrible to watch

The suspense!

Anonymous ID: c60ef8 June 14, 2022, 8:52 a.m. No.16445120   🗄️.is 🔗kun

>>16445087

That's the true true on Bacquiers level but (you) know what anon means as far as day v night "AUDIENCE" is concerned.

 

Anon couldn't get much of shit thru 3 second delta's and shit!

Daybakes be lik "nah"!

Which is when the baker wars truly began in this anons mind.

 

Don't get Anon started :D

kek

Anonymous ID: c60ef8 June 14, 2022, 9 a.m. No.16445148   🗄️.is 🔗kun

>>16445107

You know as well as this Anon that ALL KINDS OF SHIT has hit this board and tons of it (protocols, dozens of times, all by themselves with zero explanation, for instance) have stuck and conversely tons of it, including plenty of good shit, has been rejected simply because of Bias.

Anon learned to not worry as much.

But ThanQ for the diligence in helping Qresearch look less tarded!