Unauthorized sale of tens of thousands of phone location data poses security risks
In a shocking revelation, it has been exposed that data showing the minute-by-minute movement of tens of thousands of smartphones in Ireland is available for purchase from companies in the digital marketing and advertising industries. This revelation, broadcast on the 18 September edition of Prime Time at 9.35pm on RTE One and the RTE Player, has raised concerns about personal privacy, national and domestic security, including at the highest levels of the Department of Justice.
The data, referred to as location or geospatial data, was obtained over two weeks in April and shows the movement of 64,000 phones. This type of data, while not the most commonly available, was offered by several companies. The Defence Forces have expressed concern about the potential compromise of personnel, especially specialized ones like pilots, bomb disposal operators, and captains of ships.
The availability of this data has exposed the locations of military bases, potentially revealing movement times of naval vessels. The Defence Forces take several proactive steps to ensure security is maintained in sensitive locations, including minimizing their electronic footprint in these areas. However, the data reveals that devices passing through Naval Headquarter websites on Haulbowline Island, Cork, were tracked from the base into the waters off the south coast, where signal connection was lost, and later at other ports and harbours.
Multiple devices were seen entering and leaving McKee Barracks in Dublin, home to the Defence Forces' Military Intelligence Service. Phones in the data could be traced back to specific residential addresses after entering high-security prisons, military bases, and Leinster House, as well as sensitive locations like health clinics and mental health facilities.
The Data Protection Commission has expressed concern about the availability of the data, stating that information about an individual's location can pose a serious risk to their social security and well-being. Johnny Ryan of the Irish Council for Civil Liberties stated that the Data Protection Commission has failed for years to address this issue in a meaningful way.
For privacy and security reasons, Prime Time did not attempt to identify the people who passed through these locations. However, the owners of the phones contained in the dataset can typically be identified using reverse phone lookup tools such as Intelius or Social Catfish, which provide the full name, current and past addresses, social media profiles, email addresses, possible criminal records, and property ownership data linked to a phone number.
When asked about privacy concerns, sellers said a privacy breach does not occur because the owner of the phone is not identified, and the smartphone owners would have given permission for the sale of the location data through the terms and conditions of installed apps. Fine Gael TD Barry Ward, whose staff member's phone appeared in the data, is prepared to work with the DPC on the issue.
Kate McDonald and Aaron Heffernan's investigation has sparked a debate about the use and misuse of personal data, and the need for stricter regulations to protect individuals' privacy and social security. As the investigation continues, it is crucial that steps are taken to ensure that personal data is not compromised and that individuals' privacy and social security are prioritized.
