Journalists claim to have details on novel tools - Tangles and Webloc - being used by the US Government to surveil its citizens:
A social media and phone surveillance system ICE bought access to is designed to monitor a city neighborhood or block for mobile phones, track the movements of those devices and their owners over time, and follow them from their places of work to home or other locations, according to material that describes how the system works obtained by 404 Media
That’s crazy and scary, here some key parts:
The material does not say how Penlink obtains the smartphone location data in the first place. But surveillance companies and data brokers broadly gather it in two different ways. The first is from small bundles of code included in ordinary apps called software development kits, or SDKs. SDK owners then pay the app developers, who might make things like weather or prayer apps, for their users’ location data. The second is through real-time bidding, or RTB. This is where companies in the online advertising industry place near instantaneous bids to get their advert in front of a certain demographic. A side effect is that companies can obtain data about peoples’ individual devices, including their GPS coordinates. Spy firms have sourced this sort of RTB information from hugely popular smartphone apps.
The Webloc material says users can filter devices by their unique Apple and Android advertising identifiers, which are often collected by surveillance companies. The material also says users can filter location data by GPS, WiFi, or IP address.
And:
A document ICE previously published signalling its intent to buy the products explicitly mentioned Webloc. Webloc isn’t a unique capability in the location data industry. A former employee of a similar company called Babel Street previously told me users can draw a shape on a map to see all devices Babel Street has for that location, then see where else that device has been. But the ICE document indicated the agency chose Penlink over its competitors because the company provides an “all-in-one” tool for searching both masses of location data and information from social media.
Sounds like a good lawsuit target.
Previous court rulings have been pretty explicit that law enforcement cannot use data brokers to get around 4th Amendment protections.
I am afraid the law system in the US is heavily flawed now. Also, one distinction they make is if commercial data was used, which makes it somehow legal then. See here:
The rationale is that the phone’s owner has provided this information willingly because they could, theoretically, remove apps gathering their location data or turn off location services altogether. (In multiple investigations into the location data industry, I’ve found apps did not always disclose how their location data might be used or sold, and in some cases apps still collected data even when people opted-out, meaning users could not have meaningfully consented.)
Time to re-check the installed apps and their permissions I guess.