icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
9 Dec, 2021 18:43

How even your deleted messages can be secretly accessed by US intelligence agencies

How even your deleted messages can be secretly accessed by US intelligence agencies

A new study spells out in alarming detail how easy it is for American security services and law enforcement agencies to bypass conventional legal routes to access all manner of confidential data from your phone.

RT recently reported on a leaked document, which exposed how the Federal Bureau of Investigation and US law enforcement can access a wealth of data from popular messaging apps via methods such as court orders and subpoenas.

Users would no doubt be shocked to learn the readiness with which WhatsApp and iMessage might hand over highly sensitive, private information without their knowledge or consent. However, the findings of a new report from the Center for Democracy and Technology make for even more disturbing reading – for they starkly reveal how US security and intelligence services can easily access an even wider array of personal data from private providers, and in the process circumvent legal processes.

Drawing on dozens of records and files, the CDT outlines how, via various sleights of hand and liberal exploitation of regulatory loopholes, law enforcement can obtain information not accessible by the average citizen, which would typically necessitate a court-approved search warrant to access, while still claiming their invasive snooping is ‘open source,’ and their illicit findings ‘publicly available.’ This data then informs activities such as “pre-investigative inquiries, intelligence gathering, crime prevention, or criminal investigations.”

For example, each and every smartphone is a hotbed of geolocation data collection – with GPS, cell towers and wi-fi networks and other sources harvesting vast swaths of information on users – which then crafts individualized advertisements for them. Babel Street – avowedly “the world’s leading AI-enabled data-to-knowledge company” – has provided numerous US federal agencies with historical location data collected from advertising sources, including the DEA, ICE, IRS, Secret Service, and Treasury Department.

The company also offers a premium service for “select” customers “pending approved use cases” – which presumably means governmental clientele – that “offers access to additional metadata.” To what this refers is uncertain, and it’s unknown which, if any, of the agencies that have made use of Babel Street’s services have plumped for the elite add-on.

Nonetheless, a contract awarded by the ICE to “integrated communications” firm Barbaricum indicates the agency seeks the capability to “geolocate individuals beyond standard geotagging,” “monitor and analyze all social media activities” across every conceivable platform, including “foreign/dark web/deep web social media networks in REAL-TIME,” create “psychological profiles” of targets, and even “identify whether a user has deleted messages and provide content from deleted accounts and/or deleted messages.”

The report states that accessing this information would typically require a US security and/or intelligence agency to secure a warrant. That’s not the case, though, when Barbaricum can simply be given millions in public funds to turn it over in secret. Coincidentally, it partners with the highly controversial Palantir, which over the course of the global pandemic has potentially accessed all manner of highly sensitive personal information on citizens the world over, in the name of protecting public health.

Similarly, the FBI and Customs and Border Protection have both contracted with data broker Venntel, which sells location data gathered from sources including everyday apps, such as weather forecasts. Clients can view the locations of smartphones over time, and potentially identify named people, scouring particular areas for certain users. The Department of Homeland Security also receives “geographic marketing data” of an indeterminate kind from Venntel.

International media conglomerate Thomson Reuters, one of the world’s largest data aggregators, has contracts worth tens of millions of dollars with US security and intelligence services, providing location tracking and other services. Moreover, its ‘Special Services’ subsidiary offers “strategic and tactical global risk insights” to these agencies, through products like the Consolidated Lead Evaluation and Reporting (CLEAR) database. A Marine Corps Intelligence division justification for using the resource states that it offers “live gateways to real-time data.”

This includes information scraped from “primary sources and unique data only available to CLEAR,” such as cell phone and carrier data. While the scope of this isn’t apparent, an ICE contract with Thomson Reuters Special Services indicates the company’s products “will allow the agency to quickly build a full picture of a person of interest through finding contact and location information, identifying associations, making connections between individuals, activities, locations, and more with the most recent and relevant information updated frequently.”

Mulitple agencies, including the Department of Treasury Office of Intelligence and Analysis, have made use of CLEAR in recent years. Meanwhile, analytics firm RELX Group provides services to Citizenship and Immigration Services, Customs, the FBI, ICE, and the Secret Service. For instance, the FBI contacts the conglomerate for information including social security numbers, addresses, dates of birth, citizenship, marital status, and more, as part of its “Computer Assisted Legal Research” remit.

One key RELX component is ThreatMetrix, which tracks users online, and openly ranks “web and mobile device intelligence” and “true geolocation” as its “first layer of defense.” It collects and processes intelligence from millions of daily consumer interactions including logins, payments, and new account applications. A unique digital identity is then created for a target, by analyzing the connections between their devices, locations, and personal information.

ThreatMetrix boasts that its dedicated government offering “provides the fast, digital identity assessment agencies need.”

“It harnesses data intelligence about devices, locations, identities and past behaviors across one of the world’s largest, crowdsourced, global digital networks. The result is government agencies know who they’re transacting with.”

Extraordinarily, even utilities data is sought after for the purposes of intelligence gathering and surveillance. After all, such information not only offers up an individual’s address, but records related to power contracts and usage can be used to infer how many people live at a particular residence, or even when individuals are and aren’t at home.

As the aforementioned Marine Corps Intelligence contract with Thomson Reuters notes, utility insights are an ideal means of tracking down individuals not easily traceable via “traditional sources.” The CDT report notes that the ICE has relied on utilities data to “effectuate arrests and sometimes deportations.” It’s clear that almost any information collected on private citizens can and will be weaponized against extrajudicially at any time.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.

Podcasts