The Global Surveillance Free-for-All in Mobile Ad Data ⇥ krebsonsecurity.com
In an interview, Atlas said a private investigator they hired was offered a free trial of Babel Street, which the investigator was able to use to determine the home address and daily movements of mobile devices belonging to multiple New Jersey police officers whose families have already faced significant harassment and death threats.
[…]
Atlas says the Babel Street trial period allowed its investigator to find information about visitors to high-risk targets such as mosques, synagogues, courtrooms and abortion clinics. In one video, an Atlas investigator showed how they isolated mobile devices seen in a New Jersey courtroom parking lot that was reserved for jurors, and then tracked one likely juror’s phone to their home address over several days.
Krebs describes a staggering series of demonstrations by the investigator for Atlas, plaintiff in a suit against Babel Street: precise location tracking of known devices, or dragnet-style tracking of a cluster of devices, basically anywhere. If you or I collected device locations and shared it with others, it would be rightly seen as creepy — at the very least. Yet these intrusive behaviours have been normalized. They are not. What they are doing ought to be criminal.
It is not just Babel Street. Other names have popped up over the years, including Venntel and Fog Data Science. Jack Poulson, who writes All-Source Intelligence, has an update on the former:
According to a public summary of a contract signed in early August, the U.S. Federal Trade Commission has opened an inquiry into the commercial cellphone location-tracking data broker Venntel and its parent company Gravy Analytics. […]
Gravy Analytics’ data, via Venntel, is apparently one of the sources for Babel Street’s tracking capabilities.
You might remember Babel Street; I have linked to [several stories][st] about the company. This reporting was most often done by Byron Tau, then at the Wall Street Journal, and Joseph Cox, then at Vice. Tau wrote a whole book about the commercial surveillance apparatus. Both reporters were also invited to the same demo as Krebs saw; Tau’s story, at Notus, is login-walled:
The demonstration offers a rare look into how easily identifiable people are in these location-based data sets, which brokers claim are “anonymized.”
Such claims do not hold up to scrutiny. The tools in the hands of capable researchers, including law enforcement, can be used to identify specific individuals in many cases. Babel’s tool is explicitly marketed to intelligence analysts and law enforcement officers as a commercially available phone-tracking capability — a way to do a kind of surveillance that once required a search warrant inside the U.S. or was conducted by spy agencies when done outside the U.S.
Cox now writes at 404 Media:
Atlas also searched a school in Philadelphia, which returned nearly 7,000 devices. Due to the large number of phones, it is unlikely that these only include adult teachers, meaning that Babel Street may be holding onto data belonging to children too.
All these stories are worth your time. Even if you are already aware of this industry. Even if you remember that vivid New York Times exploration of an entirely different set of data brokers published six years ago. Even if you think Apple is right to allow users to restrict access to personal data.
This industry is still massive and thriving. It is still embedded in applications on many of our phones, by way of third-party SDKs for analytics, advertising, location services, and more. And it is deranged that the one government that can actually do something about this — the United States — is doing so one company and one case at a time. Every country should be making it illegal to do what Babel Street is capable of. But perhaps it is too rich a source.