Search

Real-Time Bidding (RTB) allows foreign states and non-state actors to obtain compromising sensitive personal data about key European personnel and leaders.

Key insights:

• Our investigation highlights a widespread trade in data about sensitive European personnel and leaders that exposes them to blackmail, hacking and compromise, and undermines the security of their organisations and institutions.

• These data flow from Real-Time Bidding (RTB), an advertising technology that is active on almost all websites and apps. RTB involves the broadcasting of sensitive data about people using those websites and apps to large numbers of other entities, without security measures to protect the data. This occurs billions of times a day.

• Our examination of tens of thousands of pages of RTB data reveals that EU military personnel and political decision makers are targeted using RTB.

• This report also reveals that Google and other RTB firms send RTB data about people in the U.S. to Russia and China, where national laws enable security agencies to access the data. RTB data are also broadcast widely within the EU in a free-for-all, which means that foreign and non-state actors can indirectly obtain them, too.

• RTB data often include location data or time-stamps or other identifiers that make it relatively easy for bad actors to link them to specific individuals. Foreign states and non-state actors can use RTB to spy on target individuals’ financial problems, mental state, and compromising intimate secrets. Even if target individuals use secure devices, data about them will still flow via RTB from personal devices, their friends, family, and compromising personal contacts.

• In addition, private surveillance companies in foreign countries deploy RTB data for surreptitious surveillance. We reveal “Patternz”, a previously unreported surveillance tool that uses RTB to profile 5 billion people, including the children of their targets.

• Our examination of RTB data reveals Cambridge Analytica style psychological profiling of target individuals’ movements, financial problems, mental health problems and vulnerabilities, including if they are likely survivors of sexual abuse.

• Real-Time Bidding's security flaw is a national security problem

Under the pretense of fortifying digital security in the United States, newly proposed legislation seeks to transform the United States Postal Service (USPS) into a hub for digital IDs. Senators Ron Wyden, a Democrat, and Bill Cassidy, Republican, have put forth the bill known as the Post Office Services for Trustworthy Identity Act. The proposed legislation opens new discourse on digital privacy and the potential for abnormal surveillance measures, sparking debate over the delicate balance between biosecurity and preserving citizens’ fundamental rights.

We obtained a copy of the bill for you here [PDF].

The proposed legislation comes in response to the piecemeal approach taken towards biometric identification in America. Historically, disjointed programs have been created by different states and separate agency undertakings, giving rise to the necessity for a more coherent national strategy. The Post Office Services for Trustworthy Identity Act could mark a landmark shift, focusing on service provision rather than overarching digital ID strategy.