The UK wants the dirt on data brokers before criminals get there first.
The UK government is inviting experts to provide insights about the data brokerage industry and the potential risks it poses to national security as it moves to push new data-sharing legislation over the line.
#UK #Tech #Data #DataBrokerage #DataSharing #Privacy #Politics #Legal
"For 37 years, Congress has completely failed to pass another consumer privacy law. Which is how we got here – to this moment where you can target ads to suicidal teens, gambling addicted soldiers in Minuteman silos, grannies with Alzheimer's, and every Congressional staffer on the Hill.
Some people think the problem with mass surveillance is a kind of machine-driven, automated mind-control ray. They believe the self-aggrandizing claims of tech bros to have finally perfected the elusive mind-control ray, using big data and machine learning.
But you don't need to accept these outlandish claims – which come from Big Tech's sales literature, wherein they boast to potential advertisers that surveillance ads are devastatingly effective – to understand how and why this is harmful. If you're struggling with opioid addiction and I target an ad to you for a fake cure or rehab center, I haven't brainwashed you – I've just tricked you. We don't have to believe in mind-control to believe that targeted lies can cause unlimited harms.
And those harms are indeed grave."
https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising
#USA #AdTech #DataBrokers #DataBrokerage #Privacy #BigTech #MassSurveillance #DataProtection
In the end I am dawning my bowler cap, sticking a cigar in my mouth and saying "I have a plan"... (old ass #Norwegians will get it).
#deadinternettheory is one thing, #artificalinteligence is another, and the #databrokerage problem - hoo boy.
It's time we start thinking inside the box, by creating a storm inside of a bottle, a hermetically sealed environment for people who don't want to be influenced by outsiders.
Until we meet again...
Part 4/4
"Some of the world’s most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement.
The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush and dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem—not code developed by the app creators themselves—this data collection is likely happening without users’ or even app developers’ knowledge.
“For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising ‘bid stream,’” rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data."
https://www.wired.com/story/gravy-location-data-app-leak-rtb/
#USA #DataBrokers #DataBrokerage #Surveillance #LocationData #GravyAnalytics
"Without federal legislative action, many US states are taking privacy matters into their own hands.
In 2025, eight new state privacy laws will take effect, making a total of 25 around the country. A number of other states—like Vermont and Massachusetts—are considering passing their own privacy bills next year, and such laws could, in theory, force national legislation, says Woodrow Hartzog, a technology law scholar at Boston University School of Law. “Right now, the statutes are all similar enough that the compliance cost is perhaps expensive but manageable,” he explains. But if one state passed a law that was different enough from the others, a national law could be the only way to resolve the conflict. Additionally, four states—California, Texas, Vermont, and Oregon—already have specific laws regulating data brokers, including the requirement that they register with the state.
Along with new laws, says Justin Brookman, the director of technology policy at Consumer Reports, comes the possibility that “we can put some more teeth on these laws.”
Brookman points to Texas, where some of the most aggressive enforcement action at the state level has taken place under its Republican attorney general, Ken Paxton. Even before the state’s new consumer privacy bill went into effect in July, Paxton announced the creation of a special task force focused on enforcing the state’s privacy laws. He has since targeted a number of data brokers—including National Public Data, which exposed millions of sensitive customer records in a data breach in August, as well as companies that sell to them, like Sirius XM."
"A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests.
What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online.
Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of."
https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how
#Privacy #Surveillance #CyberSecurity #AdTargeting #DataProtection #DataBrokers #DataBrokerage #RTB
"The Consumer Financial Protection Bureau (CFPB) has proposed a new rule that would block data brokers from selling personal and financial information on Americans, including their Social Security numbers and phone numbers, under the Fair Credit Reporting Act (FCRA).
In proposing the new rules, months after President Biden signed an executive order to curb the sale of Americans’ private data, the U.S. consumer protection agency said it aims to “rein in” data brokers who sidestep federal law by claiming that they are not subject to the FCRA’s legal provisions.
The CFPB’s director, Rohit Chopra, told reporters on a call Monday that the proposed rule would “curtail the widespread evasion” of the FCRA, which is the federal privacy law that protects personal data collected by consumer reporting agencies, like credit bureaus and tenant screening companies. The rule would also “make it clear that many of these data brokers, like credit bureaus and background check companies, are subject to federal protection under the FCRA.”"
#USA #CFPB #FCRA #DataProtection #Privacy #DataBrokers #DataBrokerage
"The Federal Trade Commission (FTC) announced sweeping action against some of the most important companies in the location data industry on Tuesday, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship.
Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself. Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics.
The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in “limited circumstances” involving national security or law enforcement."
#USA #FTC #LocationData #Venntel #Gravy #DataBrokers #DataBrokerage #DataProtection #Privacy #Surveillance
https://www.404media.co/ftc-bans-location-data-company-that-powers-the-surveillance-ecosystem/
"If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people.
Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat.
“Digitizing and aggregating data meaningfully changes the privacy context and the risks to people. Your municipal government storing your marriage certificate and voter information in some basement office filing cabinet is not even remotely the same as a private company digitizing all the data, labeling it, piling it all together, making it searchable,” Justin Sherman, a Duke professor who studies data brokers, told 404 Media in an email."
https://www.404media.co/voted-in-america-this-site-doxed-you/
#USA #Politics #Elections #Voting #Doxxing #DataProtection #Privacy #DataBrokers #DataBrokerage
#USA #DataLeaks #DataBreaches #DataBrokers #DataBrokerage #Privacy #DataProtection: "The Florida business behind data brokerage National Public Data has filed for bankruptcy, admitting "hundreds of millions" of people were potentially affected in one of the largest information leaks of the year.
In June, the hacking group USDoD put a 277.1 GB file of data online that contained information on about 2.9 billion individuals, and asked $3.5 million for it. The data came from National Public Data - a data brokerage owned by Jerico Pictures - which offered background checks to corporate clients via its API.
NPD confirmed it had been hacked in an attack on December 2023 and initially said just 1.3 million people had lost personal details, such as "name, email address, phone number, social security number, and mailing address(es)." But in the court documents filed for bankruptcy, the business concedes the total is much higher.
"The debtor is likely liable through the application of various state laws to notify and pay for credit monitoring for hundreds of millions of potentially impacted individuals," the bankruptcy petition [PDF] from Jerico Pictures states."
https://www.theregister.com/2024/10/09/national_public_data_bankrupt/
#USA #DataProtection #DataBrokers #DataBrokerage #PressFreedom: "On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.
Radaris is just one cog in a sprawling network of people-search properties online that sell highly detailed background reports on U.S. consumers and businesses. Those reports typically include the subject’s current and previous addresses, partial Social Security numbers, any known licenses, email addresses and phone numbers, as well as the same information for any of their immediate relatives.
Radaris has a less-than-stellar reputation when it comes to responding to consumers seeking to have their reports removed from its various people-search services. That poor reputation, combined with indications that the true founders of Radaris have gone to extraordinary lengths to conceal their stewardship of the company, was what prompted KrebsOnSecurity to investigate the origins of Radaris in the first place.
On April 18, KrebsOnSecurity received a certified letter (PDF) from Valentin “Val” Gurvits, an attorney with the Boston Law Group, stating that KrebsOnSecurity would face a withering defamation lawsuit unless the Radaris story was immediately retracted and an apology issued to the two brothers named in the story as co-founders."
#DataProtection #Privacy #DataBrokers #DataBrokerage #AdTargeting: "Overall, the evolving awareness about inaccuracies is prompting questions about whether most of the industry — particularly so-called third-party data brokers who do not have direct relationships with consumers the way Meta or Google do — can survive under the current business models, as privacy regulation proliferates and marketers begin to wake up to the problem.
Even the top privacy official for one of the world’s largest third-party data brokers, Acxiom, acknowledges that the inferences the company sells are not always correct.
“We want to be as accurate as possible, but our inferences, all they are, are informed guesses,” Acxiom’s chief privacy officer, Jordan Abbott, said in an interview with Recorded Future News at an industry conference last month.
Inaccurate inferences used to determine significant health and financial decisions are for more worrying to him than those used for advertising, Abbott said."
Huge thanks to @mlemweb and @cwebber for running @fossandcrafts today, super appreciated.
Also big thanks for the link to this #PBS #NOVA documentary on #data and #databrokerage - eye opening!
https://www.youtube.com/watch?v=ih_GGQX_zmM
(only available in US)
#USA #Surveillance #DataBrokers #DataBrokerage #Geolocation: "Near Intelligence’s maps of Epstein’s island reveal in stark detail the precision surveillance that data brokers can achieve with the aid of loose privacy restrictions under US law. The firm, which has roots in Singapore and Bengaluru, India, sources its location data from advertising exchanges—companies that quietly interact with billions of devices as users browse the web and move about the world.
Before a targeted advertisement appears on an app or website, phones and other devices send information about their owners to real-time bidding platforms and ad exchanges, frequently including users’ location data. While advertisers can use this data to inform their bidding decisions, companies like Near Intelligence will siphon, repackage, analyze, and sell it." https://www.wired.com/story/jeffrey-epstein-island-visitors-data-broker-leak/
#USA #Cybersecurity #Privacy #DataBrokers #DataBrokerage: "Recently, in part for national security reasons, the U.S. has withdrawn its traditional support in the World Trade Organization (WTO) for free and open data flows, and the Department of Commerce has announced a proposed rule, in the name of national security, that would regulate U.S.-based cloud providers when selling to foreign countries, including for purposes of training artificial intelligence (AI) models. We are concerned that these initiatives may not sufficiently account for the national security advantages of the long-standing U.S. position and may have negative effects on the U.S. economy.
Despite the attractiveness of the regulatory targets—data brokers and countries of concern—U.S. policymakers should be cautious as they implement this order and the other current policy changes. As discussed below, there are some possible privacy advances as data brokers have to become more careful in their sales of data, but a better path would be to ensure broader privacy and cybersecurity safeguards to better protect data and critical infrastructure systems from sophisticated cyberattacks from China and elsewhere." https://www.lawfaremedia.org/article/limiting-data-broker-sales-in-the-name-of-u.s.-national-security-questions-on-substance-and-messaging
#USA #Privacy #Surveillance #Near #DataBrokerage #DataBroker: "The bankruptcy order also provided a rare glimpse into how data brokers license data to one another. Near’s list of contracts included agreements with several location brokers, ad platforms, universities, retailers, and city governments.
- The order listed “Data Monetization” agreements with location data broker X-Mode from 2017 through 2023, including an agreement valued at $122,706 from 2023 with X-Mode parent Digital Origin. The FTC recently banned X-Mode from selling sensitive location data as part of a settlement. The Markup previously revealed that X-Mode was one of the companies family tracking app Life360 was selling location data to (the company has since limited such data sales).
- Location data broker Tamoco was listed as having a data licensing agreement from 2021 that was amended in 2023.
- Location data broker Irys was listed as having a data supplier agreement with Near from 2019, worth $72,000. Irys and Tamoco were both among the 47 companies that The Markup identified as part of the multibillion-dollar location data industry.
It is not clear from the filing if the agreements covered Near data being licensed, Near licensing the data from the companies, or both."
#Privacy #Surveillance #GeoLocation #DataBrokers #DataBrokerage #Bazze: "A San Francisco-based data broker claiming to have defense agency partnerships in the United States and United Kingdom is advertising access to “real-time” location data and a suite of other information, which Western governments can use to track foreign individuals in sensitive locations overseas. Called Bazze, the company markets a platform that can enable searches for people in embassies, consulates, and military bases, underscoring governments’ growing reliance on data brokers to access vast quantities of intelligence on global citizens from commercial sources.
Bazze is part of an often opaque data broker network that mines information from digital ad firms, cellular providers and public records databases for marketing insights and behavior trends. It claims to offer an easy way to ask targeted questions of disparate data sets that would otherwise need to be analyzed individually. In an interview with Forbes, Bazze founder Samuel Semwangu described the company as a marketplace for data. He was quick to note that it facilitates access only — not analysis. For that, “customers must use other tools and analysis they conduct on their own,” he told Forbes."
#USA #FTC #DataBrokers #DataBrokerage #Geolocation #Privacy: "Data broker X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle Federal Trade Commission allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.
In its first settlement with a data broker concerning the collection and sale of sensitive location information, the FTC also charged that Virginia-based X-Mode Social and Outlogic, LLC, the successor firm to which X-Mode transferred most of its operations in 2021, failed to put in place reasonable and appropriate safeguards on the use of such information by third parties. Today’s action underscores the FTC’s strong commitment to restraining the collection, sale, or disclosure of consumer' sensitive location data."
#EU #DataProtection #Privacy #DataBrokers #DataBrokerage: "A cross-party coalition of Members of the European Parliament demanded that the European Commission take action following the revelations that sensitive data from European leaders was being sold to the highest bidder.
The initiative came after two reports by the Irish Council for Civil Liberties published on Tuesday (14 November) that revealed a trade in real-time bidding data on EU and US leaders and military personnel sent by Google and other firms to China and Russia.
“The security of our EU institutions is at stake, and we demand swift action to assess the extent of this threat and including potential legislative measures to protect the privacy and security of European citizens in the ever-evolving landscape of digital threats”, MEP Paul Tang told Euractiv.
Real-time bidding (RTB) is the instantaneous selling and buying of data. This technology broadcasts sensitive information about people while they use the internet, for example, the device they are using or their location."
#USA #DataBrokers #DataBrokerage #Privacy #DataProtection: "The data brokerage ecosystem is a multi-billion-dollar industry comprised of companies gathering, inferring, aggregating, and then selling, licensing, and sharing data on Americans as well as providing technological services based on that data. After previously discovering that data brokers were advertising data about current and former U.S. military personnel, this study sought to understand (a) what kinds of data that data brokers were gathering and selling about military servicemembers and (b) the risk that a foreign actor, such as a foreign adversary government, could acquire the data to undermine U.S. national security. This study involved scraping hundreds of data broker websites to look for terms like “military” and “veteran,” contacting U.S. data brokers from a U.S. domain to inquire about and purchase data on the U.S. military, and contacting U.S. data brokers from a .asia domain to inquire about and purchase the same. It concludes with a discussion of the risks to U.S. military servicemembers and U.S. national security, paired with policy recommendations for the federal government to address the risks at hand."
https://techpolicy.sanford.duke.edu/data-brokers-and-the-sale-of-data-on-us-military-personnel/
