If We're So Worried About TikTok, Why Aren't We Just As Worried About AdTech And Location Data Sales?
from the you're-not-being-consistent dept
We’ve noted a few times how the TikTok ban is largely performative, xenophobic nonsense that operates in a bizarre, facts-optional vacuum.
The biggest pearl clutchers when it comes to the teen dancing app (Josh Hawley, Tom Cotton, etc.) have been utterly absent from (or downright detrimental to) countless other security and privacy reform efforts. Many have opposed even the most basic of privacy rules. They’ve opposed shoring up funding for election security reform. Most are utterly absent when we talk about things like our dodgy satellite network security, the SS7 cellular network flaw exposing wireless communications, or the total lack of any meaningful privacy and security standards for the internet of broken things.
As in, most of the “experts” and politicians who think banning TikTok is a good idea don’t seem to realize it’s not going to genuinely accomplish much in full context. Chinese intelligence can still glean this (and much more data) from a wide variety of sources thanks to our wholesale privacy and security failures on countless other fronts. It’s kind of like banning sugary soda to put out a forest fire, or spitting at a thunderstorm to slow its advance over the horizon.
Yet the latest case in point: Joseph Cox at Motherboard (who has been an absolute wrecking ball on this beat) discovered that private intel firms have been able to easily buy user location data gleaned from phone apps, allowing the tracking of users in immensely granular fashion:
“A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples’ phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their “doorstep.”
This, of course, comes on the heels of countless scandals of this type, where app makers, telecoms, or other companies collect and monetize your sensitive location data with zero meaningful oversight and little to no transparency, selling it to any nitwit with a nickel. The global adtech location surveillance market is such a complicated mess, even experts and journalists have a hard time tracking what data is being collected and who it’s being sold to:
“The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals.”
Do folks hyperventilating about TikTok not realize Chinese intelligence can also access this data? If so, why haven’t I seen equal histrionics in relation to location data from folks like Josh Hawley? This massive, international network of telecoms, adtech vendors, and data brokers are engaged in wholesale, largely unaccountable surveillance of vast swaths of human beings. And yet, outside of a few lawmakers like Ron Wyden, countless lawmakers and regulators who’ve risked embolism with their TikTok outrage have been utterly silent when it comes to the threats posed by companies like HYAS:
“HYAS differs in that it provides a concrete example of a company deliberately sourcing mobile phone location data with the intention of identifying and pinpointing particular people and providing that service to its own clients. Independently of Motherboard, the office of Senator Ron Wyden, which has been investigating the location data market, also discovered HYAS was using mobile location data. A Wyden aide said they had spoken with HYAS about the use of the data. HYAS said the mobile location data is used to unmask people who may be using a Virtual Private Network (VPN) to hide their identity, according to the Wyden aide.”
Either you care about U.S. data security and privacy or you don’t, and I’m beginning to suspect that most of the folks who think TikTok poses an existential threat to the republic aren’t engaging in a good faith understanding of the actual problem. With no privacy rules, transparency, or consistency we’re a sitting duck for malicious actors, be they state-sponsored hackers, sex offending jackasses, or U.S. law enforcement officers out over their skis.
Want to genuinely shore up U.S. security and privacy problems? Pass a simple but meaningful privacy law for the internet era. Fund election security reform. Shore up our communications network security. Stop hamstringing and defunding privacy regulators at the FTC. Mandate transparency in the adtech market. Create some unified standards for the privacy dumpster fire that is the internet of things. Hyperventilating over a single Chinese-owned teen dancing app, then acting as if you’ve cured cancer is dangerous, counterproductive, and aggressively stupid in full context.