The report from the Irish Council for Civil Liberties (ICCL) highlights how an advertising technology present in almost all websites and apps, distributes sensitive data about EU leaders and personnel that could leave them vulnerable to bad actors.
A new report from an Irish civil liberties watchdog has highlighted what they call a “European Security Crisis” related to the distribution of sensitive data about leaders and personnel that could undermine organisations and institutions.
The issue relates to a widely used online advertising technology called Real-Time Bidding (RTB) which is present across almost all websites and apps.
Real-time bidding refers to the automated buying and selling of online ad impressions through instant auctions. The process typically takes place in the time it takes for a webpage to load and determines which ads appear to the user.
The problem, according to the ICCL, is that this system involves the “broadcasting of sensitive data about people using those websites and apps to large numbers of other entities, without security measures to protect the data”.
The data in question often includes location data or timestamps, which can be used to easily link them to individuals.
The ICCL analysed tens of thousands of pages of RTB data, revealing that it was being used to target EU military personnel and political decision-makers.
“Foreign states and non-state actors can use RTB to spy on target individuals’ financial problems, mental state, and compromising intimate secrets,” the report said.
“Even if target individuals use secure devices, data about them will still flow via RTB from personal devices, their friends, family, and compromising personal contacts,” it continued.
The report pointed out that surveillance technologies such as PATTERNZ, a tool built by a private company called the I.S.A. Israeli Security Academy & technologies, use RTB data in their product.
On its website the firm states that the program “allows national security agencies to utilise real-time and historical user advertising generated data to detect, monitor and predict users actions, security threats and anomalies based on users’ behaviour, location patterns and mobile usage characteristics”.
In a summary of its key findings, the ICCL claimed that Google and other RTB firms sent data about individuals in the US to Russia and China, where local laws permit security agencies to access the data.
In addition, they claimed that RTB data was traded within the EU in a “free-for-all”, meaning foreign and non-state actors could obtain them too.
Google, the largest player in the RTB system, lists 1,102 ad technology providers that potentially receive data from its RTB auctions, which include Russian and Chinese entities.
Microsoft’s advertising and analytics subsidiary, Xandr, lists 1,647 firms among its ad server partners that may receive RTB data from its auctions.
“The RTB industry’s data free-for-all has created a serious national threat,” Dr Johnny Ryan, a Senior Fellow of ICCL, said in a press statement.
“We call on the US Federal Trade Commission, European data protection authorities, and the European Commission to urgently act. The industry can not be allowed to put our elected leaders and military personnel at risk,” he added.
Google and Microsoft have not yet responded to requests for comment on this story.