
Die deutsche Version dieses Artikels finden Sie
hier.
It’s an early Tuesday morning somewhere in Bavaria. A person gets into a car to begin the commute to work. The person’s location data, which we have obtained, show the precise route taken for the commute. The drive ends at a secured facility to which most people have no access – a intelligence location in Upper Bavaria.
The person’s name isn’t in the data. But we are able to figure out where they likely live – namely in the house where they spend most of their nights. We have thousands of signals from that location. To protect the person, we are not publishing their place of residence here.
We are able to follow their route to work dozens of times.
This location data is from a vast trove of data that we, BR and
netzpolitik.org
, have evaluated – long tables with coordinates, timestamps accurate down to the second and identification numbers known as advertising IDs. Expressed as a series of letters and numbers, advertising IDs are used by the advertising industry to serve targeted advertising to select smartphones. But the location data can also be used for other purposes: If you have all the location data for a specific advertising ID, you can create a movement profile for an individual person.Movement Profiles Reveal Intimate Details
Such datasets are sold on the internet – on a marketplace headquartered in Berlin for example. When approached by
netzpolitik.org
, a vendor there made a sample dataset available free of charge in the hopes of securing a new customer. The data includes 3.6 billion individual location datapoints from smartphone apps. Our reporting shows that the data makes it possible to establish movement profiles – some of them quite precise – of several million people across Germany.Such movement profiles reveal personal, even intimate details about smartphone users: Where do they work? Where do they live? Where do they do their shopping? Do they sometimes spend the night elsewhere? Do they make frequent visits to the hospital? Or to a psychiatrist? Or perhaps a brothel? We found all of that in the dataset we were provided.
In an interview with BR and
netzpolitik.org
, Konstantin von Notz, a Green Party member of German parliament, the Bundestag, spoke of a data protection problem for all people in Germany “who have a mobile phone and who have to be able to move around freely and unobserved in this country.” He is the chair of the Bundestag’s Parliamentary Oversight Panel (PKGr), which keeps tabs on German intelligence organizations. First and foremost, however, he sees a “relevant security problem,” and warns that hostile states could use such data for spying purposes.And we are in fact able to learn, with the help of our dataset, private details about the person who regularly drives to the building in Bad Aibling: including family relationships, preferred supermarket and weekend activities.
We can even see where in the BND complex this person spends most of their time – in a building that made global headlines several years ago.
From a distance, we are unable to prove that this person works for the U.S. intelligence agency NSA in Germany. But there are plenty of clues pointing in that direction. We approach the U.S. Embassy and the BND to ask if they still cooperate in Bad Aibling and if they are aware that location data could provide an opening for espionage. But we receive no response to our query.
We continue analyzing the data to see if other security agencies might be affected – and quickly make our next discovery.
We follow the location data of one person who regularly parks there. Using their place of residence, we are able to determine this person’s name and find several social media profiles. We now know their rough age, education level, family situation and hobbies, in addition to having seen numerous vacation photos.
When contacted by BR and
netzpolitik.org
, the Verfassungsschutz said that private and work phones are not allowed at agency facilities. It is a rule that may make it more difficult for confidential information to reach the outside world. But despite the measure, it is still possible to track staff members back to their own homes.The Verfassungsschutz told BR and
netzpolitik.org
that it would establish appropriate measures for the protection of its employees and would sensitize them to the potential security risks relating to the evaluation of their location data.“Extremely High” Espionage Danger
“If you know how people behave and move, then they can be spied on,” says Konstantin von Notz. “Then you can establish contact or generate random situations to start a conversation with the ultimate goal or recruiting them, bribing them or whatever.” His deputy on the Parliamentary Oversight Panel, the Christian Democrat Roderich Kiesewetter, believes the risk of espionage is “extremely high.” Germany, he says, is “in the focus of Russian, Chinese and Iranian operations of influence.” Commercially traded data, he says, provide an opening for spying by foreign intelligence agencies or criminals.
Tens of Thousands of Cases at the Military and Police
We systematically examine additional publicly known locations across Germany that are relevant for national security – and the situation is similar everywhere we look. We find tens of thousands of movement profiles of people who have access to these sensitive sites, including facilities belonging to the Federal Criminal Police Office (BKA), the Special Operations Forces (KSK) of the German military, other German military and air force facilities, federal ministries, the German agency responsible for securing military supplies, the elite force of the German federal police (GSG9), defense companies and many more.
The U.S. Embassy in Germany declined to comment on the cases within its area of responsibility. When confronted with the cases of location data within their areas of responsibility, the Interior Ministry and the Defense Ministry stated that their employees are regularly informed of the danger of surveillance. Both are apparently aware that foreign intelligence agencies use commercially available data for espionage. They stated that foreign intelligence agencies use all available means to acquire information, exert influence and pursue their own interests. That includes, they said, the purchase and use of data available on the internet.
Questions and Answers about the investigation
Where does the data come from?
The data comes from a U.S. data vendor who offers it for purchase on an online marketplace based in Berlin. The internet marketplace Datarade sees itself as a broker between data vendors and people or companies who are interested in buying that data. Those looking to purchase data through Datarade must register on the platform. Sebastian Meineck from
netzpolitik.org
did so, using his real name and his newsroom’s address. Soon after he completed his registration, several vendors contacted Meineck with offers. After a brief phone call, one of the vendors sent him a download link leading to an extensive dataset.netzpolitik.org
shared this dataset with BR and it was then evaluated jointly. The online platform Datarade and the seller of the data did not respond to queries from BR andnetzpolitik.org
.Did we pay for the data?
No. Even though the dataset includes 3.6 billion datapoints, it was provided free of charge as a sample for a potential monthly subscription the vendor was hoping to sell. The data are from a period of around eight weeks near the end of 2023. A subscription that includes hourly updated location data for people from over 150 countries would cost $14,000 per month.
Why is such data for sale on the internet?
Companies typically purchase this information for the purposes of sending personalized advertising to mobile phones. An example: A person who visited a furniture store on a Saturday would be sent targeting advertisements for home decoration objects.
What apps collect the data?
We received no information about the apps that collected the data. Neither the data vendor nor Datarade responded to our questions. Other vendors speak generally about apps for weather, navigation, gaming and dating, saying they have established good contacts with the developers of such apps and have been provided direct access to the data.
Depending on settings, smartphone operating systems like iOS and Android allow installed apps to collect and share location data. Whether they do so only when the app is in use or also when they are running in the background depends on the operating system and on what access rights the user has given the app.
What was the reaction of those people we found in the dataset?
BR and
netzpolitik.org
contacted several people whose movement profiles we found in the dataset. They confirmed that the data was accurate. There were some minor errors, but vacations, work commutes and even walks with the dog could all identified with the data. All of them expressed surprise that their location data had been offered up for purchase by a data vendor from the U.S. The EU’s General Data Protection Regulation (GDPR) codifies the principle of consent: Apps are only allowed to share location data with third parties if users explicitly provide their permission during installation. The people we spoke with said they couldn’t remember having provided their permission for the sharing of their location data.Why is this data trade not prohibited?
Data vendors who operate outside of the European Union are largely inaccessible for European agencies, says Louisa Specht-Riemenschneider, a professor of data rights and data protection at the University of Bonn and the German government’s designated data protection commissioner. But trading platforms like the Berlin-based Datarade are also difficult to regulate. “The data marketplace is essentially a broker that does not process any personal data itself. In a sense, it is a regulatory gap.” She says that it is urgently necessary for lawmakers to find a solution.
Do German intelligence agencies also use such data?
It is legally permissible, but there is far too little regulation, says Thorsten Wetzling of Interface, a Berlin think tank that specializes in the societal impacts of digitalization. A current Interface study indicates that German intelligence services also used commercially available datasets for their purposes. “Intelligence agencies, no matter what country they are from, have an interest in collecting as much information as they can,” says Wetzling. The BND and the Verfassungsschutz declined to respond to questions on this issue. Wetzling says: “This possibility of obtaining information with a credit card is one that poses numerous risks to national security and deeply impacts the freedoms and fundamental rights of millions of app users, which we all are.”
How is it possible for users to avoid ending up in such a dataset?
Users can check two settings on their smartphones: location sharing and the advertising ID. Instructions on how to do so can be found on the BR24 website (in German).
About the investigation
Published on 16.7.2024.
The investigation is a cooperation with
- Team BR: Katharina Brunner, Rebecca Ciesielski, Maximilian Zierer
- Team netzpolitik.org: Ingo Dachwitz, Sebastian Meineck
- Digital Design: Max Brandl, Marco Lettner
- Editors: Eva Achinger, Robert Schöffel
- Translation: Charles Hawley
- Team Lead: Verena Nierle
Further publications on this investigation:
- tagesschau.de: Das gefährliche Geschäft mit den Standortdaten (German)
- tagesschau-Podcast 11km: Investigativ-Recherche: Wie Handy-Daten zum nationalen Sicherheitsrisiko werden (German)
- BR-Podcast "Der Funkstreifzug": Handel mit Standortdaten: Gefahr für die Innere Sicherheit (German)
- report München: Sendung am 16.7.2024 um 21:45 Uhr im Ersten oder in der ARD-Mediathek (German)
- BR24: Standortdaten: Spionagerisiko für Militär und Geheimdienste (German)
- netzpolitik.org: Die große Datenhändler-Recherche im Überblick (German)
- netzpolitik.org: Firma verschenkt 3,6 Milliarden Standorte von Menschen in Deutschland (German)
- netzpolitik.org: Jetzt testen: Wurde mein Handy-Standort verkauft? (German)
- netzpolitik.org: How data brokers turn our privacy into money and jeopardise national security (English)
Images: