No One is Safe From the Data Brokerage Industry
Technology Policy Brief #61 | By: Scout Burchill | August 13, 2021
Header photo taken from: Minc Law
Follow us on our social media platforms above
Browse more technology policy briefs here
Photo taken from: Avast
Policy Summary
[SSB theme=”Official” align=”center” counter=”true” ]
While you may not be familiar with the shadowy world of the data brokerage industry, there’s a good chance that it knows a lot about you. Data brokers are the unsavory middlemen in our rampant, unregulated surveillance economy. In short, they collect, purchase and aggregate our personal data from the smartphone applications we use and then refine, re-package and sell it for profit. A recent scandal involving the outing of a closeted Catholic priest validates critics’ worst fears about this predatory industry: no one is safe.
Monsignor Jeffrey Burrill, the former secretary general of the U.S. bishop’s conference, resigned from his post in late July after a little known Catholic newsletter by the name of The Pillar used commercially available location tracking data from Grindr, a gay dating application, to trace, identify and ultimately out Burrill.
Although app signal data does not identify the names of users, each mobile device is identifiable by a unique numerical identification number that can be used to unmask the identities of individuals. To identify Burrill, The Pillar cross-referenced the Grindr location data it got a hold of from a “data vendor” with other publicly available information and were able to correlate his Grindr locations with other places known to be frequented by Burrill, such as the Catholic Bishop staff residences, Burrill’s family lake house, the homes of Burrill’s family members, and Burrill’s own apartment.
As The Pillar puts it, “app data signals correlated to Burrill’s mobile device shows the priest also visited gay bars and private residences while using a location-based hookup app in numerous cities from 2018 to 2020, even while traveling on assignment for the U.S. bishops’ conference.”
Whatever opinion you may have about Msgr. Burrill’s private actions in relation to his public position, this affair exposes the Big Lie of the surveillance economy: that all the information companies collect on us is anonymous. The truth is, any actor with the wherewithal to do so can use so-called anonymous data to track the movements and unmask the identity of any individual.
Photo taken from: The New York Post
Policy Analysis
Currently, Americans couldn’t be in a more lopsided relationship with digital brokerage companies. The digital traces we leave in our wake after family outings, first dates, financial hardships, personal milestones, and intimate conversations are voraciously gobbled up and harvested by these digital vultures for any number of questionable ends. This granular and highly personal data of both our past and present can easily be weaponized against us, and the truth is, there is very little we can do about it. In fact, there is not one single comprehensive federal law on the books that safeguards the digital rights and privacies of Americans. As long as federal privacy protections are left neglected by lawmakers, our civil liberties, rights to privacy and even our national security will be left to the whims of the worst actors imaginable.
The data brokerage industry represents the murky and secretive underbelly of the surveillance economy. At the heart of this sordid industry is a central contradiction. To consumers and regulators, tech and data companies claim the data they collect, store and sell is anonymous. However, large data brokers also tout the accuracy and detail of the data sets they sell, which contain information on millions, and even billions of people. Look no further than a 2013 Senate report on the dangers of the data brokerage industry to see how this data is marketed in incredibly disturbing ways. For example, say you run a payday loan company and are looking to target poor, rural Americans with advertising for your highly exploitative services.
You would probably want to purchase the “Rural and Barely Making It” data set from a reputable data broker. But why not also purchase the “Ethnic Second-City Strugglers” data set as well, to really break into those poor, urban communities beset with decades of disinvestment and racial disparities? The point is, the more data points and details a brokerage can offer on income level, race, gender, marital status, or online behavior, the better the product.
Photo taken from: The New York Times
This is where the idea that this data is anonymous becomes totally untenable. A 2013 study found that location data was often more than enough to ‘de-anonymize’ individuals from a data set. Researchers studied 15 months of human mobility data from 1.5 million people and were able to uniquely identify 95% of the individuals! This means that even the coarsest data sets providing only rough location and time information provide little anonymity.
In fact, in February the New York Times used smartphone location data collected by apps to identify individuals who stormed the Capitol on January 6th. The piece reads, “While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance.
In one instance, three members of a single family were tracked in the data.” Whatever you may think of this kind of reporting, it is easy to imagine a not so distant future in which anonymous sources pay for and hand over data to journalists in order to undermine political, social or business rivals. Even the authors of the New York Times piece stress their deep concern about the perils of “the advertising infrastructure that undergirds unchecked corporate data collection.”
Photo taken from: CSO Online
But let’s zoom out even further. It’s not just predatory companies, journalists and individuals with personal vendettas who can weaponize this data. American law enforcement agencies, the Department of Homeland Security, the FBI, and the U.S. military routinely use this data to track, monitor and gain intelligence on American citizens as well as foreign nationals. The U.S. military receives a lot of personal data from a Muslim prayer and Quran app, according to reporting at Motherboard. The Department of Homeland Security uses cell phone location data to track undocumented people and deport them. Police departments also use these databases in tandem with social media mining programs to track protestors, activists and citizens. Contracting through unscrupulous data brokers allows our domestic institutions and agencies to both sidestep democratic accountability and evade their constitutional responsibilities.
Although this industry directly affects our lives and freedoms just as much as the Big Tech giants, the names of even the top players in the data brokerage industry are virtually unknown to the wider public. When was the last time you heard of Venntel, who supplies cell phone location data to the FBI, or Oracle, Acxiom, and CoreLogic? Probably never, but your representatives on Capitol Hill probably have. According to reporting by The Markup, 25 data brokerage companies spent upwards of $29 million on lobbying in 2020, rivaling even the Big Tech money machines. Oracle, the biggest spender of 2020 by far at close to $10 million, is notorious for promoting its products and services to the Chinese government and other repressive regimes, often by marketing its successful usage by American law enforcement agencies.
The bottom line is that the data brokerage industry represents a clear and present threat to civil liberties, personal privacy, and the health of American democracy. The federal government must step up to safeguard the rights of Americans from the excesses and dangers of the surveillance economy. The good news is that American lawmakers can look across the pond to existing frameworks for guidance. In 2018, the European Union implemented sweeping data protection laws dictating how personal data can be processed and transferred. It’s about time that American lawmakers start playing catch up.
Engagement Resources
Click or tap on image to visit resource website.
Ban Surveillance Advertising:
https://www.bansurveillanceadvertising.com/coalition-letter
International Coalition to Ban Surveillance Advertising:
Sources
Click or tap on image to visit resource website.
The Pillar Article:
https://www.pillarcatholic.com/p/pillar-investigates-usccb-gen-sec
Motherboard Reporting on Data Brokerage Industry:
https://www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app
https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x
New York Times Tracking January 6th Rioters:
https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html
Wired on Data Brokers as Threat to Democracy:
https://www.wired.com/story/opinion-data-brokers-are-a-threat-to-democracy/
Vermont’s Attempt to Regulate Data Brokers:
Academic Research on Location Data and Anonymity:
https://www.nature.com/articles/srep01376
The Markup Report on Lobbying:
Oracle Marketing to Chinese Government:
https://theintercept.com/2021/05/25/oracle-social-media-surveillance-protests-endeca/
European Union Digital Privacy Laws:
https://digital-strategy.ec.europa.eu/en/policies/digital-privacy