The world is rapidly evolving into a surveillance society where every citizen is monitored up to the second in all their activities, with large-scale experiments in behavioural influence.

One of the organisations investigating this phenomenon is Cracked Labs.

Cracked Labs: Pervasive identity surveillance for marketing purposes
In February this year Cracked Labs announced their report on personal data processing by adtech company LiveRamp (previously ‘Acxiom’), more specifically LiveRamp’s “RampID” identity graph system. They write:

The report specifically focuses on LiveRamp’s identity graph systems, which maintain and constantly update comprehensive identity records about whole populations: people’s names, the addresses where they live, the devices they use, their phone numbers and email addresses, and people they share a household with. LiveRamp assigns every person a unique proprietary identifier which is tied to other identifying information about the person and serves as a “universal identifier” in the broader data and adtech industry. Many businesses utilize this data to recognize, track, follow, profile and target people across the digital world. While LiveRamp’s identity surveillance technology makes heavy use of pseudonymization, it facilitates the exchange of personal data across databases and companies billions of times every day. The findings of the report suggest that LiveRamp’s intrusive data practices may disproportionately affect the rights and freedoms of millions of people in the UK, France and in other countries.

Netzpolitik wrote an article on the report, Data company maintains “private population register”.

These data collections by adtech companies and other data brokers are a risk to every person, not just vulnerable groups. The data is used by criminals and other parties with bad intentions. Governments also buy personal data from adtech companies, read for instance the article The US Is Openly Stockpiling Dirt on All Its Citizens (Wired) [*].

Open Rights Group complaints
Based on the results of the investigation, Open Rights Group has filed complaints with the UK and French privacy authorities (the Information Commissioner’s Office [ICO] and the Commission Nationale de l’informatique et des libertés [CNIL]). According to their announcement the key concerns are:

• LiveRamp still seems to process personal data without a valid legal basis;
• LiveRamp deployed ‘security measures’ that do not seem to protect individuals’ rights or improve data security throughout the online advertising supply chain;
• LiveRamp systems are more intrusive and pervasive than previous adtech technologies. As LiveRamp processes both online and offline personal data, it does not only knows your online browsing habits but also your home address and the people you live with;
• LiveRamp systems operate in the background, and their functioning is difficult to observe even for technical experts. This makes these systems less transparent and more difficult to understand for individuals, who are being profiled without their knowledge.

We are going to see whether initiatives like this are going to prevent the emergence of a de surveillance society

[*] There is concealing talk by governments of ‘OSINT’ (Open Source Intelligence), of which ‘CAI’ (Commercially Available Information) is part, read my blog.

More information:

Cracked Labs:

• the announcement: Pervasive identity surveillance for marketing purposes, A technical report on personal data processing for LiveRamp’s “RampID” identity graph system based on an analysis of software documentation with a focus on Europe, February 2024.
• the LiveRamp report, pdf: A technical report on personal data processing for LiveRamp’s “RampID” identity graph system based on an analysis of software documentation with a focus on Europe. A report by Cracked Labs, commissioned by Open Rights Group, February 2024. Authors: Wolfie Christl, Alan Toner .

Netzpolitik:

• article: Datenfirma unterhält „privates Bevölkerungsregister“. LiveRamp, 1 March 2024.

Open Rights Group:

• announcement: ORG submits complaints about intrusive LiveRamp adtech system, 28 February 2024.