Adtech marketplaces: The gateways into your data (and just about everything else)

Hi, Friends —

✰ Welcome to [our digital disco]!

Each time we interact with a digital device, we generate data that builds upon a digital portfolio of us as individuals. Today we’re exploring one particularly lucrative domain in this data & surveillance sphere: adtech.

P.S. The data your apps collect isn’t as anonymous as you’re told. 

See “Snacktime” for my misc thoughts of the week. You can also read my last [disco] here.

Let’s talk about adtech.

Adtech has come under increasing scrutiny in recent months.

Adtech (advertising technology) leverages the extensive data generated by everyday mobile device users. Businesses such as Apple and Google meticulously track this data, including demographic data, browsing habits, and precise location. This data is anonymized, then sold on an open market—presumably to advertisers to customize ads just for you.

Yet as it turns out, this data isn’t actually anonymous. It can be used to monitor phone users all around the world… and advertisers aren’t the only buyers.

One privacy and intelligence leader, Mike Yeagley, has been speaking to leaders in DC about how this data can be used to track the movements of individual people—including personnel at the Pentagon and national security agencies. According to Wired’s Byron Tau, “[Yeagley’s] aim was to show that buried in the seemingly innocuous technical data that comes off every cell phone in the world is a rich story… and national security agencies had employees who were recklessly, if obliviously, broadcasting intimate details of their lives to anyone who knew where to look.”

How have we gotten here? And how is there an entire business buying and selling our data, that can be used to track personal information about each one of us? To better explore these questions, we need to dive into the business of adtech.

How does the adtech industry work?

• Mobile applications, such as dating apps, weather apps, maps, search engines, and more, gather data including your precise location, demographics, and habits.

• These apps sells this data on an “ad exchange”—a special marketplace for advertisers to buy data about you, which they use to feed you custom advertisements.

• “Programmatic advertising” is the automated buying and selling of digital advertising space in real-time through a bidding system, allowing advertisers to reach their target audience more efficiently. The rise of AI/ML has made this type of advertising more efficient and profitable, and driven its wild demand. Take Google, for example: In 2023, 77.8% of Google's revenue came from advertising.

Imagine this: 

• You have a weather app that tracks your real-time location, and your TikTok account determines that (based off your preferences) you’re a 25-30 y/o female who enjoys travel and luxury goods. On a data marketplace, this data—your real-time GPS location, your demographics, your preferences—can be bought by advertisers, who then pay to post luggage brand ads across your browser and within your apps.

• While your information may be an anonymous data bundle within the marketplace, enough data together serves as your digital fingerprint. In other words: If the purchaser knows your IP address (the device you use), along with where you live (geolocation data at night) and work (geolocation data during working hours), who you spend time with (other users sharing your geolocation), and your habits, preferences, and goals… they know you.

• It gets worse. Data marketplaces allow about any buyer to participate. This means your data is also bought non-advertising entities. If you happen to be a criminal, this could be considered good (for society, not you)—intel agencies can build a persona about you and cease your next malicious plans before you act. If you happen to be an everyday person? Less good. You could be surveilled without good reason, whether by a government (your own or another), cybercriminal group, or harmful individual.

• Some stats: The global AdTech market was valued at $987.52 billion in 2023. It’s expected to grow at a compound annual growth rate (CAGR) of 16.1% from 2024 to 2030.

Why has adtech become so lucrative?

• Companies recognized the potential for targeted advertising and measurable ROI (return on investment) offered by digital ad tech solutions.

• Advancements in technology, such as real-time bidding (RTB) and data analytics, made it possible to automate ad buying and optimize campaigns at scale, appealing to advertisers looking for efficiency and effectiveness.

• The proliferation of mobile tech & rise of social media expanded the reach of digital advertising, attracting both supply (mobile apps) and demand (advertisers). It also helped shift advertising budgets from traditional (TV commercials) to digital channels (banner ads), creating a new market opportunity.

• The competitive landscape was fueled by the entry of major players like Google, Microsoft, and Yahoo, who made strategic acquisitions and investments to strengthen their ad tech capabilities, driving innovation and competition.

What is the impact of adtech on national security & intelligence?

A brief history lesson: In 2013, infamous whistleblower Edward Snowden exposed the widespread surveillance practices of U.S. intelligence agencies, including the illegal tapping of internet choke points to collect data. Increased encryption has since rendered these methods less effective. As a result, intel agencies face challenges in directly collecting data (e.g., from advertisers, mobile carriers, cell towers) due to the prevalence of encrypted traffic and the need for warrants. (But… there’s more to this story. Check out the latest updates to intelligence gathering legislation here.)

Meanwhile, the private sector has been collecting much of this same data… and selling it to any buyer willing to pay. The internet has created new reservoirs of data, built to profit off the sale of data (and therefore, permit surveillance). Companies, governments, and other actors can simply buy private data, rather than needing a warrant or to hack into a phone to get it.

A shift began in the mid-2010s as government agencies increasingly purchased data directly from commercial entities. The use of advertising data as intelligence (“ADINT”) has emerged as an intelligence-gathering method due to the wealth of data generated by commercial adtech & bidding systems. Think of advertising data like a door: a buyer can legally purchase the data, then use it to work backwards and identify the person associated to it. So much for anonymous.

The vast network of advertising technology represents the most extensive information-gathering entity devised by humans, crafted not by the government but by commercial forces. 

Yeagley's work showcased the potential of ADINT in identifying targets and gathering intelligence, leveraging the vast amounts of data available through advertising networks. The integration of ADINT into intelligence practices highlights the evolving nature of data collection methods. It also raises a massive threat: the same tech can be used against innocent individuals.

• Pros: The Pentagon's use of adtech for national security purposes can allow agencies to tackle threats much faster. This data, paired with AI/ML, can help identify patterns and halt potential threats. In the case of the Russian-Ukrainian war, for example, applications have included detecting unusual movements of Russian military assets, identifying suspicious online activities related to cyberattacks, & tracking propaganda campaigns targeting Ukrainian populations.

• Cons: This data can easily fall into the wrong hands. Researchers at Duke University recently highlighted the alarming ease with which brokers (data sellers) transact sensitive information about U.S. military personnel, presenting a significant threat to the personal safety of these individuals, their families, and national security overall. Shockingly, U.S.-based data brokers are peddling this information for as little as $0.12 per record, raising serious concerns about the privacy and safety of military personnel and their families. This is just one example; data could be abused by a variety of parties, whether the government of the user, an adversarial government, or otherwise.

So… why is data brokering still legal?

Data brokering is the collection and sale of digital, personal information. As the internet advanced, more aspects of our lives became digitized, creating a vast landscape of data that could be harvested and exploited. Data brokers operate within legal bounds in many countries, including the United States, where regulations have struggled to keep pace with technological advancements. Data brokering has thrived in an environment marked by lax regulations.

Looking ahead, the absence of robust regulatory frameworks poses a continued risk. The challenge lies in striking a balance between leveraging data for beneficial advancements while mitigating potential harm. There have been a number of legislative efforts presented to help mitigate data brokering spanning across the Federal Trade Commission, Congress, and individual states. However, no comprehensive bill has been passed in the U.S. to prevent illegal use and sharing of sensitive consumer data and address evolving data broker practices.

☞ Let’s take a step back.

The concerns about our adtech industry go in hand with debates about the rise of surveillance states—governments that gather information about their citizens to maintain control and detect potential threats.

The adtech industry is just one instance of a large data pool that governments (and others) can tap into without protective legislation. Modern car tires, for example, emit radio signals to track air pressure… signals which could be tracked to monitor your car’s location. Facial recognition systems are abundant in private and public locations, and human rights organizations continue to fight for them to be banned across jurisdictions. (Check out this piece about how the pharmacy Rite Aid was recently banned from using facial recognition tech for abusing the tech, resulting in privacy concerns and race- and gender-related discrimination.)

It's crucial to realize that when we use technology, this data is likely being sold without our consent and may end up in the hands of the wrong person. Each time we interact with a digital device, we generate data that can be used to track us or build a portfolio of us as individuals online. We should take precaution when accepting to give up our data freely and check our digital devices to abstain from giving up location and other private data when we can.

How can I protect some of my data?

• Turn off location services: Disable location services on your phone when you don't need them. Limit access to location data unless it's essential for an app's functionality.

• Review permissions: Regularly review and adjust the permissions you've granted to apps and general settings on your phone.

• Updates and patching: Regular updates and timely security patches are essential for maintaining the security of any device or messaging app. Both Android and iOS receive updates, so watch for these and make sure to keep your devices updated.

• Network and IP address: Depending on how you connect to the internet (e.g., using public Wi-Fi or a VPN), your IP address may be associated with the activity. Advanced tracking methods can link your activity to your IP address. To protect your IP address, look into getting a VPN, using Tor (a web browser that blocks tracking), or using a proxy server. If you want to read more about data & surveillance, I highly recommend Means of Control: How the Hidden Alliance of Tech and Government Is Creating a New American Surveillance State (Byron Tau) and The Sentinel State: Surveillance and the Survival of Dictatorship in China (Minxin Pei).

Snacktime

📓 Reading: The inside story of the 8 Google Employees Invented Modern AI 

♬ Listening to: Polo & Pan’s Nanã

✰ Thinking about: Time-wasters and time-givers. This week, I am tracking the things I do within each hour of the day, in attempt to i) have fewer things in each hour (less task-switching) and ii) to keep track of what is wasting my time, as well as how each activity gives or sucks up my energy. It’s been a time-consuming, yet illuminating, activity. Highly recommended.

✿ As always — any and all feedback is welcome!