A group of researchers from Starkville, Mississippi, used a commercially available software program to monitor Russian military sites.
For example, on August 9th, the researchers identified 48 mobile devices present at the Nyonoksa Missile Test Site in northern Russia.
One day after a mysterious radiation spike there generated international headlines and widespread speculation that a Russian missile test had gone wrong.
“The trackers weren’t professional intelligence analysts with access to secret intercepts. Rather, they were a team of academic researchers in Starkville, Miss., working with their graduate research assistants and undergraduate interns on the campus of Mississippi State University, using a commercially available software program.”
They used GPS location information, usually drawn from cellphone apps.
This endeavor was a sort of demonstration to the military of how powerful commercial cellphone data for the provision of valuable intelligence really is.
The experiment presents how the global marketing industry’s practice of collecting and reselling reams of user data, often for marketing and advertising purposes, can be turned toward other ends.
The idea isn’t specifically to track the Russian military’s movements, since there are enough ways to do that as is, but to show that foreign and domestic national-security agencies, law-enforcement officials and others could purchase the data from commercial companies and then use it for surveillance and monitoring.
The team was working on a U.S. Army-sponsored, unclassified, experimental project that sought to leverage “open-source” commercial data for intelligence purposes.
“This project has served as a great opportunity for both undergraduate and graduate students at MSU to develop real-world skills and knowledge that will benefit them greatly as they seek employment in the future,” said David May, the principal investigator on the study and a sociology professor at Mississippi State.
Edric Thompson, a spokesman for the U.S. Army Combat Capabilities Development Command, which funded the project, said it was selected for military funding because it had “good potential use for being able for our soldiers to share information with each other.”
According to Thompson, the collection of location data was permitted under Army regulations so long as no personal characteristics about the phone’s owner were collected.
The tool that enabled the tracking was sold by Babel Street, an open-source intelligence software platform that is widely used by law enforcement, intelligence agencies, military units and private companies.
Babel Street has contracts with various US government agencies, including the Department of Homeland Security and the U.S. military to county police departments across the country.
“Babel Street publicly advertises itself as a social-media monitoring service, allowing its law-enforcement, intelligence and military clients to mine public social-media data for leads about criminal activity and do real-time monitoring of unfolding events.
But Babel Street also sells a product called “Locate X”—access to cellphone location data drawn from the advertising industry. The existence of the product, which isn’t described on the company’s website, was revealed in March by the website Protocol. The company didn’t respond to requests for comment.”
According to unnamed sources and documents reviewed by the WSJ, Locate X provides advertising data drawn from the marketing industry to intelligence, military and law-enforcement agencies for monitoring purposes.
In many cases, consumers have no forewarning that anyone might be buying their location information and using it to monitor them.
The uses of such data also raise unsettled legal and ethical questions about global privacy and consumer consent.
Even the caveat of not identifying the holders of the cellphones, it isn’t an insurmountable feat to tie the location data to a certain individual.
“We as individuals walk around with multiple devices and have multiple devices in our homes. There is a tremendous amount of data that doesn’t personally identify us by our name, driver’s licenses, Social Security number or address, which nevertheless will have very significant consequences for our lives,” said Marc Groman, a lawyer who specializes in privacy, technology and cybersecurity.
“When a consumer downloads an app and gives that app consent to collect and track their precise location, does the consumer understand that the app may then share or sell that precise location with a wide range of third parties—potentially including the Department of Homeland Security, the Army, law enforcement or other stakeholders? The answer is no,” said Groman, who previously worked for the Obama White House.
An incident in 2017 with Strava saw it publicly release a map in 2017 of three trillion individual GPS data points from users who logged their running or cycling routes.
Within the data were the locations of significance to US national security. These included the location of U.S. forward-operating bases in Afghanistan, the routes of military supply convoys and the location of secret CIA facilities.
The running routes were even detailed enough to show the internal layout of sensitive facilities and bases.
As such, this incident is yet another evidence that commercial tracking data is part of the norm and it has only become more assertive through the years.
MORE ON THE TOPIC:
- Norwegian Study Finds Tracking Apps Reveal Operations And Activities Of Police And Military Personnel
- Russian State-Owned Company Orders Tracking Bracelets To Assist in COVID-19 Quarantine