Secretive Private Company Shows No One — Not Even The NSA — Is Immune From Always-On Surveillance
from the if-you-like-spying,-you-should-like-being-spied-on-right? dept
In recent months, a lot of attention has been paid to private companies who assist governments with surveillance. Most of this has been focused on companies like Clearview (a company that scrapes the public web for data to sell to its customers) and NSO Group (an Israeli company that sells powerful cell phone exploits to a variety of human rights abusers). Other reports have focused on data brokers who use info harvested from phone apps to provide location data to US law enforcement, allowing them to circumvent the protections erected by the Supreme Court’s Carpenter decision.
What’s been exposed by security researchers and investigative journalists is only the tip of the iceberg. Governments have a hunger for data and a desire to convert the ubiquity of smartphones into actionable intel.
And that’s where things get even more sketchy. We assume our respective governments will respect rights and engage in good faith dealings with companies offering unfettered access to devices and data.
Our assumptions are erroneous. Governments, for the most part, don’t care about the citizens they serve. And they sure as hell don’t care about people located beyond their borders — people they assume have no natural rights who can be targeted with a minimum of discretion and oversight.
More evidence of corporate America’s and the US government’s unwillingness to give a shit about the negative side effects of unfettered domestic surveillance has arrived courtesy of Sam Biddle and Jack Poulson of The Intercept.
A company with a nonexistent web footprint is promising the US government new means of warrantless surveillance — and it’s doing so by leveraging location data harvested from any source possible. There’s a new war underway and, despite the US’s lack of direct involvement, a private company is selling the US government on tech that will allow it to monitor the war via location data purchased from Twitter.
According to Brendon Clark of Anomaly Six — or “A6” — the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines.
Twitter may have made efforts to exclude government agencies from directly accessing its data firehose but it isn’t quite as proactive when it comes to private companies who sell this data to government agencies. Moderating content is impossible. Moderating firehose access isn’t easy either, especially when third parties aren’t honest about what they’re doing with this data.
The twist in this case is how Anomaly Six demonstrated its social media-leveraging prowess: it turned secretive US government employees into targets.
To prove that the technology worked, Clark pointed A6’s powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.
Do you want to know more about Anomaly Six? Good luck. The only thing on its website is an email address — one linking to an account that presumably ignores pesky questions from journalists and is only responsive to email addresses linked to upper levels of federal agencies.
At best, Anomaly Six appears to be another option for location data that allows the government (federal, local) to dodge the warrant requirement enacted by the Supreme Court. At worst, it’s the interceptor of multiple firehoses that allow government agencies to convert social media use into real-time tracking of citizens’ movements and activities.
Social media services are the attack vector, as a recording obtained by The Intercept points out.
According to audiovisual recordings of an A6 presentation reviewed by The Intercept and Tech Inquiry, the firm claims that it can track roughly 3 billion devices in real time, equivalent to a fifth of the world’s population. The staggering surveillance capacity was cited during a pitch to provide A6’s phone-tracking capabilities to Zignal Labs, a social media monitoring firm that leverages its access to Twitter’s rarely granted “firehose” data stream to sift through hundreds of millions of tweets per day without restriction.
Laws and court precedent limit what the government can do. Anomaly Six asks why be limited by laws and precedent? Just get what you want from third parties, act on the intel, and rest assured that the gray area that stands between citizens and the government will almost always result in favorable rulings for government investigators.
The tools provided by this company, which apparently has access to the Twitter firehose, allow clients to drop a dragnet on worldwide Twitter usage, and track relationships between Twitter accounts, utilizing the location data to see what other accounts were in the area and who targeted users interacted with.
Not only is this company apparently circumventing restrictions on US law enforcement, it’s allegedly violating agreements private companies like A6 make when purchasing firehose access from Twitter.
The source also asserted that Zignal Labs had willfully deceived Twitter by withholding the broader military and corporate surveillance use cases of its firehose access.
As the Supreme Court has noted in decisions related to the Fourth Amendment and the “reasonable” expectation of privacy, sharing something with a private company is not the same thing as approving of carte blanche access by government agencies. Anomaly Six is operating outside of Fourth Amendment protections and citizens’ expectations about how their data will be handled. Sooner or later, this is going to cost the government some convictions, if not actual money. But, for now, it’s just (government) business as usual — business the government apparently feels comfortable conducting even when its contractor has demonstrated not even the most secretive federal agencies are beyond its reach.
Filed Under: cia, location data, mass surveillance, nsa, private data, surveillance
Companies: anomaly 6
Comments on “Secretive Private Company Shows No One — Not Even The NSA — Is Immune From Always-On Surveillance”
John Oliver did a bit a couple of weeks ago about Data Brokers in general… It’s really worth watching as well.
It cuts both ways right
My buddy always tells me he can find out if clients are cops by looking them up on facebook.
I've got the solution.
“The only thing n its website is an email address — one linking to an account that presumably ignores pesky questions from journalists and is only responsive to email addresses linked to upper levels of federal agencies.”
Two-way remailer.
Well...
I’m not saying the government’s behavior is right, but why is everyone so codependent and needy?
Do you really have to document every nanecond of your existence on social media? Buy a book and read it. Learn something perhaps.
You can do it.
Re:
“[W]hy is everyone so co-dependent and needy?”
Because I can’t farm my own food and many others can’t write song parodies to entertain themselves. Why else would we need to depend on others and they need to depend on us? Download a Public Domain ebook and read it (or have the software read it to you). Learn something, perhaps.
“We assume our respective governments will respect rights and engage in good faith dealings with companies offering unfettered access to devices and data.”
Who is we white man?
I have no faith in them respecting rights or our leaders reigning in these abuses (see also: that time TAC mused about how members of Congress would be prime targets for the acronyms to gain even more leverage & how despite billions proven wasted they keep paying for programs).
Its the best in ‘Merican thinking, more is better.
Its okay if we missing the little things, as long as we stop the next huge thing.
That thing where they ran ‘Thin Thread’ on the available data before 9-11 and it found the bad guys before 9-11. But because it wasn’t leveraging all the data and demanding more it was seen as not useful…
Most American Politicans don’t care about privacy or they don’t know how the Web works
otherwise it would not be legal to sell users browsing data to any random ad network, I don’t know how they are getting data on EU citizens since services that have EU users are supposed to follow gdpr laws on user privacy
No problem! Elon will fix it, along with AI, algorithms, transparency, and moderation at scale.
/s
Far More than a simple Web page
Q: anyone actually LOOK at the source of A6’s site?
A: paragraphs of scripting; Far beyond the few lines of html needed to have a background picture and text of an email address.
I would be interested were someone to disassemble the source and scripting to detail what, exactly, that page is going,…
Why do we allow the existence of these “firehoses” in the first place? And if they must exist, then it should be forbidden for anything from them to be sold to anyone no matter who they are.
Re:
As long as consumers allow thier data to be used by others in exchange for free access to all the apps & benefits of the internet, it wont change. Privacy is the cost of social media. If you paid those services you might have an argument that your data is owned by you & you are pay for the service to use as you wish. When ppl used landlines, they paid the phone company for the service but who you called, ect was private & any violation by the phone company of your privacy was illegal.
Re: Re:
Why do you think that personal data (metadata or otherwise) is the price of using a service? Do you honestly believe that it’s OK for the NHS to sell the personal data of a fifteen-month-old child just because they’ve received their vaccinations for free? (A fifteen-month-old child isn’t making any purchases, and therefore is also not paying the VAT that partially pays for the NHS.)