Justin Sherman
They tracked phones traveling from U.S. military barracks in Germany to work buildings, Italian restaurants, grocery stores, and bars. They tracked 189 devices inside a high-security German military installation, as people walked around—and watched as four mobile devices from Ramstein Air Base, a U.S. Air Force installation in Germany, traveled to brothels off-base, including a place called SexWorld.
This specific story isn’t an operation by China’s Ministry of State Security (MSS) or Russia’s military intelligence agency (GRU)—it’s a joint effort by Wired, Bayerischer Rundfunk, and Netzpolitik.org showing just some of what can be done with more than 3 billion phone location pings gathered (and sold) by a U.S. data broker. But it just as easily could have been conducted by a foreign actor, especially one with deep pockets, years of experience in deception, and a persistent dedication to gathering data on U.S. persons and targeting the U.S. government.
Far from an isolated incident, this latest, troubling story speaks to an urgent problem for the incoming presidential administration and Congress: how to keep building out data security protections for all Americans, including military service members and intelligence community personnel, in light of ever-expanding for-profit data collection and a raft of growing data threats from—among others—the Chinese government. It is far too easy for foreign actors to obtain highly sensitive data, including geolocation data on people serving in the military and intelligence community, via data brokers and other commercial firms and use it to harm those people and the country. As the next administration identifies its top policy priorities in what it describes as strategic competition with China—and as the United States faces highly persistent adversaries determined to collect and exploit Americans’ and U.S. companies’ data, including to run intelligence operations and build artificial intelligence (AI) models—it should integrate this problem into its approach to China, cybersecurity, and strategic questions around data.
No comments:
Post a Comment