A defense contractor that claims to have access to motor vehicle location data on a global scale says it wants to use that data to help U.S. federal agencies conduct more efficient spying and military operations.
The Ulysses Group, which offers “cutting edge operational and intelligence services, support, and equipment” to government clients, says it can “access over 15 billion vehicle locations” worldwide every month. This data, which can be viewed “historically” or in real-time, should be used operationally by U.S. agencies, the company says.
A document obtained by the office of Sen. Ron Wyden, which was first reported by Motherboard and shared with Gizmodo, shows Ulysses claims to be able to “remotely geolocate” cars in “nearly any country,” with the exceptions of Cuba and North Korea. In the document, the firm explains how this might be useful to a government agency:
The Ulysses Group provides telematics based location intelligence, in both real time and historical formats. The data can be used to geo-locate, track and target time sensitive mobile targets, tip and cue other sensors, develop patterns of life, identify networks and relationships, and enhance situational awareness among many other applications. ... Ulysses’ analysis, and existing access to bulk commercial telematics data, represents a revolutionary opportunity to collect and analyze real time data on mobile targets anywhere in the world without deploying into harms way – whether you want to geo-locate one vehicle or 25,000,000...
It’s been well-known for some time that as cars have become increasingly connected to the internet, they have also generated an ever-larger amount of data (this can include location, usage rates, internal media and communications preferences, external road conditions, and so on): Often, this data is being shared continuously with the automaker, with car-parts manufacturers, and sometimes with third parties. In recent years, there has been a race to sell and profit off this data, and a fairly complicated industrial ecosystem has emerged around it. A 2016 study by dreaded consulting firm McKinsey projects that, by the year 2030, the global revenue generated by car data may total anywhere from $450 billion to $750 billion.
At the same time, federal agencies have been enthusiastically hoovering up personal consumer data collected by private contractors like Ulysses, in an effort to augment their own surveillance and espionage operations. The Department of Homeland Security, the FBI, and countless other agencies have all been caught indulging in this trend. In the case of car location data, the spying capabilities it claims to provide are enormous, as Ulysses freely admits.
“Vehicle location data is transmitted on a constant and near real time basis while the vehicle is operating,” Ulysses states in the document. “We believe that this one attribute will dramatically enhance military intelligence and operational capabilities, as well as reduce the costs and risk footprint of ISR assets [intelligence, surveillance, target acquisition and reconnaissance] currently used to search for and acquire mobile targets of interest.” The company also notes that this data cache is only projected to grow: “By 2025 it is estimated that 100% of new cars will be connected [to the internet] at some level – each transmitted more than 25 gigabytes of data per hour.”
Ulysses, based in South Carolina, says it’s staffed by former military and intelligence officials and has been active since the early 2000s, according to the company’s website. Its president, Andrew Lewis, previously served in a number of high-level positions within the Department of Defense and other military positions. Online records show the firm contracted with the U.S. Special Operations Command (USSOCOM) between 2016 and 2017. The company also claims to have worked with a variety of other agencies, providing services related to drones, aerospace, and financial data. A version of the company’s website, captured by the Wayback Machine, from July 2019 reads:
Ulysses has won multiple DOD awards to conduct financial targeting and exploitation for the U.S. Navy, U.S. Army, and MARFORCYBER, including a 2016 - 2017 award by USSOCOM to serve as the only company that supported the command within the economic and financial warfare domain. Additionally, Ulysses has supported four different GEOINT focused contracts for NGA. Ulysses has a robust UAS vertical encompassing both fixed and rotary wing platforms that are designed and/or modified for operational use inhouse leveraging our rapid prototyping capabilities.
Maybe the worst thing about this whole story is that it’s not entirely clear where a company like Ulysses gets all its data from. Andrea Amico, the founder of Privacy4Cars told Vice that, due to the convoluted nature of vehicle data collection, there are a whole variety of sources where locations might be procured from: “the company that provides the map itself, for instance, would have access to it; the company that provides the infotainment system may have access to it; the company that provides the traffic data may have access to it; the company that provides the parking data may have access to it. Right there and then you’ve got five companies that are getting your location.”
A call to the Ulysses Group wasn’t immediately returned. A call to the Alliance of Automobile Manufacturers for commentary on this story didn’t garner a response either (the group represents the interests of car giants like Ford, Honda, Subaru, Hyundai, BMW, Chrysler and others, and has previously published a set of consumer data privacy guidelines for the industry). We will update this story if we hear back.