A view of Moscow from the International Space Station in 2015. A U.S. group was able to track the movement of cellphones from a Russian missile-test site to Moscow and other cities.
Photo: NASAWASHINGTON—In 2019, a group of Americans was observing the cellphone signals coming from military sites across Eastern Europe.
At one of the locations, the Nyonoksa Missile Test Site in northern Russia, the group identified 48 mobile devices present on Aug. 9, one day after a mysterious radiation spike there generated international headlines and widespread speculation that a Russian missile test had gone wrong.
The Americans were able to track the movements of those devices over time. One went to the Paradisus Varadero Resort and Spa in Varadero, Cuba, for nine days. Others scattered across the country—going to the Russian cities of St. Petersburg and Moscow or to secure Russian military districts in Severodvinsk and Archangel. One went to Ganja, Azerbaijan, which runs along a strategic overland trade corridor between Asia and Europe.
The trackers weren’t professional intelligence analysts with access to secret intercepts. Rather, they were a team of academic researchers in Starkville, Miss., working with their graduate research assistants and undergraduate interns on the campus of Mississippi State University, using a commercially available software program.
The data they used was GPS location information usually drawn from cellphone apps—typically from games, weather services and such—and collected and made available for purchase by the advertising industry.
The effort was a demonstration to the military of the power of commercial cellphone data to provide valuable intelligence. From the data, they could begin to make inferences—Nyonoksa, for instance, had the fewest devices present of any of the three sites they were monitoring, leading them to conclude either that it was more heavily restricted than the other three or that the recent radiation accident had forced an evacuation.
One of the cellphones traveled from the missile-test site to the Paradisus Varadero Resort and Spa in Varadero, Cuba.
Photo: Nicolas Economou/SOPA Images/Zuma PressBy monitoring cellphones in Russian government buildings and foreign embassies in Moscow, they were able to conclude that no high-level Russian officials or foreign diplomats had visited the test sites recently. And they homed in on the Azerbaijan trip as worthy of future study “because of contentious relations between Russia and Azerbaijan” and the importance of the corridor around Ganja as an overland connection between Europe and Asia.
The researchers’ experiment underscores how the global marketing industry’s practice of collecting and reselling reams of user data, often for marketing and advertising purposes, can be turned toward other ends. The data can be easily purchased and exploited by foreign and domestic national-security agencies, law-enforcement officials and others for surveillance and monitoring.
The sites that the Mississippi State researchers were able to pull cellphone data from were extremely sensitive: Besides drone test facilities, they also were monitoring numerous U.S. and foreign embassies and the Kremlin Senate building in Moscow, documents show.
The team was working on a U.S. Army-sponsored, unclassified, experimental project that sought to leverage “open-source” commercial data for intelligence purposes. The team’s monitoring efforts were described in detail in unclassified documents obtained by The Wall Street Journal from Mississippi State under state open-records laws.
“This project has served as a great opportunity for both undergraduate and graduate students at MSU to develop real-world skills and knowledge that will benefit them greatly as they seek employment in the future,” said David May, the principal investigator on the study and a sociology professor at Mississippi State.
Edric Thompson, a spokesman for the U.S. Army Combat Capabilities Development Command, which funded the project, said it was selected for military funding because it had “good potential use for being able for our soldiers to share information with each other.”
Mr. Thompson said the collection of cellphone location data was permitted under Army regulations so long as no personal characteristics about the phone’s owner were collected. He said the Mississippi State study also included an analysis of the ethical and policy implications about the use of such data that would help inform the military in the future.
SHARE YOUR THOUGHTS
What implications might this development have for national security agencies and cops? Join the conversation below.
The tool that enabled this kind of bird-dogging of personnel at Russian airfields was sold by Babel Street, an open-source intelligence software platform that is widely used by law enforcement, intelligence agencies, military units and private companies. Babel Street has contracts with government agencies big and small—from the Department of Homeland Security and the U.S. military to county police departments across the country.
Babel Street publicly advertises itself as a social-media monitoring service, allowing its law-enforcement, intelligence and military clients to mine public social-media data for leads about criminal activity and do real-time monitoring of unfolding events.
But Babel Street also sells a product called “Locate X”—access to cellphone location data drawn from the advertising industry. The existence of the product, which isn’t described on the company’s website, was revealed in March by the website Protocol. The company didn’t respond to requests for comment.
For the military and intelligence officials, such data can show staffing levels at sensitive sites and movement patterns of officials, and give clues about the behavior of adversaries. For law enforcement, marketing data offers the opportunity to try to identify suspects in the vicinity of crimes.
According to documents reviewed by the Journal and people familiar with the company, Locate X provides advertising data drawn from the marketing industry to intelligence, military and law-enforcement agencies for monitoring purposes. Its terms of service say that the customer may not even disclose the existence of Locate X. Mississippi State cited a confidentiality obligation in its contract with Babel and declined to answer questions about the product.
The federal government did a governmentwide evaluation of Locate X, according to documents reviewed by the Journal, which also showed that Babel Street has worked closely with U.S. government agencies and contractors to develop and refine the product.
Related Video
Documents reviewed by the Journal show that in the U.S., Babel Street had sold its products to nearly every major defense, national-security or law-enforcement agency, including the Central Intelligence Agency, the National Security Agency, the Justice Department, the Department of Homeland Security, the Defense Intelligence Agency and U.S. Cyber Command. Records show that Babel Street products are sold to governments world-wide—including in Canada, the United Kingdom, Australia, New Zealand, Singapore, Germany and others.
Babel Street is part of a growing ecosystem of companies taking consumer data collected by some of the world’s largest corporations and mobile-app publishers, and repackaging it for intelligence, law-enforcement and military agencies.
In many cases, consumers have no forewarning that anyone—global intelligence agencies or local cops—might be buying it and using it to monitor them.
The uses of such data also raise unsettled legal and ethical questions about global privacy and consumer consent. Typically, consumers aren’t identified by their names in such data sets, but rather by an alphanumeric identifier. But as the Mississippi State project shows, it is fairly simple to home in on individuals of interest at some of the highest-security sites in the world and track intimate details of their lives.
“We as individuals walk around with multiple devices and have multiple devices in our homes. There is a tremendous amount of data that doesn’t personally identify us by our name, driver’s licenses, Social Security number or address, which nevertheless will have very significant consequences for our lives,” said Marc Groman, a lawyer who specializes in privacy, technology and cybersecurity.
“When a consumer downloads an app and gives that app consent to collect and track their precise location, does the consumer understand that the app may then share or sell that precise location with a wide range of third parties—potentially including the Department of Homeland Security, the Army, law enforcement or other stakeholders? The answer is no,” said Mr. Groman, who previously worked for the Obama White House.
On the other hand, location data is widely available for commercial purposes. Advertisers use it to target ads; brands use it to understand customer behavior; and Wall Street firms increasingly rely on it to inform investment decisions.
“This is the argument about private versus government access to data,” said Stewart Baker, a lawyer who has served in senior positions at both the National Security Agency and the Department of Homeland Security and is now a lawyer in private practice at Steptoe & Johnson LLP.
“On the one hand, the private parties accessing the data can’t arrest anybody, but they can use the data for other much more trivial purposes. And when government gets access to the data, they can do with it things that are much more painful for the person under scrutiny.” But, said Mr. Baker, “there is a lot more value in catching criminals than in selling a barbecue set.”
Commercial data drawn from mobile devices, particularly involving location data, can have surprising implications.
The fitness app Strava publicly released a map in 2017 of three trillion individual GPS data points from users who logged their running or cycling routes. But within that data, researchers at nongovernmental organizations and journalists gleaned a trove of valuable national-security information—like the location of U.S. forward-operating bases in Afghanistan, the routes of military supply convoys and the location of secret CIA facilities.
The running routes were even detailed enough to show the internal layout of sensitive facilities and bases.
Write to Byron Tau at byron.tau@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
"used" - Google News
July 18, 2020 at 07:00PM
https://ift.tt/2CqxpB5
Academic Project Used Marketing Data to Monitor Russian Military Sites - The Wall Street Journal
"used" - Google News
https://ift.tt/2ypoNIZ
https://ift.tt/3aVpWFD
Bagikan Berita Ini
0 Response to "Academic Project Used Marketing Data to Monitor Russian Military Sites - The Wall Street Journal"
Post a Comment