In exchange for our increasingly digital lives, Americans have turned over reams of data on our location, activity, preferences and even conversations. Tech firms track, store and sell that data back to us in the form of digital advertising and convenience. But what else could be done with all that data, including what it reveals about our intimate lives?
Last week gave a chilling answer to that question.
An obscure newsletter called The Pillar used anonymous geolocation data, collected from the gay dating app Grindr, to locate, identify, track and out a Catholic priest. Monsignor Jeffrey Burrill resigned his post as general-secretary of the US Conference of Catholic Bishops in the wake of this “reporting.”
The affair sheds light on the largely lawless realm of data brokerage, where a person’s minute, individual details can be bought, sold, repackaged and “de-anonymized” by private actors for various ends — including, as we learned this week, vengeful ones.
It also illuminated a disconcerting reality of life in the digital age. Americans now live twice: simultaneously in the fleeting present — and also in the permanent digitized echo we create.
Hundreds of times a day, popular smartphone apps broadcast their location, demographic information and unique phone-ID numbers to an industry of online data brokers and advertising companies, which resell them to other firms and even the government.
For years, these companies insisted that these datasets are anonymous. Yet the granular and highly personal nature of the data being collected always belied that claim. Precise location data can, over time, reveal where someone lives, works, shops, socializes — and hooks up.
It isn’t difficult to cross-reference location data with other publicly available information that reveals an individual’s identity: A cell phone’s advertising ID number can be associated with the owner’s customer information. If a cell phone pings from a certain address each night, that address can be matched with publicly available purchase details.
That’s what The Pillar was able to do. The outlet says it obtained Burrill’s location information from a data vendor, then authenticated it with a data-consulting firm.
According to The Pillar, “a mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019 and 2020.”
Critically, while the data didn’t contain each mobile-phone user’s real name, The Pillar was able to “correlate” that data with information showing a device that appeared at USCCB staff residences, headquarters and meetings attended by Burrill, as well as in his family’s lake house, the homes of his family members and at an apartment that listed Burrill as a resident.
The Pillar, in other words, demonstrated that it’s possible to use a supposedly anonymous and freely available dataset to track an individual’s movements and reveal his identity. The Pillar took Burrill’s anonymous online echo, and used it to turn his real life upside down.
Yes, we should be afraid: Tech firms told Americans that the details they shared would remain anonymous. But if that data can now be re-identified with ease, we’ve handed over the Eye of Sauron to anyone with a handful of spreadsheets and an axe to grind.
The Pillar didn’t reveal how it came into possession of the data, or if the outlet paid for it, raising the possibility that it is part of some third party’s larger vendetta. One can easily imagine a scenario in which this type of “journalism” is used to destroy political and business opponents in addition to ecclesiastical ones.
It’s also not hard to see governments using and abusing this data, including our own government, which is doubtless unable to resist sidestepping constitutional obligations to surveil as many Americans as possible using commercially available datasets.
Reporting from Vice News reveals that the federal government’s spy agencies are indeed harvesting data from ordinary phone apps, including a National Guard unit tasked with carrying out drone strikes.
Perhaps the most bracing reality is that this is all perfectly legal. Our public policy is still chasing the innovations of the digital age. Unless new laws are passed, or regulations implemented, the way we live will be fundamentally changed, as our supposedly private choices and behaviors echo years into the future: identified and kept eternal in digital amber, freely accessible to our enemies and irresponsible actors.
Rachel Bovard is the senior director of policy at the Conservative Partnership Institute and senior tech columnist for The Federalist.
Credit: Source link