As connected individuals, part of a modern society, we generate data with everything we do. Every card-payment, website visit, browser search, social media post, and online message yields data points. Our phones register every action taken in every downloaded app; if the GPS is active they register every place we visit; and if we use biometric data monitoring they register our every heartbeat. It is virtually impossible to get an overview of the data we use and generate—data are everywhere.
The overwhelming abundance of data has ushered in the ‘age of analytics’,2 where data informs the decisions, strategies, and activities of governments, corporations, and individuals. For military organisations, data are a great asset— they provide valuable intelligence for operational planning, allow for near real-time situational awareness in the information environment, improve accuracy in recruitment, enable accurate simulations and exercises, and contribute to shortening military decision-making cycles.
As with any new technology, data analytics create opportunities for both use and abuse. A number of risks and vulnerabilities have for too long been neglected in relation to the generation, collection, and dissemination of data. When aggregated at scale, data reveal patterns and enable inferences that can compromise the integrity and threaten the security of individuals and organisations.
When traded without oversight, data can easily be used for unethical purposes. And when maliciously exploited, data can be used for tracking, manipulation, extortion, and scamming. From a security perspective, the actors who control and own data in the information environment are critically important.
This report takes a closer look at data brokers and the data industry to investigate how the commercial availability of data can be exploited and lead to security issues for military organisations such as NATO and its Allies. It aims both to provide an overview of the data broker industry and its procedures, and to discuss risks and vulnerabilities related to this industry. It also describes the proof-of-concept experiment conducted by researchers from the NATO StratCom COE who engaged with multiple data brokers and purchased consumer data from an analytics company, and then used red-team analysis to assess how such data can be exploited.
Report findings were presented during #StratComTalks on 4 November 2020: