Lithuanian Adtech Firm And Florida Data Broker Trafficked In Sensitive U.S. Military And Intelligence Worker Location Data
from the zero-accountability dept
Last November you might recall that Wired released an excellent report documenting how it was trivial to buy the sensitive and detailed movement data of U.S. military and intelligence workers as they moved around Germany. The culprit, as usual, was a global collection of super dodgy data brokers and adtech firms that see little in the way of meaningful oversight and regulation.
The original story documented how Wired was able to buy 3.6 billion location coordinates, some logged at millisecond intervals with meter precision, from up to 11 million mobile advertising IDs in Germany over a one-month period. The data detailed intelligence and military employees as they wandered not just around European towns and cities, but their movement at sensitive military locations.
At the time, Wired didn’t have a solid bead on the origins of the data, outside of the fact they were able to buy the data in question from a Florida data broker named Datastream. But in an also excellent follow up report they say they’ve figured out where it originated: a Lithuanian adtech firm.
“Now, a letter sent to US senator Ron Wyden’s office that was obtained by an international collective of media outlets—including WIRED and 404 Media—reveals that the ultimate source of that data was Eskimi, a little-known Lithuanian ad-tech company.”
WIRED posits that the original data was collected via SDKs embedded in mobile apps by developers looking to strike revenue sharing deals with data brokers. This Lithuanian adtech company Eskimi then provided data on US military personnel in Germany to a data broker in Florida, which — thanks to our prioritization of making money over public safety or national security — was able to sell that data to effectively anyone. With very few safeguards or oversight.
Senator Ron Wyden has been at the heart of efforts to expose how data brokers often sell this kind of sensitive data to any nitwit with two nickels to rub together. A year ago his office documented how one data broker collected the sensitive movement of abortion clinic visitors, then turned around and sold it to right wing extremists who targeted these vulnerable women with health care disinformation.
I thought those revelations would be a bombshell. But they barely saw a tiny fraction of the attention reserved for Zuck’s latest midlife crisis fashion rebrand.
Keith Chu, chief communications adviser and deputy policy director for Wyden, told WIRED that they’ve been trying to get additional information from Eskimi and Lithuania’s Data Protection Authority (DPA) for months with no response from either. After contacting the defense attaché at the Lithuanian embassy in Washington, DC, Wyden’s office got a response indicating there might or might not be an investigation:
“The Lithuanian DPA told reporters in an email that it “currently is not investigating this company” and it “is gathering information and assessing the situation in order to be prepared to take well-informed actions, if needed.” If the Lithuanian DPA does decide to investigate and finds Eskimi in violation of GDPR provisions, the company could face significant consequences—including fines up to €20 million.”
Time and time and time again the U.S. has prioritized making money over protecting consumer privacy, market health, or national security. And it’s certain to only get worse during a second Trump term stocked with folks like new FCC boss Brendan Carr, dedicated to ensuring his friends at AT&T, Verizon, and T-Mobile never face anything close to real accountability for their own dodgy location data practices.
The U.S. government also enabled this mess, ever since it realized that it (and every other government intelligence agency) could exploit this corruption-fueled dysfunction and bypass the pesky warrant process by simply buying the same consumer location data. Instead of freaking out about the full scope of the problem, we decided to engage in a myopic multi-year freak-out about TikTok.
At some point there will be a privacy scandal involving location data that’s so horrific, Congress will be forced to act. I’m just not particularly excited to see what that scandal looks like. To dislodge our corrupt apathy, it will most assuredly have to involve the embarrassing data of the rich and powerful, or potentially a loss of life at unprecedented scale.
And even then it’s far from clear this will result in good legislation, or just corruption-fueled, loophole-filled crap ghost written by all the worst offenders in the space. And even then, as Lithuania illustrates, there’s no guarantee that a meaningful privacy law would be meaningfully enforced by the same regulators and courts the Trump Supreme Court is gleefully taking a hatchet to.
Filed Under: adtech, data brokers, national security, privacy, ron wyden, security, surveillance, wired
Companies: eskimi
Comments on “Lithuanian Adtech Firm And Florida Data Broker Trafficked In Sensitive U.S. Military And Intelligence Worker Location Data”
Given who controls the levers of government power right now, it would have to involve either Musk or Trump. Anyone less than the co-presidents being affected wouldn’t be enough of a scandal to make our current kneecapped Congress give a shit.
Re:
Not that they aren’t embarrassing themselves publicly on a daily basis.
Re: Re:
Fair point.
Re: Re:
Yes, they sure are. Another court win
Re: Re: Re:
What does winning in court have to do with their embarrassing themselves?
Re: Re: Re:2
It’s two different things being argued. We’re seeing incompetence, malice, and absurdity. Their response is effectively “but we can get away with some of it!”
Re: Re:
Possibly, but remember, Trump and Musk fans do not believe anything that muddies the reputations of the Leaders, as long as those leaders are claiming they work for God. Anything remotely embarrassing to the Chaos Cohorts is seen as simply more Woke Propaganda. You cannot prove shit to those who already “believe” that the leaders are divinely inspired.
Re:
Darn you, Stephan T Stone! I was just about to say that an appropriately cinematic uppance coming for Musk would be worth the price of admission.
On the other hand, it might STILL not cause our congress to move. I mean, other than in paroxysms of laughter.
Re: Re:
HEY!
…if you’re gonna spell it that way, at least accent the E in my last name. 🙃
Re:
I wish I could disagree with you, but I don’t. The death cult now running the country really doesn’t care how many of the little people die, particularly if they’re non-white non-male non-straight non-faux-Christian non-wealthy non-racists/bigots/misogynists/etc. They’ll only rouse themselves to look at a problem if it affects the right people; everyone else is expendable.
And so I really do expect a large-scale horrific event and I equally expect that precisely nothing will happen in its aftermath except thoughts and prayers, prayers and thoughts. And then everyone will get right back to making as much money as possible regardless of who dies as a consequence.
Re: Re:
We already had that. It was the Sandy Hook massacre. Not even the mass murder of kindergarden-age children was enough to make Republicans go “we should maybe implement gun control”.
Re: Re: Re:
RE: large scale destruction of US people and property due entirely to deregulation of various protection laws aimed specifically at allowing large corporations to profit at the expense of everyone else.:
I have a feeling we aint seen nothin’ yet.
Sword of DamaTrump anyone.