ORIGINAL: Australian political defence and government leaders are vulnerable to attack
Foreign states, including China, as well as terrorists and criminals obtain extensive data on Australian defence, security and political leaders with ease and increasingly, in real time. This poses an unacceptable security risk which will increase as geopolitical tensions rise.
The recent shootings of Minnesota representative Melissa Hortman and her husband are a chilling reminder that the tools of surveillance and targeting are not just available to foreign adversaries but to anyone with malicious intent. Notebook excerpts from the alleged shooter, Vance Boelter, and presented in a court filing show he used data brokers and aggregators to find the home addresses of his intended targets. Politico reports that police found the names of 11 registered data brokers in Boelter’s abandoned car after the shootings.
On an average day Australians are tracked nearly 500 times a day, as just one form of advertising technology–AdTech–broadcasts what a person in Australia is reading or watching, and where they are. This advertising model enables precise tracking and targeting of individuals and sells that information in an open market. The risks of data usage in conflict has been acknowledged for years, but remains unaddressed.
AdTech is active on almost all websites and apps. One type, known as real time bidding (RTB), is an online auction. It is an invisible, instantaneous and automated process, happening in the microseconds that a webpage or app loads. It broadcasts personal and sensitive data–including geolocation data–about Australians, without security measures to protect the data to facilitate the bidding for advertising.
RTB happens billions of times a day. The many players in the auction get the data (even if they don’t purchase the advertising). Australians are exposed in this way 3.7 trillion times a year and that might be the half of it–figures from Amazon and Meta are not available. It is a profitable business model that siphons and resells the data. The way the data economy functions is an inherent security flaw and a national security problem that simply cannot be overstated.
Possible data harvesting from TikTok, DeepSeek and Chinese EVs has sparked significant concern globally. While it makes surveillance easier, foreign powers and malicious actors don’t need custom-built apps to surveil our political and defence leaders, or commit the rising threat or espionage and foreign interference ASIO’s Director General warned of this year. They just need widely available advertising data. We now have evidence of how it will be weaponised as geopolitical tensions and global uncertainty increase.
A recent research paper shows how data about Australian defence personnel and political leaders flows to foreign states. I’ve been warning about this for a long time, detailing the risks in my book, Big Data, Emerging Technologies and Intelligence, National Security Disrupted, published in January last year.
Defence and intelligence personnel–and even politicians–are people too. Just like the rest of us, they binge watch Netflix, workout and shop online, leaving a digital trail that creates a dossier of information.
Foreign states and non-state actors can use this data to spy on individuals’ movements, financial problems, mental health and intimate details, such as if they have experienced sexual assault. Even if individuals use secure devices, data about them will still flow from personal devices, their friends, family and contacts. This exposes individuals and organisations to severe security risks. There is evidence partners and children are already targeted.
We now know that Australian defence personnel and national leaders are being actively categorised and targeted using RTB data. As the Minnesota shootings show this represents a a genuine threat to legislators. In conflict, this will be more acute.
As global tensions escalate, advertising data will be used to target defence, intelligence and government leaders and institutions for espionage, foreign interference, or to dox individuals and pressure political change. Companies, leaders and supply chains will be vulnerable too. As will their spouses and children.
Data protection is not just a matter of personal privacy but of national security and resilience. Disrupting the pervasive data economy would reduce serious security vulnerabilities and uplift privacy protections for all of us. It would also reduce the growing threat of algorithmic influence and foreign interference capacity inherent in our current technology ecosystem.
National Cyber Security Coordinator, Michelle McGuinness told me; it is not possible to make cyberspace secure without meaningful privacy protections. Australia’s Privacy Commissioner, Carly Kind, concurred; “vulnerabilities in technical systems and excessive data collection create risks to cyber security and physical security as well.”
No single group should have unlimited or unregulated access to our data and how we feel and react, as I have written previously. Currently, data is easily available to aggregate, analyse and exploit to anybody willing to pay for it, including foreign states, for any purpose.
We need urgent action on tranche 2 of privacy reform to address the issue. There’s a myth that carveouts are technically possible, or practically feasible. In reality, we protect all of us, or none of us. Yet, it is possible to create different kinds of digital infrastructure to rewire technologies to protect privacy and enable digital advertisingthat doesn’t “throw us to the wolves’. Indeed, it is necessary to do so.
Without strong privacy protection and rewiring technologies to reflect democratic values, our political, defence and government leaders are vulnerable to attack now. This will only worsen as geopolitical instability, and the likelihood of conflict increase.
