May 11, 2021

US Military Is Buying Location Data From Data Brokers, Including Data Pulled From US App Users

By Tim Cushing
As long as government agencies are buying location data from data brokers — possibly eluding warrant requirements while doing so — it makes sense the US military would be doing the same thing. Joseph Cox reports for Motherboard that the American war machine loves location data pulled from phone apps just as much as CBP, ICE, and the Secret Service do.

Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.

The apps creating the data the military is obtaining include some expected sources (given our nation’s constant targeting of some very particular demographics) like the Muslim Pro prayer app and dating app Muslim Mingle. But there are some more unexpected sources, like a Craigslist search app and, weirdly, an app that acts as a level for installing things like shelves and cupboards.

The Muslim Pro app has been downloaded over 98 million times, providing quite the data stash for military intelligence analysts. And, lest we forget, data like this is instrumental in our extrajudicial killing programs. Making this even more horrifying is the fact that some app developers were unaware their software was providing data to the US military. Most spoken to by Motherboard were unfamiliar with the numerous customers lining up to buy the information they’re carelessly demanding from users — customers that likely include government agencies located elsewhere in the world who are not quite as restrained in their investigations, renditions, or killings.

While the data brokers spoken to for this article claim the data is anonymized, current and former employees also made it clear “anonymization” of data being utilized this way is a joke.

USSOCOM bought access to Locate X, a location data product from a company called Babel Street, according to procurement records uncovered by Motherboard. A former Babel Street employee described to Motherboard how users of the product can draw a shape on a map, see all devices Babel Street has data on in that location, and then follow a specific device around to see where else it has been.

The Locate X data itself is anonymized, but the source said “we could absolutely deanonymize a person.” Babel Street employees would “play with it, to be honest,” the former employee added.

Part of the draw is the budget pricing. Millions of data points can be accessed on the cheap. USSOCOM’s licensing package runs less than $100,000, which is pretty much $FREE in terms of US military spending. The military’s spokesperson says the military never uses this cheap access to target US citizens… at least not in the United States. Presumably US targets who wander out of the country are considered fair game.

And it’s not absolutely clear the US military doesn’t have access to domestic location data. Senator Ron Wyden — who has been on top of this since the news broke earlier this year — said lawyers for data broker X-Mode Social (which the military has contracts with) has sold data collected from phones in the US to defense contractors and other military customers. The company has refused to identify which contractors and military customers are purchasing data they have no business obtaining.

But it’s not simple to suss out who’s selling who what data. Everything is intertwined and hidden behind layers and layers of data broker middlemen. Even if apps are letting users know the app will collect their location data, they aren’t telling users this data may end up in the hands of government agencies and military contractors. In most cases, it appears developers are unaware of this fact. In some cases, the middlemen brokers aren’t completely in the loop. It’s impossible for users to make an informed decision about data-sharing, but most likely assume the data collection will only target them with ads, not drone strikes.