720-891-1663
Return to Client Alerts Overview
Since the United States, unlike most civilized nations, has no national privacy policy – other than if we can make a buck off your privacy, we will – the government really has little to no control over this.
Wired did an investigation and found that there were more than 3 billion phone coordinates collected by one US data broker and they exposed the habits – and location of sensitive people and military and intelligence assets. While the test was in Germany, there is no difference in the United States.
FOR EXAMPLE: Nearly every weekday morning, a device leaves a two-story home near Wiesbaden, Germany, and makes a 15-minute commute along a major autobahn. By around 7 am, it arrives at Lucius D. Clay Kaserne—the US Army’s European headquarters and a key hub for US intelligence operations.
The device stops near a restaurant before heading to an office near the base that belongs to a major government contractor responsible for outfitting and securing some of the nation’s most sensitive facilities.
You have to connect the dots here, but connecting those dots is not very hard. Especially if you are experienced in the data location business.
Here is some more data on that same person:
For roughly two months in 2023, this device followed a predictable routine: stops at the contractor’s office, visits to a discreet hangar on base, and lunchtime trips to the base’s dining facility. Twice in November of last year, it made a 30-minute drive to the Dagger Complex, a former intelligence and NSA signals processing facility. On weekends, the device could be traced to restaurants and shops in Wiesbaden.
Oh, just in case you thought maybe this was a CIA agent that was compromised, it isn’t. Turns out it was an HVAC contractor who happens to work on systems used by the military.
Could the government say that as a part of the contract the service personnel must turn off their phones from when they leave their house until when they return home? Technically they could. Would any sane company bid on a contract if they could not talk to their employees, their employees could not look up information needed to perform the maintenance, their employees could not contact someone in case of an emergency? Probably not. Could the military provide alternate devices that the military owned and locked down. Possibly, but of course the service vendor’s applications that their employees use to do their jobs would not work on those devices.
The obvious solution would be for the US to ban the sale of location data, but since the government uses it themselves for “certain purposes” (use your imagination), that is not likely to happen. If the law said you could only sell that data to the government then the brokers’ business model would not work and they would go out of business.
By the way, that business sector generates about 400 billion dollars a year. Someone is going to be unhappy if that goes away.
The Wired article goes into a lot more detail about all of the data they were able to buy and the implications of it, but I think you get the picture. And just in case you think this data is expensive to buy. It isn’t. A few thousand dollars gets you access to an amazing amount of data.
Of course, the few million military personnel are a drop in the bucket when compared to you and me. This is really the gold mine for data brokers. You might not care whether a data broker is selling your data. Unless, of course, the buyer “doesn’t like you” and wants to harass you, or worse. harass your spouse and kids. In case you think this is far fetched, it is not and it is already happening. And while harassment is against the law under certain circumstances, buying this data is never against the law.
If a political crazy (pick your color, red or blue or your side of the political spectrum, left or right) wants to use that data to “dox” someone they don’t like – for example publishing the home address of some low level government employee or the names and school location of their kids they want to harass for doing their job or the like – that is likely speech protected by the first amendment. Except, in a few states, judges and law enforcement personnel are protected. But only in some states. New Jersey comes to mind. And if the crazy is crazy and wants to shoot you – well, shooting you is illegal, but again, if someone makes a veiled suggestion about that and the crazy thinks he or she is only doing what you told them to do – again speech is probably not illegal.
This is only going to get worse as more and more data is collected and legislators don’t want to deal with this thorny problem.
For businesses, especially those that might be targeted, this is a problem.
A business could be targeted for political reasons but it also could be targeted for intelligence (business intelligenc or espionage) reasons. Figure out where your key employees go to lunch, listen to conversations, strike up “friendships” – all this is old hat for those in the intelligence (again, business intelligence or espionage) business. They have been doing this at business conventions for decades; this just makes it orders of magnitude easier.
You can be like Congress and ignore the problem until it becomes a crisis or you can work to reduce the risk. The risk is both risk to the company and also risk, personally, to your employees. While there is no magic answer, you can reduce the risk.
Need help? Contact us.
Credit: Wired (paywall)