Written by Nick Heer.

Anomaly Six’s Surveillance Powers

Sam Biddle and Jack Poulson, the Intercept:

Anomaly Six software lets its customers browse all of this data in a convenient and intuitive Google Maps-style satellite view of Earth. Users need only find a location of interest and draw a box around it, and A6 fills that boundary with dots denoting smartphones that passed through that area. Clicking a dot will provide you with lines representing the device’s — and its owner’s — movements around a neighborhood, city, or indeed the entire world.

[…]

To fully impress upon its audience the immense power of this software, Anomaly Six did what few in the world can claim to do: spied on American spies. “I like making fun of our own people,” Clark began. Pulling up a Google Maps-like satellite view, the sales rep showed the NSA’s headquarters in Fort Meade, Maryland, and the CIA’s headquarters in Langley, Virginia. With virtual boundary boxes drawn around both, a technique known as geofencing, A6’s software revealed an incredible intelligence bounty: 183 dots representing phones that had visited both agencies potentially belonging to American intelligence personnel, with hundreds of lines streaking outward revealing their movements, ready to track throughout the world. “So, if I’m a foreign intel officer, that’s 183 start points for me now,” Clark noted.

Clark was able to show the location history for each of those nearly two hundred devices for, according to Biddle and Poulson, up to a year’s worth of tracking. Any of these devices were easily de-anonymized because, well, Anomaly Six had their entire location history. It is worth being cautious about their capabilities given the self-promotional context of these claims, but multiple experts told the Intercept they felt believable.

Byron Tau of the Wall Street Journal has previously reported on Anomaly Six’s capabilities, which are derived from the inclusion of its SDK in third-party apps as well as the broader data broker economy. That economy is potentially open to users from other countries, given the United States’ almost non-existent protections on personal data privacy. Much of the world’s tech industry is also based in the U.S. and their privacy policies often say U.S. jurisdiction applies.

Not only does the American military-industrial complex have the ability to spy on the world’s devices, adversarial nations could create similar capabilities — again, partly thanks to the weak privacy protections afforded by U.S. law and its concentration of tech companies.

It does not really matter how well-educated you are as a consumer or user. Short of not owning anything that connects to the internet, there is no reliable way of opting out of surveillance by a company nobody really thinks about. The only way this gets improved is by minimizing data generation and collection, and through stricter privacy laws. Perhaps this is one reason why American lawmakers have been reluctant to pass such laws.