"Holy hell... This is absolutely unacceptable." "Quite wild." "Grotesque." "Absolutely sickening." "This should be illegal."
Those were just some of the alarmed reactions to reporting by Joseph Cox for Motherboard on Monday that "the U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps."
"The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide," the report continues. "Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a 'level' app that can be used to help, for example, install shelves in a bedroom."
Reps. Ilhan Omar (D-Minn.) and Rashida Tlaib (D-Mich.) were the first two Muslim women elected to Congress, and Omar was the first to wear a hijab. Omar tweeted Monday that "the military industrial complex and the surveillance state have always had a cozy relationship with tech. Buying bulk data in order to profile Muslims is par for the course for them--and is absolutely sickening. It should be illegal!"
Omar was far from alone in expressing outrage over the revelation that the U.S. military is attaining data from mobile phone applications:
According to Motherboard, its expose is the first to reveal that the controversial practice of purchasing such information isn't limited to U.S. law enforcement but also extends to the military. As the report explains:
Through public records, interviews with developers, and technical analysis, Motherboard uncovered two separate, parallel data streams that the U.S. military uses, or has used, to obtain location data. One relies on a company called Babel Street, which creates a product called Locate X. U.S. Special Operations Command (USSOCOM), a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to Locate X to assist on overseas special forces operations. The other stream is through a company called X-Mode, which obtains location data directly from apps, then sells that data to contractors, and by extension, the military.
The news highlights the opaque location data industry and the fact that the U.S. military, which has infamously used other location data to target drone strikes, is purchasing access to sensitive data. Many of the users of apps involved in the data supply chain are Muslim, which is notable considering that the United States has waged a decades-long war on predominantly Muslim terror groups in the Middle East, and has killed hundreds of thousands of civilians during its military operations in Pakistan, Afghanistan, and Iraq. Motherboard does not know of any specific operations in which this type of app-based location data has been used by the U.S. military.
Some critics directed their ire in part at the companies behind the apps named in the report, including Muslim Pro--which reminds users when to pray and the direction Mecca from their current location and includes passages and audio readings from Quran--as well as the dating app Muslim Mingle. Both apps send data to X-Mode.
Both Muslim Pro and Mingle didn't respond to Motherboard's requests for comment. Sen. Ron Wyden (D-Ore.) told the outlet that "in a September call with my office, lawyers for the data broker X-Mode Social confirmed that the company is selling data collected from phones in the United States to U.S. military customers, via defense contractors. Citing non-disclosure agreements, the company refused to identify the specific defense contractors or the specific government agencies buying the data."
The "Trusted Partners" section of X-Mode's website previously listed as customers the contractors Sierra Nevada Corporation and Systems & Technology Research, but multiple company names have been removed from the page as Wyden's office and Motherboard have conducted investigations, according to the news outlet--which noted that multiple app developers who work with X-Mode said they didn't know their users' location data was shared with military contractors.
X-Mode told Motherboard by email that it "does not work with Sierra Nevada or STR" but didn't deny they had been customers; neither of the companies responded to requests for comment. X-Mode also said it "licenses its data panel to a small number of technology companies that may work with government military services, but our work with such contractors is international and primarily focused on three use cases: counterterrorism, cybersecurity, and predicting future Covid-19 hotspots."
While Babel Street also didn't reply to Motherboard's requests for comment, Navy Cmdr. Tim Hawkins, a USSOCOM spokesperson, confirmed the Locate X purchase and told the outlet: "Our access to the software is used to support Special Operations Forces mission requirements overseas. We strictly adhere to established procedures and policies for protecting the privacy, civil liberties, constitutional and legal rights of American citizens."
Wolfie Christl, a researcher, writer, and digital rights activist at Cracked Labs in Austria, calledMotherboard's investigation "so far the most comprehensive report on how all kinds of mobile apps share or sell location data with data brokers, who in turn sell it to U.S. military and defense contractors, all without the users' knowledge."
"The mobile app ecosystem is totally broken," Christl added.
Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation working on surveillance and privacy, joined those weighing in on the report via Twitter by writing that "law enforcement and government have always had an 'if the data is out there, we want it' approach."
"If there are apps or companies that think they can make a quick buck by selling data you shared with them," Guariglia added, "they will ALWAYS find a buyer in the government."