"The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data" theguardian.com/world/2020/sep…
Data includes "dates of birth, addresses, marital status, along with photographs, political associations, relatives", data scraped from social media and "information which appears to have been sourced from confidential bank records, job applications". abc.net.au/news/2020-09-1…
Zhenhua Data looks like the Chinese version of US firms such as Babel Street, which sold its social media monitoring and data analytics products "to nearly every major defense, national-security or law-enforcement agency" in the US.
"The database is constructed around numerous existing databases or platforms and harvested into one large database with multiple points of overlap. Significant amounts of data comes from the Dow Jones owned database Factiva"
"Large amounts of the data was open source data ... 10-20% of the data was not publicly or easily available".
It includes "public sector employee records", "from known politicians to political aides to low level military personnel", as well as data on "organized crime figures".
Zhenhua Data "builds a 'relational database', which records and describes associations between individuals, institutions, and information ... weaving in public or sentiment analysis around these targets, Zhenhua offers 'threat intelligence services'."
Basically, like a combination of social media intel, cybersec/threat intelligence and data aggregation from public records and databases such as World Check, plus perhaps from some other data brokers, in combination with some Palantir-style network analysis capabilities.
"When a Globe and Mail reporter visited [the company's office in Shenzhen], three people sat at desks in what appeared to be a converted studio apartment, with the door open to the bathroom".
"The company, led by a former IBM data centre management expert, has also described its work online in job postings, LinkedIn records, blog articles and software patents. One employee described work 'mining the business needs of military customers for overseas data'."
"Stephanie Carvin, a former national security analyst who viewed the database on behalf of The Globe and Mail ... said it wasn’t clear whether this was a database used by Chinese intelligence – or just a database created by a company hoping to sell it to Chinese intelligence"
Zhenhua Data seems to be a tiny company. However, it is "believed to be owned by China Zhenhua Electronics Group which in turn is owned by state-owned China Electronic Information Industry Group (CETC), a military research company", according to ABC: abc.net.au/news/2020-09-1…
Oh, @Jeremy_Kirk writes "this data was sitting on an unsecured elasticsearch cluster for ages. Hundreds of gigabytes. For anyone to download. Including me in January"
Some more findings from our investigation of LiveRamp's ID graph system (), which maintains identity records about entire populations in many countries, including name, address, email and phone, and aims to link these records with all kinds of digital IDs:crackedlabs.org/en/identity-su…
Identity data might seem boring, but if a company knows all kinds of identifying info about everyone, from home address to email to device IDs, it is in a powerful position to recognize persons and link profile data scattered across many databases, and this is what LiveRamp does.
LiveRamp aims to provide clients with the ability to recognize a person who left some digital trace in one context as the same person who later left some trace elsewhere.
It has built a sophisticated system to do this, no matter how comprehensive it can recognize the person.
As part of our new report on RTB as a security threat and previously unreported, we reveal 'Patternz', a private mass surveillance system that harvests digital advertising data on behalf of 'national security agencies'.
5 billion user profiles, data from 87 adtech firms. Thread:
'Patternz' in the report by @johnnyryan and me published today:
Patternz is operated by a company based in Israel and/or Singapore. I came across it some time ago, received internal docs. Two docs are available online.
Here's how Patternz can be used to track and profile individuals, their location history, home address, interests, information about 'people nearby', 'co-workers' and even 'family members', according to information available online:
, a 'social risk intelligence platform' that provides digital profiles about named individuals regarding financial strain, food insecurity, housing instability etc for healthcare purposes.
"It calculates risk scores for each risk domain for each person", according to the promotional video, and offers "clarity and granularity for the entire US".
Not redlining, though. They color it green.
Making decisions based on these metrics about individuals and groups seems to be highly questionable and irresponsible bs.
Bazze, a US data broker that purchases smartphone location data from mobile apps and advertising firms, and sells to the US Dept of Defense, according to the WSJ (), openly promotes a commercial location mass surveillance system for 'government customers'. wsj.com/tech/cybersecu…
I extracted information about mobile location data they claim to sell per country from their website:
New WSJ report found that 'Near', a consumer data broker based in India, Singapore and the US with an office in France, obtained massive location data via digital advertising firms like OpenX, Smaato and AdColony and sold it to US defense/intel agencies: wsj.com/tech/cybersecu…
Near's general counsel and chief privacy officer:
The US govt "gets our illegal EU data twice per day", a "massive illegal data dump".
"We sell geolocation data for which we do not have consent to do so", "we sell data outside the EU for which we do not have consent to do so"
If this isn't reason for EU data protection authorities to take urgent action than I don't know what is.
Yesterday, I published a case study that examines enterprise software for process mining, workflow automation and algorithmic management.
I identified a list of mechanisms that involve personal data processing and can affect workers individually (right) or collectively (center).
I guess rarely anyone has ever examined this kind of software at such a level of detail, from a worker perspective.
The case study explores how employers can exploit worker data based on enterprise software docs. The chart is an excerpt from section 7: crackedlabs.org/en/data-work/p…
The case study is largely based on an analysis of enterprise software docs from a single vendor and its partners, which has its limitations. It's the third in a series of case studies, which are part of a larger project that aims to map how employers use personal data on workers.