Enabling location data on mobile devices provides many advantages for smart device users. However, this location information is a valuable asset that can be misused if it falls into the wrong hands. A recent media investigation uncovered some troubling findings for individuals worried about security.
The investigation, headed by Wired, 404 Media, Bayerischer Rundfunk (BR), and Netzpolitik.org, analyzed a free location data sample by Florida-based Datastream. From this information, the group was able to determine that the data contained information from American military and intelligence personnel overseas—including at German airbases believed to store U.S. nuclear weapons. Until recently, however, it wasn’t known where Datastream acquired this information.
Based on this information. U.S. Sen. Ron Wyden (D-WA) got involved and demanded answers. Ultimately, Datastream said the Lithuanian ad-tech company, Eskimi, collected the data.
As Wired explains, “Eskimi’s role highlights the opaque and interconnected nature of the location data industry: A Lithuanian company provided data on US military personnel in Germany to a data broker in Florida, which could then theoretically sell that data to essentially anyone.”
For its part, Datastream described the data as lawfully sourced and intended for use in digital advertising. It said the information was never intended for resale.
Wyden’s office initially reached out to Eskimi to express its concerns. When they didn’t receive a response, they contacted Lithuania’s Data Protection Authority (DPA) multiple times. In doing so, it raised concerns “about the national security impact of a Lithuanian company selling location data of US military personnel serving overseas.”
Again, no response was given, forcing Wyden’s staff to contact the defense attaché at the Lithuanian embassy in Washington, D.C.
From there, DPA did (finally) respond and indicated it was investing the information. Where that goes is unknown.
Eskimi is currently part of Google’s Authorized Buyer program and as such is supposed to abide by its policies. Through a spokesperson, it said “Google regularly audits its Authorized Buyers program participants, and reviews allegations of potential misconduct.”
Unfortunately, even if Google acts against Eskimi, plenty of advertising companies may be ready to sell harvested location data.
According to Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, “Advertising companies are merely surveillance companies with better business models.”
What can we do?
The average smart device owner typically does not belong to the military. However, this situation highlights that various external entities can access our location data.
You can take steps to turn off location data on your devices. In the meantime, perhaps U.S. government personnel should consider doing the same or at least using a VPN.
Services Marketplace – Listings, Bookings & Reviews