Location data from Dutch cell phones are being offered for sale by foreign data traders. With this it is possible to track the owner of a smartphone closely. Experts say this is an "extreme security risk" that has the potential to compromise national security. This is according to research by BNR, which obtained from data traders 80 GB of location data from millions of cell phones.
The list of potential targets is long, according to the medium. BNR was able to track, among others, a senior officer of the army. Thanks to data from the database of data traders, it was possible to trace his private address and visits to the Frederick Barracks. The latter is the headquarters of the Military Intelligence and Security Service (MIVD).
Furthermore, BNR discovered that 70 cell phones were registered at Huis ten Bosch, King Willem-Alexander's residential palace. At Volkel Air Base, where nuclear weapons are stored, 370 phones were counted. And at the headquarters of the National Police, the National Prosecutor's Office and Europol in Zoetermeer, some 1,200 people visited this location.
The dataset from which BNR's editors got their information was for sale through an online marketplace in Berlin. Trading platform Datarade.ai sells medical information and credit scores of Dutch citizens in addition to location data from cell phones. The data comes from the U.S.-based Datastream Group and Singapore-based Factori.ai. They in turn get this data from companies that collect and resell location data with users' permission, such as fitness and navigation apps.
By combining data from these and other (public) sources-such as the Land Registry or LinkedIn-it is possible to trace a person's home and work address. "This is an extreme security risk, with possible implications for national security," Ralph Moonen, technical director of Secura Cybersecurity, told BNR. "Really intense that this can be done like this," said Sjoerd van der Meulen, security specialist at DataExpert.
Aline Klingenberg, professor of educational innovation, data sharing and communications law at the University of Groningen, says the practices of Datastream Group and Factori.ai are "clearly illegal. According to her, personal data may only be resold if users have given 'informed consent' to do so. She doubts that this is the case.
Anouk Ruhaak, president of Stichting Databescherming Nederland (SDBN), also says the trade in mobile location data is illegal. She emphasizes that the data traders are also based outside Europe. The storage and retention of data of Dutch citizens is therefore prohibited, according to her.
The National Police Force leadership says it is aware of the problem and is "looking internally at what measures are appropriate to counter this. The Ministry of Defense said in a response that procedural and technical measures are being taken to counter any risks. The Department of Correctional Institutions (DJI) says it will investigate the consequences of selling mobile location data and what measures are needed to counter this.
Datarade, the platform from which BNR's editors bought the location data, emphasizes that it only acts as an intermediary and that data traders themselves are responsible for what they offer on the trading platform. "Of course we only allow legal content on our platform, as our terms and conditions state," she said. Affected parties who believe their rights have been violated can report it online to Datarade by filling out a Content Report Form.
