Data Broker Looking To Sell Real-Time Vehicle Location Data To Government Agencies, Including The Military

Privacy

from the come-get-ur-dystopia dept

Location data is the new growth market. Data harvested from apps is sold to data brokers who, in turn, sell this to whoever’s buying. Lately, the buyers have been a number of government agencies, including the CBP, ICE, DEA, Secret Service, IRS, and — a bit more worryingly — the Defense Department.

The mileage varies for purchasers. The location data generally isn’t as accurate as that obtained directly from service providers. On the other hand, putting a couple of middle men between the app data and the purchase of data helps agencies steer clear of Constitutional issues related to the Supreme Court’s Carpenter decision, which introduced a warrant mandate for engaging in proxy tracking of people via cell service providers.

But phones aren’t the only objects that generate a wealth of location data. Cars go almost as many places as phones do, providing data brokers with yet another source of possibly useful location data that government agencies might be interested in obtaining access to. Here’s Joseph Cox of Vice with more details:

A surveillance contractor that has previously sold services to the U.S. military is advertising a product that it says can locate the real-time locations of specific cars in nearly any country on Earth. It says it does this by using data collected and sent by the cars and their components themselves, according to a document obtained by Motherboard.

“Ulysses can provide our clients with the ability to remotely geolocate vehicles in nearly every country except for North Korea and Cuba on a near real time basis,” the document, written by contractor The Ulysses Group, reads. “Currently, we can access over 15 billion vehicle locations around the world every month,” the document adds.

Historical data is cool. But what’s even cooler is real-time tracking of vehicle movements. Of course the DoD would be interested in this. It has a drone strike program that’s thirsty for location data and has relied on even more questionable data in the past to make extrajudicial “death from above” decisions in the past.

Phones are reliable snitches. So are cars — a fact that may come as a surprise to car owners who haven’t been paying attention to tech developments over the past several years. Plenty of data is constantly captured by internal “black boxes,” but tends to only be retained when there’s a collision. But the interconnectedness of cars and people’s phones provides new data-gathering opportunities.

Then there are the car manufacturers themselves, which apparently feel driver data is theirs for the taking and are willing to sell it to third parties who are (also apparently) willing to sell all of this to government agencies.

“Vehicle telematics is data transmitted from the vehicle to the automaker or OEM through embedded communications systems in the car,” the Ulysses document continues. “Among the thousands of other data points, vehicle location data is transmitted on a constant and near real time basis while the vehicle is operating.”

This document wasn’t obtained from FOIA requests. It actually couldn’t be — not if Ulysses isn’t currently selling to government agencies. It was actually obtained by Senator Ron Wyden, who shared it with Vice’s tech-related offshoot, Motherboard. As Wyden noted while handing it over, very little is known about these under-the-radar suppliers of location data and their government customers. This company may have no (acknowledged) government customers at this point, but real-time access to vehicle movement is something plenty of government agencies would be willing to pay for.

And Ulysses has inroads with the military. Cox/Motherboard have worked with US Special Operations Command in the past to help it track financial transactions made by entities in foreign nations in hopes of better understanding how our enemies convert “buying local” into a weapon against US interests.

Unfortunately, the documents don’t explain how Ulysses obtains this data or which car manufacturers/OEM distributors are contributing to the real-time location data pool. But it could be dozens of interoperable parts. Manufacturers gather some data. So does the manufacturer of integrated entertainment systems and Bluetooth-compatible devices, including whoever’s combining forces to provide in-car navigation. Then there are services drivers use, like parking garages, which may collect additional data about vehicles in the area. It all adds up to an easy way to track cars. This data may not be able to say for sure who’s driving, but information gathered from connected devices may make it easier to determine identity. All of this adds up to a big pile of data that could easily be wielded to do things like engage in drone strikes.

Even if it’s not being used to kill people, it can be used to track people. It beats automatic license plate readers which only trigger responses when target vehicles pass cameras. It beats third-party app data because it can be used in real time. And it beats protections we’re supposed to have in place following the Supreme Court’s Carpenter decision. A car may not be a person, but it’s pretty damn close. And data only another data broker away can link cars to people and allow government agencies to make plenty of inferences about their day-to-day activities. This is happening now and it’s all under the radar, for the most part. It’s an unregulated market that wields useful tools against their users, subverting their expectations of privacy and making it easier for governments to engage in off-the-constitutional-books tracking.

Filed Under: 3rd party data, 3rd party doctrine, 4th amendment, data brokers, location info, military, realtime location info