A new report says that personal information sold by data brokers is even more sensitive and detailed than previously thought, making so-called anonymized data even easier to tie back to specific individuals.
The report says that those buying data are able to target people working in extremely sensitive professions, including military personnel and “decision makers” working in national security roles …
Data brokers, and the anonymization fiction
Data brokers are companies that buy personal data from a wide range of sources. Much of it is gathered from internet browsing history and app usage.
Data is supposed to be anonymized – that is, it should be possible for someone buying the data to know that you are, for example, a 30-40 year old man living in California who owns an iPhone 15 Pro Max and travels regularly to Las Vegas, but it should not be possible to specifically identify you by name.
However, countless tests and studies have shown that we now collect such a huge range of data that it is often trivial for a buyer to identify specific individuals and even US troop movements in war zones.
Location data, sold by the developers of many mobile apps, makes this especially easy; how many people leave your home address each morning and travel to your workplace, for example?
Sensitive occupation data now sold
An investigation by a non-profit found that much more sensitive occupation data is being sold than was previously known.
An investigation by the Irish Council for Civil Liberties (ICCL) reveals widespread trade in data about sensitive European personnel and leaders that puts them at risk of blackmail, hacking and compromise, and undermines the security of their organisations and institutions.
ICCL has today published two reports (“Europe’s hidden security crisis” and “America’s hidden security crisis”) that reveal how extraordinarily sensitive information about key EU and US figures and military personnel flows to foreign states and non-state actors through online advertising’s Real-Time Bidding (RTB) system. That system is active on almost all websites and apps.
The Financial Times reports that the occupation data includes judges, elected officials, military personnel and “decision makers” working in national security.
Although RTB data is intended to be used only for ad targeting, it can be exploited for other uses.
Today’s report ‘Europe’s hidden security crisis’ exposes how Google and other RTB firms send EU and US RTB data to Russia and China, where national laws enable security agencies to access the data […]
Foreign states and non-state actors can use RTB to spy on target individuals’ financial problems, mental state and compromising intimate secrets. Even if target individuals use secure devices, data about them can still flow via RTB from personal devices, their friends, family and compromising personal contacts.
App usage could reveal that someone is gay and closeted, for example, while web browsing data could reveal searches for embarrassing sexual or medical problems. One academic says this creates the clear potential for blackmail.
Carissa Veliz, an associate professor at Oxford university, specialising in digital ethics, said that “although platforms claim data is anonymised, it is actually very hard to do in practice; you only need two or three data points to identify somebody”.
“Platforms know the anonymisation they are doing is so fragile, and they know what they are doing is identifying sensitive information that could endanger people and society,” she added. “Identifying sensitive jobs opens those people up to harms like extortion or blackmail, which can also impact democracy.”
Google said that its own protections are the strictest in the industry.
To protect people’s privacy, we have the strictest restrictions in the industry on the types of data we share in real-time bidding. Our real-time bidding policies simply don’t allow bad actors to compromise people’s privacy and security.
9to5Mac’s Take
We’ve long supported a GDPR-style federal privacy law. As this is showing no sign of happening anytime soon, we’ve also argued that a good first step would be an outright ban on buying and selling the location data of private citizens.
I would argue that we need a specific federal law (and the equivalent in other countries) to explicitly ban the sale and purchase of location data.
In an ideal world, this would be just one component of a much broader federal privacy law – but it could be years before politicians can agree on the terms for this, if ever. It should be far simpler to get agreement on this one thing: You are not allowed to sell my location to a third party, nor are you allowed to buy my location from a third party. Period.
More than 90% of you agreed.
Photo: Michael Aleo/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments