A new investigation reveals that Eskimi, a Lithuanian ad-tech company, may have provided sensitive location data of US military personnel in Germany to Datastream Group, a Florida-based data broker. This raises serious concerns about the security of military personnel and the opaque practices of the location data industry.
Last year, a media investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States military and intelligence personnel overseas. At the time, the origin of that data was unknown.
Now, a letter sent to US senator Ron Wyden’s office that was obtained by an international collective of media outlets—including WIRED and 404 Media—reveals that the ultimate source of that data was Eskimi, a little-known Lithuanian ad-tech company. Eskimi’s role highlights the opaque and interconnected nature of the location data industry: A Lithuanian company provided data on US military personnel in Germany to a data broker in Florida, which could then theoretically sell that data to essentially anyone. “There’s a global insider threat risk, from some unknown advertising companies, and those companies are essentially breaking all these systems by abusing their access and selling this extremely sensitive data to brokers who further sell it to government and private interests,” says Zach Edwards, senior threat analyst at cybersecurity firm Silent Push, referring to the ad-tech ecosystem broadly. In December, the joint investigation by WIRED, Bayerischer Rundfunk (BR), and Netzpolitik.org analyzed a free sample of location data provided by Datastream. The investigation revealed that Datastream was offering access to precise location data from devices likely belonging to American military and intelligence personnel overseas—including at German airbases believed to store US nuclear weapons. Datastream is a data broker in the location data history, sourcing data from other providers and then selling it to customers. Its website previously said it offered “internet advertising data coupled with hashed emails, cookies, and mobile location data.” That dataset contained 3.6 billion location coordinates, some logged at millisecond intervals, from up to 11 million mobile advertising IDs in Germany over a one-month period. The data was likely collected through SDKs (software development kits) embedded in mobile apps by developers who knowingly integrate tracking tools in exchange for revenue-sharing agreements with data brokers. Following this reporting, Wyden’s office demanded answers from Datastream Group about its role in trafficking the location data of US military personnel. In response, Datastream identified Eskimi as its source, stating it obtained the data “legitimately from a respected third-party provider, Eskimi.com.” Vytautas Paukstys, CEO of Eskimi, says that “Eskimi does not have or have ever had any commercial relationship with Datasys/Datastream Group,” referring to another name that Datastream has used, and that Eskimi “is not a data broker.” In an email responding to detailed questions from the reporting collective, M. Seth Lubin, an attorney representing Datastream Group, described the data as lawfully sourced from a third party. While Lubin acknowledged to Wyden that the data was intended for use in digital advertising, he stressed to the reporting collective that it was never intended for resale. Lubin declined to disclose the source of the data, citing a nondisclosure agreement, and dismissed the reporting collective’s analysis as reckless and misleading. The Department of Defense (DOD) declined to answer specific questions related to our investigation. However, in December, DOD spokesperson Javan Rasnake said that the Pentagon is aware that geolocation services could put personnel at risk and urged service members to remember their training and adhere strictly to operational security protocols. In an email, Keith Chu, chief communications adviser and deputy policy director for Wyden, explained how their office has tried to engage with Eskimi and Lithuania’s Data Protection Authority (DPA) for months. The office contacted Eskimi on November 21 and has not received a response, Chu says. Staff then contacted the DPA multiple times, “raising concerns about the national security impact of a Lithuanian company selling location data of US military personnel serving overseas.” After receiving no response, Wyden staff contacted the defense attaché at the Lithuanian embassy in Washington, DC. It was only after that, and on January 13, that the DPA responded, asking for more information. “Once additional information is received, we will assess the situation within the scope of our competence and determine the appropriate course of action,” the DPA said, according to Chu. The Lithuanian DPA told reporters in an email that it “currently is not investigating this company” and it “is gathering information and assessing the situation in order to be prepared to take well-informed actions, if needed.” If the Lithuanian DPA does decide to investigate and finds Eskimi in violation of GDPR provisions, the company could face significant consequences—including fines up to €20 millio
LOCATION DATA DATA BROKERS US MILITARY ESKIM GDPR LITHUANIA NATIONAL SECURITY
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
SpaceX Deal Boosts Shares Of U.K. Tech Firm FiltronicElon Musk’s SpaceX has awarded a contract to Filtronic worth $20.9 million, sending shares of the British telecom-equipment firm soaring on Monday.
Read more »
What the Tech: Valentine's Day tech gift ideasMontgomery, Alabama
Read more »
NASA Flight Tests Wildland Fire Tech Ahead of Tech DemoNASA is collaborating with the wildfire community to provide tools for some of the most challenging aspects of firefighting – particularly aerial nighttime
Read more »
Crab Tech Ready to Tackle Tech Glitches at Los Gatos Rotary's Crab FestLos Gatos Rotary's annual Crab Fest and Auction is set for February 1st. A volunteer team known as 'Crab Tech' will be on hand to assist attendees with any technical difficulties encountered while placing online auction bids. The event is the club's primary fundraiser, with all proceeds benefiting the Los Gatos Rotary Charities Foundation.
Read more »
Duncan Powell scores career-high 23 to help Georgia Tech beat Virginia Tech 71-64Duncan Powell scored a career-high 23 points and Georgia Tech snapped a four-game losing streak with a 71-64 victory over Virginia Tech. Powell, a junior, made 7 of 11 shots with three 3-pointers and grabbed six rebounds for the Yellow Jackets (9-11, 3-6 Atlantic Coast Conference). Javian McCollum had 16 points and four assists for Georgia Tech.
Read more »
Musk Questions Tech Giants' AI Commitment, Markets Climb on Tech OptimismElon Musk expressed skepticism about the tech giants' ability to meet their commitments to President Trump's new AI investment project. Meanwhile, the stock market hit new highs, fueled by tech sector gains and strong earnings reports. Investors are optimistic about the potential of AI, driving the performance of companies like Microsoft and Nvidia. Other news includes potential layoffs at CNN and NBC News, and lower-than-expected bookings for video game maker Electronic Arts (EA).
Read more »