HOW THE FEDERAL GOVERNMENT BUYS OUR CELL PHONE LOCATION DATAPART II
Published: June 14, 2022
SOURCE: ELECTRONIC FRONTIER FOUNDATION
WHO SELLS LOCATION DATA?
Dozens of companies make billions of dollars selling location data on the private market. Most of the clients are the usual suspects in the data trade—marketing firms, hedge funds, real estate companies, and other data brokers. Thanks to lackluster regulation, both the ways personal data flows between private companies and the ways it’s used there are exceedingly difficult to trace. The companies involved usually insist that the data about where people live, sleep, gather, worship, and protest is used for strictly benign purposes, like deciding where to build a Starbucks or serving targeted ads.
But a handful of companies sell to a more action-oriented clientele: federal law enforcement, the military, intelligence agencies, and defense contractors. Over the past few years, a cadre of journalists have gradually uncovered details about the clandestine purchase of location data by agencies with the power to imprison or kill, and the intensely secretive companies who sell it.
This chart illustrates the flow of location data from apps to agencies via two of the most prominent government-facing brokers: Venntel and Babel Street.
The vendor we know the most about is Venntel, a subsidiary of the commercial agency Gravy Analytics. Its current and former clients in the US government include, at a minimum, the IRS, the DHS and its subsidiaries ICE and CBP, the DEA, and the FBI. Gravy Analytics does not embed SDKs directly into apps; rather, it acquires all of its data indirectly through other data brokers.
Few data brokers reveal where their data comes from, and Venntel is no exception. But investigations and congressional testimony have revealed at least a few of Venntel’s sources. In 2020, Martin Gundersen of NRK Beta filed requests under the GDPR’s Right to Know in order to trace how data about his location made its way to Venntel. He installed two navigation apps from the company Sygic, as well as an app called Funny Weather, and granted them location permissions. Funny Weather sold his data to location broker Predicio, which then sold it to Gravy Analytics. The Sygic apps sold data to both Predicio and another firm, Complementics, which sent data to Gravy as well. All of the data ended up inside Venntel’s database. In 2021, following a lengthy investigation by Sen. Ron Wyden, broker Mobilewalla revealed that it too had sold data to Venntel.
Gravy Analytics shares some information about its location-data practices on its website. Gravy claims it has access to “over 150 million” devices. It also states outright that it does not gather data from the bidstream. But government officials have told Congress that they believe Venntel’s data is derived both from SDKs and from the bidstream, and there is other evidence to support that belief. One of Venntel’s sources, Mobilewalla, has testified to Congress that it gathers and sells bidstream-based location data. Government contracts describe Venntel’s dataset as containing data from “over 80,000 apps.” Data brokers that rely solely on SDKs, like X-Mode, tend to maintain direct relationships with just a few hundred apps. Venntel’s incredible app coverage makes it likely that at least a portion of its data has been siphoned from the bidstream.
Venntel’s data is disaggregated and device-specific—making it easier for this data to point right to you. Motherboard reported that Venntel allows users to search for devices in a particular area, or to search for a particular device identifier to see where that device has been. It allows customers to track devices to specific workplaces, businesses, and homes. Although it may not include explicitly identifying information like names or phone numbers, this does not mean it is “anonymous.” As one former employee told Motherboard, “you could definitely try and identify specific people.”
Venntel has sold several annual licenses to its “Venntel Portal,” a web app granting access to its database, at a price of around $20,000 for 12,000 queries. It has also sold direct access to all of its data from a region, updated daily and uploaded to a government-controlled server, for a more lavish $650,000 per year.
https://www.blacklistednews.com/article/82756/how-the-federal-government-buys-our-cell-phone-location.html