FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
You may have heard about data breaches a lot more times than you may have heard about money laundering or any other crimes. This is because data = money is a common phenomenon that everybody knows. Data could be exchanged for money and everyone thinks is easy to make fast money.
To make fast money people do a lot of things. Some do positive things and take positive actions towards their life goals to make hard-earned money. On the other hand, people want some shortcuts to attain the money load within a short period.
Everyone tries to save their sensitive data from online scammers because they have several ways to convert data into hard cash. Something like this happened in the U.S. a few days ago. What’s that and how did it happen, let’s talk about it.
A company in the U.S. is being investigated because of a great claim that says the company is selling people’s confidential data to their clients by purchasing it from unauthorized collectors of data. This data that is being bought and sold so fast is putting the lives of the related case on the verge of disaster. That’s because…..
Monday, The U.S. Federal Trade Commission (FTC)
After a sniff of fraud, the FTC sued Kochava, (location data broker), which was collecting and selling precise geolocation data collected from consumers’ mobile devices. Let’s see what was the case itself and what were the actions taken toward justice.
Related news here: https://www.cnbc.com/2022/08/29/ftc-sues-data-broker-kochava-for-allegedly-selling-phone-location-data.html
According to the case, the U.S. company collects a “wealth of data” about users by buying that data from other unauthorized data holders (brokers). That is just so that the company can sell that illicit data to their clients for a big amount.
“After collecting data, Kochava sells modified data feeds to its clients, among other works, in promoting and analyzing foot traffic at stores/ various locations.”
“Among other genres, Kochava deals with latitude and longitude that have timestamped which shows the location of mobile devices”
“Clients who bought the data from the organization, got the facility to track people at their daily location. It could reveal data about the personal choices of people related to their health, religious belief, and major they take to secure their data from attackers”
“Breach of this data could become the reason for stigma, discrimination, physical attacks, emotional distress, and other harms of people related to it.”
The organization claims to be a “real-time data solutions company” and the “largest independent data marketplace for connected devices.” Moreover, it says that Kochava Collective data marketplace offers “premium data feeds, potential traffic aiming, and audience enrichment”. About that, they say it became possible via a privacy-first by design approach.
How does Data get Distributed?
Deal of location data is made to the clients in the form of a feed. Clients could access it via online data marketplaces for a $25,000 subscription.
In July, 2022
It offered a free demo set that was available on Amazon Web Services Marketplaces without any restrictions on its use. The duration of that offer was 7 Days.
There, the market is not making any offers, right now. We get that from a saved internet archive snapshot (15, Aug, 2021) that kochava had introduced three of its products in the market, at that time.
- COVID-19: Data for the Greater Good – Global Precision Location Data (free)
- US Precision Geo Transactional Feed – Sample (free)
- US Precision Geo Transactional Feed ($25,000)
“The Premium U.S. precision Geo feed shares raw latitude/ longitude data at vol 94B+/ month transactions with 125 million monthly active users and 35 million daily active users. If we look at the average transaction then it would be 90 transactions per device.”
Things to Observe
This deserves to be noticed, that each combo of time-stamped latitude and longitude coordinates is connected with a device identifier. That means, IOS and Android assign MAIDs (Mobile Advertising IDs) which is a unique, anonymous alphanumeric identifiers to every mobile device.
Though this string could be modified, it needs the clients to proactively and manually reset the identifier at a scheduled time.
Risk on Consumers
Consumer Protection Watchdog said – Sales of the Company’s Geolocation could put the Customers’ data in danger. Plus, the data could help clients to observe and track targeted mobile device users. Worse than that could be clients using a combination of it with other datasets like asset records to disclose their ID.
However, kochava has refused the allegations in a countersuit it filed in contrast to the FTC on 12, Aug. The statement was like this – they “illustrate a lack of understanding” of its services and that it links the MAID Data to hashed emails and primary IP addresses.
“Consumer Protection Watchdog said – Sales of Company’s Geolocation could put the Customers’ data in danger. Plus, the data could help clients to observe and track targeted mobile users. Worse than that could be, clients using a combination of it with other datasets like assets records to disclose their ID.”
Actions Taken in Consideration of Public Data Safety
The claim comes as,
FTC alerted organizations in contrast to the illegal use and distribution of highly confidential data with false claims about data anonymization.
Early this month, an announcement was also made, that to fight against business surveillance practices it’s preparing some rules so that nobody could collect, analyze, and lash around from the personal data of innocent people for their cause.
Watch more news here:
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
The number of companies caught up in recent hacks keeps growing