为了将自己的“霸凌”行为合理化,这位美国总统和他的拥趸们将国家安全和个人信息泄露当成了借口。然而,一家名不见经传的美国小公司似乎扯下了这块“遮羞布”。
screenshot via WSJ
当地时间8月7日,《华尔街日报》的一篇报道中写道,一家与美国国防和情报界有联系的美国公司Anomaly Six LLC将其软件植入到数百款移动应用程序中,使这些软件能够追踪全球数亿用户的位置数据。互联网公司收集并买卖用户数据并不罕见,但这家公司却有些特殊,Anomaly Six公司位于美国弗吉尼亚州,它的两位创始人均为拥有情报工作背景的美国退伍军人。Virginia-based company Anomaly Six, founded by two U.S. military veterans with a background in intelligence, has embedded its software in more than 500 mobile apps, allowing it to track the movements of hundreds of millions of mobile phones worldwide, according to The Wall Street Journal. Several law enforcement agencies are using such data for criminal law enforcement, while numerous U.S. military and intelligence agencies also acquire this kind of data, the report said.2018年的一场官司,把这个公司的秘密揭露到人前。原来,Anomaly Six的两位创始人都曾供职于另一家专门从事电子监控公司,Babel Stree。Anomaly Six的创始人之一是美国前陆军反间谍官员布兰登•赫夫,曾负责处理与国防部的关系,同时为许多其他国防承包商工作。而另一位创始人杰弗里•海因茨也曾在美国陆军服役,负责处理Babel Street与司法部、美国网络司令部、民间联邦机构和情报机构的关系。Babel Street公司曾推出过一款名为Locate X的产品,其主要功能包括从消费者应用程序中提取数百万用户的位置记录。赫夫与海因茨从Babel Street离职后自行开发了同款竞品,于2018年被老东家告上法庭,这场官司最后以和解告终。
一些附加知识点:
根据2018年的法庭记录,Locate X是根据美国政府官员的意见开发的,后被美国军事情报部门广泛使用,他们致力于收集“开源”信息。美国联邦合同数据显示,Babel Street还与美国国土安全部、美国司法部和许多其他民间机构签订了合同。
《华尔街日报》上月的一篇报道曾揭露,作为美国陆军项目的一部分,美方的学术研究人员能够使用Babel Street的软件监控俄罗斯军事设施中设备的移动情况。
Two founders of this company, Jeffrey Heinz and Brandan Huff, are both Army veterans and work for another Virginia company specializing in electronic surveillance, Babel Street. Huff, a former counterintelligence officer, handled Babel Street’s contracts with the Defense Department, while Heinz oversaw the Justice Department and U.S. Cyber Command.Government entities, including the FBI and the U.S. Army, have paid millions of dollars in federal contracts with Babel Street, but the terms of these contracts have never been disclosed.A lawsuit filed in 2018 by Babel Street alleged Anomaly Six had developed a new product to compete with Locate X. The suit was settled on undisclosed terms in 2019.而后,Anomaly Six继续“深耕”信息收集。
《华尔街日报》引述该公司的营销材料称,Anomaly Six已经在超过500个应用程序上安装了其专有的SDK工具包。只要消费者允许包含该软件的应用程序访问手机的GPS坐标,Anomaly Six就可以通过SDK获得手机的位置信息。Anomaly Six通过出售这些数据信息盈利,并将一部分收入支付给应用程序开发商。而对于用户来说,“应用程序中是否嵌套了SDK”这样的信息,不会出现在美国大多数的隐私条款里。不仅用户们不知情,美国法律上对于买卖用户位置数据的规定也少得可怜。至于政府层面,虽然该公司否认其向美国政府提供了这些数据,但它确实与联邦机构签署过“非机密但保密”的合同。Anomaly Six earns money by selling the data collected within its location data SDK. For users, information such as "whether an SDK is embedded in your application" does not appear in most privacy policies in the U.S. and there are few government regulations in the app market.Moreover, Anomaly Six, as a federal contractor, denied providing the data to the U.S. government, despite holding what it described as “unclassified but confidential” contracts with federal agencies.像Anomaly Six和Babel Street这样的公司在美国还有多少?他们在全世界范围内监视着多少人?但结合特朗普政府迫不及待对微信和TikTok发起的攻击,是时候复习一下中国外交部发言人华春莹在推特上的回应了:“Talking CLEAN while doing DIRTY. How ironic!”英国冒着“惹怒特朗普”的风险,为TikTok铺开了欢迎的红地毯