Is User Data Sold by Google Being Purchased by Killers?

A digital pipeline of money and data from Google to Russia.

Russian “AdTech” companies harvest American and European User Data obtained from Google for incredibly accurate information on who, and where, we are.  The personal risks to internet users everywhere are deadly serious. 

It is difficult to state that any person intentionally places another in harms’ way.  But proven business practices do strange things to the rhetoric of morality.  The profits from big data certainly explain the sophistry that justifies an outright sale of information by a media company that can identify who you are, where you live and what you are doing right now. 


Is this data being used to target and kill people? 

According to a former head of both the CIA and NSA: 

“absolutely”.


The business of selling user data has been a core practice supporting programmatic advertising for decades.  It remains the core revenue source for the publicly-listed Alphabet, Inc., parent company of Google, which also owns one of the leading AI research labs known as DeepMind.

For advertisers, the data found in the surface content of basic user information, known as ‘metadata’, is vital to targeting mass ads for the right products to the right consumers surfing the web.  But as data collection on internet users has become more complex over the decades with use of user tracking code, known as ‘cookies’, much more detailed information on populations of consumers can be extracted, allowing advertisers to more specifically target their ads to more likely customers. 

A Brief Background

The internet and the world wide web are an economy.  From its earliest days, the internet’s primary asset has been user data that is exchanged for ‘free’ access to information. 

Advertisers are the intended beneficiaries of this user data, allowing web-site publishers to sell advertising space and to generate revenues.  The internet search engine has always been the primary processor and depositary for this user data, and its most successful broker.

The generally free use of websites across the internet, including search engines, comes at the price of the data that Google, and others, can extract from users.  With the use of increasingly sophisticated artificial intelligence models trained to infer, interpret and predict internet user behaviour, that data becomes attractive to more than just advertisers.

Sundar Pichai
Sundar Pichai, CEO of Alphabet, Inc. Image credit: Matt Winkelmeyer/Getty Images for Wired25.

The implications for such information falling into the hands of bad actors has been at the forefront of concern for national security and law enforcement agencies for as long as Google has been selling it. 

The rise of AI models that can sift through and analyse that data, including those developed by government intelligence organisations, have increased the utility of that user data to menacing levels.   

With the sudden popularity of AI models such as ChatGPT, which is ‘trained’ on nearly all data publicly available over the internet, it is clear that such AI technology is now openly in the hands of anyone willing to use it. 

In an interview published in 2020, Vivienne Artz, Chief Privacy Officer at Refinitiv contributed to an extensive discussion on the power that is now generated by that data.

“The value transaction between what individuals get i.e., a free service, and what the entity hoovering up the data gets, are seen to be oceans apart.  […] That value transaction had worked for a long time until it was realized these big companies have more money than many economies in the world.  That’s how profitable the data opportunity is.”  Artz is quoted as saying.

Vivienne Artz, OBE
Vivienne Artz, OBE, Chief Privacy Officer for Refinitiv. Courtesy: Refinitiv.

User data collected through web browsers on computers and mobile devices is made available through a process known as real time bidding, or ‘RTB’, over a mechanism operated by Google known as a ‘bidstream’ to support programmatic advertising that is central to the business models of most retail, social media and publishing companies.

But advertisers are not the only consumers of bidstream data. 

“There are lots of companies offering cross device graphs which can take the cookie ID, which is attached to the bid request that can be translated into a real person’s name, email address and address. Most people don’t know this but essentially everyone’s entire browsing history is being transmitted all the time and, if someone wanted to do, it can be linked back to a person.”  Prash Naidu, Founder & CEO, Rezonence as quoted in that same discussion. 

See Citi GPS:  Global Perspectives & Solutions extensive briefing on ePrivacy and Data Protection, July 2020 (read the full briefing here).

The Bidstream

No other company on the planet is more associated with the collection and dissemination of personal data supporting the advertising industry than Google, who’s publicly-listed parent company, Alphabet has a market capitalisation of ~ US$1.3 trillion and annual revenues of over US$282 billion in 2022.

The data used by advertisers to target particular consumers is profitable to Google due to how widespread the participants in its bidstream data channel are.  Participation in bidstream is so widespread that it can be very difficult to monitor who is actively looking for what information. It is this widespread nature of the participants that benefit those with little interest in commercial advertising.  With advertising revenues now under pressure, these other participants contribute an increasing percentage to Google’s profits.

In a formal letter dated July 31, 2020 and reviewed by the Media C-Suite, ten members of the US Congress urged the Chairman of the US Federal Trade Commission (FTC) to do more to protect Americans from bad actors obtaining detailed personal information on every aspect of their lives.

The letter states:

“Few Americans realize that companies are siphoning off and storing that “bidstream” data to compile exhaustive dossiers about them.  These dossiers include their web browsing, locations, and other data, which are then sold by data brokers to hedge funds, political campaigns, and even to the government without court orders. [ … ] companies are participating in RTB auctions solely to siphon off bidstream data, without ever intending to win the auction and deliver an ad.”

The letter asserts that, “Americans never agreed to be tracked and have their sensitive information sold to anyone with a checkbook.” 

Read the full letter here.

The extent of Google’s involvement in user data transmission to potentially harmful actors in Russia, China and elsewhere is detailed in an exhaustive report by Adalytics recently released online.

According to this report, fully supported by published evidence, Google continues to provide Russian ad tech companies with information on every internet user who has accepted a cookie on their computer or mobile phone, including who that user is and where they are at any given moment while online. 

See the full analysis here.

This was also reported on in detail by Pro Publica on July 1, 2022, reporting that as recently as June 23, 2022, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company Rutarget, also known as Segmento. Rutarget/Segmento is owned by Sberbank, Russia’s largest State owned bank, which is also under U.S. sanctions. 

See the Pro Publica article here.

But just how dangerous is this data?

In a formal letter to Alphabet dated February 25, 2022 and reviewed by the Media C-Suite, Senator Mark Warner (D-Va) addressed the serious risks that Google’s data sales networks pose in terms of how Russian actors make use of that data. 

U.S. Senator Mark R. Warner.
U.S. Senator Mark R. Warner, D-Virginia. Courtesy: U.S. Senate.

Speaking in the context of Russia’s invasion of Ukraine, Senator Warner, who sits on the Senate Intelligence Committee, stated that Google’s sale of data to Russia serves as a vector for “a wide range of scams and frauds that opportunistically exploit confusion, desperation, and grief. […, thus allowing ] malign actors – including, notably, those affiliated with the Russian government – to not only spread misinformation, but to profit from it.”

Read the full letter from the Senate here.

Actionable Intelligence Source

Material leaked by Edward Snowden in 2013 on the data collection and surveillance techniques of the US National Security Agency, or ‘NSA’, provided considerable insight into what bad actors in Russia may be doing today with information purchased from Google. 

Edward Snowden
Edward Snowden in 2013. Image: Barton Gellman/Getty Images.

The extent of data available via Google’s data sales network on nearly every user of the internet, whether through a computer at their desk or the mobile while on the move, can rival information collected directly by highly sophisticated electronic surveillance methods deployed by State security agencies such as NSA or the UK’s equivalent, GCHQ. 

In an article published on November 1, 2013, the Guardian reported that the NSA itself made use of information available through Google’s data sales networks for everything from identifying a person of interest to tracking a target’s exact location. 

An internal NSA slide presentation leaked by Edward Snowden and published by the Guardian asserts that this type of data was the NSA’s biggest single contributor to surveillance reports. 

See the full slide presentation here.

Snowden’s disclosures indicate that data from Google has been critical to State surveillance programmes for decades.  The documentation reviewed by the Media C-Suite does not indicate how the NSA or other State agencies obtained such data from Google.  However, such organisations are not prohibited from setting up companies that register and monitor bidstream data for reasons other than advertising. 

According to an article in the Washington Post published on December 10, 2013, the NSA used Google’s data collection infrastructure to “identify targets for offensive hacking operations.” 

See the full article here.

Edward Snowden posing with NSA Head Michael Hayden.
Snowden with Michael Hayden, then Director of NSA at a gala in 2011. Courtesy: Wired.

Former NSA General Counsel Stewart Baker is quoted as saying in 2013 that “metadata absolutely tells you everything about somebody’s life, if you have enough metadata you don’t really need content.”  See, the quote here

During a debate at Johns Hopkins Foreign Affairs Symposium on April 7, 2014, General Michael Hayden, former director at both NSA and the CIA, responding to this quote, affirmed that this is “absolutely correct.”  See the full debate here.

“We kill people based on metadata.”  He then added.

General Michael Hayden.
General Michael Hayden, the only person to sit as Director of both the CIA and NSA. Pictured being sworn in as Director of NSA in 2006. Image credit: Chip Somodevilla/Getty Images.

Is it possible that bad actors in Russia and other countries do not?

The more pertinent question, perhaps, is how do ordinary internet users protect themselves against Google’s paying customers?

Some may ask ChatGPT. 

Many will likely just ‘Google’ it.

Leave a Reply

Previous Story

Golf’s Power Drive into Media Disruption

Next Story

Big Investors Eye Media Shakeup in Three Crucial Areas