The pitch noted that this kind of mass phone surveillance could be used by Zignal to aid unspecified clients with “counter-messaging,” debunking Russian claims that such military buildups were mere training exercises and not the runup to an invasion. “When you’re looking at counter-messaging, where you guys have a huge part of the value you provide your client in the counter-messaging piece is — [Russia is] saying, ‘Oh, it’s just local, regional, um, exercises.’ Like, no. We can see from the data that they’re coming from all over Russia.”
To fully impress upon its audience the immense power of this software, Anomaly Six did what few in the world can claim to do: spied on American spies. “I like making fun of our own people,” Clark began. Pulling up a Google Maps-like satellite view, the sales rep showed the NSA’s headquarters in Fort Meade, Maryland, and the CIA’s headquarters in Langley, Virginia. With virtual boundary boxes drawn around both, a technique known as geofencing, A6’s software revealed an incredible intelligence bounty: 183 dots representing phones that had visited both agencies potentially belonging to American intelligence personnel, with hundreds of lines streaking outward revealing their movements, ready to track throughout the world. “So, if I’m a foreign intel officer, that’s 183 start points for me now,” Clark noted.
The NSA and CIA both declined to comment.
Clicking on one of dots from the NSA allowed Clark to follow that individual’s exact movements, virtually every moment of their life, from that previous year until the present. “I mean, just think of fun things like sourcing,” Clark said. “If I’m a foreign intel officer, I don’t have access to things like the agency or the fort, I can find where those people live, I can find where they travel, I can see when they leave the country.” The demonstration then tracked the individual around the United States and abroad to a training center and airfield roughly an hour’s drive northwest of Muwaffaq Salti Air Base in Zarqa, Jordan, where the U.S. reportedly maintains a fleet of drones.
“There is sure as hell a serious national security threat if a data broker can track a couple hundred intelligence officials to their homes and around the world,” Sen. Ron Wyden, D-Ore., a vocal critic of the personal data industry, told The Intercept in an interview. “It doesn’t take a lot of creativity to see how foreign spies can use this information for espionage, blackmail, all kinds of, as they used to say, dastardly deeds.”
Back stateside, the person was tracked to their own home. A6’s software includes a function called “Regularity,” a button clients can press that automatically analyzes frequently visited locations to deduce where a target lives and works, even though the GPS pinpoints sourced by A6 omit the phone owner’s name. Privacy researchers have long shown that even “anonymized” location data is trivially easy to attach to an individual based on where they frequent most, a fact borne out by A6’s own demonstration. After hitting the “Regularity” button, Clark zoomed in on a Google Street View image of their home.
“Industry has repeatedly claimed that collecting and selling this cellphone location data won’t violate privacy because it is tied to device ID numbers instead of people’s names. This feature proves just how facile those claims are,” said Nate Wessler, deputy director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “Of course, following a person’s movements 24 hours a day, day after day, will tell you where they live, where they work, who they spend time with, and who they are. The privacy violation is immense.”
The demo continued with a surveillance exercise tagging U.S. naval movements, using a tweeted satellite photo of the USS Dwight D. Eisenhower in the Mediterranean Sea snapped by the commercial firm Maxar Technologies. Clark broke down how a single satellite snapshot could be turned into surveillance that he claimed was even more powerful than that executed from space. Using the latitude and longitude coordinates appended to the Maxar photo along with its time stamp, A6 was able to pick up a single phone signal from the ship’s position at that moment, south of Crete. “But it only takes one,” Clark noted. “So when I look back where that one device goes: Oh, it goes back to Norfolk. And actually, on the carrier in the satellite picture — what else is on the carrier? When you look, here are all the other devices.” His screen revealed a view of the carrier docked in Virginia, teeming with thousands of colorful dots representing phone location pings gathered by A6. “Well, now I can see every time that that ship is deploying. I don’t need satellites right now. I can use this.”
Though Clark conceded that the company has far less data available on Chinese phone owners, the demo concluded with a GPS ping picked up aboard an alleged Chinese nuclear submarine. Using only unclassified satellite imagery and commercial advertising data, Anomaly Six was able to track the precise movements of the world’s most sophisticated military and intelligence forces. With tools like those sold by A6 and Zignal, even an OSINT hobbyist would have global surveillance powers previously held only by nations. “People put way too much on social media,” Clark added with a laugh.
As location data has proliferated largely unchecked by government oversight in the United States, one hand washes another, creating a private sector capable of state-level surveillance powers that can also fuel the state’s own growing appetite for surveillance without the usual judicial scrutiny. Critics say the loose trade in advertising data constitutes a loophole in the Fourth Amendment, which requires the government to make its case to a judge before obtaining location coordinates from a cellular provider. But the total commodification of phone data has made it possible for the government to skip the court order and simply buy data that’s often even more accurate than what could be provided by the likes of Verizon. Civil libertarians say this leaves a dangerous gap between the protections intended by the Constitution and the law’s grasp on the modern data trade.
“The Supreme Court has made clear that cellphone location information is protected under the Fourth Amendment because of the detailed picture of a person’s life it can reveal,” explained Wessler. “Government agencies’ purchases of access to Americans’ sensitive location data raise serious questions about whether they are engaged in an illegal end run around the Fourth Amendment’s warrant requirement. It is time for Congress to end the legal uncertainty enabling this surveillance once and for all by moving toward passage of the Fourth Amendment Is Not For Sale Act.”
Though such legislation could restrict the government’s ability to piggyback off commercial surveillance, app-makers and data brokers would remain free to surveil phone owners. Still, Wyden, a co-sponsor of that bill, told The Intercept that he believes “this legislation sends a very strong message” to the “Wild West” of ad-based surveillance but that clamping down on the location data supply chain would be “certainly a question for the future.” Wyden suggested that protecting a device’s location trail from snooping apps and advertisers might be best handled by the Federal Trade Commission. Separate legislation previously introduced by Wyden would empower the FTC to crack down on promiscuous data sharing and broaden consumers’ ability to opt out of ad tracking.
A6 is far from the only firm engaged in privatized device-tracking surveillance. Three of Anomaly Six’s key employees previously worked at competing firm Babel Street, which named all three of them in a 2018 lawsuit first reported by the Wall Street Journal. According to the legal filing, Brendan Huff and Jeffrey Heinz co-founded Anomaly Six (and lesser-known Datalus 5) months after ending their employment at Babel Street in April 2018, with the intent of replicating Babel’s cellphone location surveillance product, “Locate X,” in a partnership with major Babel competitor Semantic AI. In July 2018, Clark followed Huff and Heinz by resigning from his position as Babel’s “primary interface to … intelligence community clients” and becoming an employee of both Anomaly Six and Semantic.
Like its rival Dataminr, Zignal touts its mundane partnerships with the likes of Levi’s and the Sacramento Kings, marketing itself publicly in vague terms that carry little indication that it uses Twitter for intelligence-gathering purposes, ostensibly in clear violation of Twitter’s anti-surveillance policy. Zignal’s ties to government run deep: Zignal’s advisory board includes a former head of the U.S. Army Special Operations Command, Charles Cleveland, as well as the CEO of the Rendon Group, John Rendon, whose bio notes that he “pioneered the use of strategic communications and real-time information management as an element of national power, serving as a consultant to the White House, U.S. National Security community, including the U.S. Department of Defense.” Further, public records state that Zignal was paid roughly $4 million to subcontract under defense staffing firm ECS Federal on Project Maven for “Publicly Available Information … Data Aggregation” and a related “Publicly Available Information enclave” in the U.S. Army’s Secure Unclassified Network.
The remarkable world-spanning capabilities of Anomaly Six are representative of the quantum leap occurring in the field of OSINT. While the term is often used to describe the internet-enabled detective work that draws on public records to, say, pinpoint the location of a war crime from a grainy video clip, “automated OSINT” systems now use software to combine enormous datasets that far outpace what a human could do on their own. Automated OSINT has also become something of a misnomer, using information that is by no means “open source” or in the public domain, like commercial GPS data that must be bought from a private broker.
While OSINT techniques are powerful, they are generally shielded from accusations of privacy violation because the “open source” nature of the underlying information means that it was already to some extent public. This is a defense that Anomaly Six, with its trove of billions of purchased data points, can’t muster. In February, the Dutch Review Committee on the Intelligence and Security Services issued a report on automated OSINT techniques and the threat to personal privacy they may represent: “The volume, nature and range of personal data in these automated OSINT tools may lead to a more serious violation of fundamental rights, in particular the right to privacy, than consulting data from publicly accessible online information sources, such as publicly accessible social media data or data retrieved using a generic search engine.” This fusion of publicly available data, privately procured personal records, and computerized analysis isn’t the future of governmental surveillance, but the present. Last year, the New York Times reported that the Defense Intelligence Agency “buys commercially available databases containing location data from smartphone apps and searches it for Americans’ past movements without a warrant,” a surveillance method now regularly practiced throughout the Pentagon, the Department of Homeland Security, the IRS, and beyond.