IntSum – Week 35 | 29th August – 2nd September 2022

Key Issue: Location data broker Kochava sued for selling sensitive geolocation data
Cybercriminals: Ransomware groups continue targeting the aviation sector
Nation–State: Nation–state actors continue to launch highly targeted campaigns

KEY ISSUE:
The US Federal Trade Commission (FTC) has filed a lawsuit against US–based geolocation data (geodata) broker Kochava for selling the sensitive information. The company claims to have amassed 35 million daily active users, as well as carrying out 94 billion geo–transactions each month.

Kochava provides a subscription–based service, in which clients pay USD 25,000 to access the collected geodata. The lawsuit intends to halt Kochava’s data collection and force the company to delete existing records, in what the FTC has deemed as a
mass surveillance campaign. Geodata could be used to monitor mobile users, establish profiles and patterns of behaviour.

Depending on the motivations of the individual buyer, geodata could be used for stalking, discrimination, unlawful arrests, loss of employment, and physical violence. Previously, it has been used by governments to monitor political dissidents, activists, and other people of interest. We assess that this lawsuit if successful could see the US government enact control over an activity undertaken by a private entity that it itself takes part in regularly. However, ensuring this divide between government and private corporation geo–tracking is also likely to assist in preventing the information’s nefarious use.