Media research: Location data can be used for espionage purposes

Data traders sell data from millions of smartphones in Germany. This includes location data from people with access to military areas. Collaborative research by Netzpolitik, Bayerischer Rundfunk and the US online medium Wired shows how vulnerable even important NATO and US military locations are due to the rampant global data trade. The research is based on 3.6 billion location data made available free of charge by a US data trader. According to Netzpolitik as a sample for a subscription. This includes location data from device IDs collected at US and NATO bases in Germany.

Back in July 2024, research by Netzpolitik and BR used the sample to show that data traders were offering location data for sale by the billions. Smartphone users from Germany are not exempt from this. Such data is collected for advertising purposes, but it can also be used for espionage purposes. Accordingly, they are not only bought by advertisers, but also by secret services. According to Netzpolitik, the data brokers do not check cautiously who wants to buy the data and for what purposes.

The paths of individuals can be traced

Once purchased, the data allows detailed conclusions to be drawn about the activities of individuals. "The paths of individuals with access to security-relevant areas can be traced, from barracks to private addresses, to supermarkets and sometimes even to brothels," writes Netzpolitik. Such information could be used to blackmail individuals under certain circumstances. Or, for example, a targeted attempt could be made to recruit tradespeople with access to sensitive areas.

A problem that has been known for years

The problem has preoccupied intelligence services and the military from Germany and the USA to the highest levels. The dangers of advertising-based intelligence, or ADINT for short, have been known for years: For example, the NATO research center Stratcom warned in a 2021 report that military personnel could be identified based on location data. Despite this, those responsible are not getting to grips with the problem: according to Netzpolitik, German and US authorities are primarily focusing on sensitizing their employees to the issue. The latest research shows that this is not working particularly well.

There are apparently ideas to tackle the problem. However, these have not yet been implemented. The approach of better regulating data trading has not yet been pursued. The chairman of the Parliamentary Control Committee, Konstantin von Notz (Alliance 90/The Greens), said that although it was good that the problem was being taken more seriously following the research by BR and Netzpolitik in the summer, it was still unclear what the consequences would be.

The Federal Ministry of the Interior does not support the idea of prohibiting German intelligence services from purchasing such data records to stop supporting the market. The Federal Data Protection Commissioner had suggested making data traders more accountable.

Consumer advocates and politicians are therefore apparently looking to the EU. For example, the President of the German Federation of Consumer Organizations, Ramona Pop, called for an EU-wide ban on profiling and tracking for advertising purposes back in the summer. The deputy chairman of the Parliamentary Control Committee, CDU MP Roderich Kiesewetter, told the journalists involved that he considered regulation of the practice to be entirely conceivable. For example, "it could be decided that internet services may not collect more data than is necessary for their functionality". MEP Moritz Körner, on the other hand, believes that the GDPR already clearly regulates "that this is not possible". Enforcement is just not working.

(kst)