Sunday, August 1, 2021

What We've Been Saying About Data Privacy Has Been Proven to be True

After years of warning from researchers, journalists, and even governments, someone used highly sensitive location data from a smartphone app to track and publicly harass a specific person. In this case, Catholic Substack publication The Pillar said it used location data ultimately tied to Grindr to trace the movements of a priest, and then outed him publicly as potentially gay without his consent. The Washington Post reported on Tuesday that the outing led to his resignation.

The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information.

"Experts have warned for years that data collected by advertising companies from Americans’ phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right," Senator Ron Wyden told Motherboard in a statement, responding to the incident. "Data brokers and advertising companies have lied to the public, assuring them that the information they collected was anonymous. As this awful episode demonstrates, those claims were bogus—individuals can be tracked and identified."

In short, The Pillar says that Msgr. Jeffrey Burrill, who was the general secretary of the U.S. bishops' conference (USCCB) before his resignation, visited gay bars and other locations while using gay dating app Grindr.

"An analysis of app data signals correlated to Burrill’s mobile device shows the priest also visited gay bars and private residences while using a location-based hookup app in numerous cities from 2018 to 2020, even while traveling on assignment for the U.S. bishops’ conference," the outlet wrote. The Pillar says the location data is "commercially available records of app signal data," and that it obtained the records from "a data vendor" and then authenticated them with a data consulting firm.

The data itself didn't contain each mobile phone user's real name, but The Pillar and its partner were able to pinpoint which device belonged to Burill by observing one that appeared at the USCCB staff residence and headquarters, locations of meetings that he was in, as well as his family lake house and an apartment that has him listed as a resident. In other words, they managed to, as experts have long said is easy to do, unmask this specific person and their movements across time from an supposedly anonymous dataset.

A Grindr spokesperson told Motherboard in an emailed statement that "Grindr's response is aligned with the editorial story published by the Washington Post which describes the original blog post from The Pillar as homophobic and full of unsubstantiated inuendo. The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur. There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported."

In January the Norwegian Data Protection Authority fined Grindr $11.7 million for providing its users' data to third parties, including their precise location data. Almost prophetically, Norwegian authorities said at the time that Grindr users could be targeted with this sort of information in countries where homosexuality is illegal.

Researchers have shown that it is possible to figure out who a phone in an allegedly anonymized set of location data belongs to sometimes with a few points of reference, such as their home or place of work. 

"The research from The Pillar aligns to the reality that Grindr has historically treated user data with almost no care or concern, and dozens of potential ad tech vendors could have ingested the data that led to the doxxing," Zach Edwards, a researcher who has closely followed the supply chain of various sources of data, told Motherboard in an online chat. "No one should be doxxed and outed for adult consenting relationships, but Grindr never treated their own users with the respect they deserve, and the Grindr app has shared user data to dozens of ad tech and analytics vendors for years."

Journalists have also used location data in similar ways before in their reporting. In February, The New York Times' opinion section married location and advertising data to reveal the movements and identities of specific people who attended the January 6 Capitol riots.

"While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data," the piece read.

Last week, Motherboard reported on the so-called "identity resolution" industry, in part by posing as a customer looking to buy sensitive data. These companies promise to match mobile advertising IDs—unique codes assigned to mobile phones by their operating systems, and which tech companies have repeatedly assured consumers are anonymous, or at least pseudonymous—to real-world identities. This makes unmasking people in datasets even easier; why bother trying to figure out which phone belongs to who when you can just buy that information instead.

"Anyone and everyone who has a phone and has installed an app that has ads, currently is at risk of being de-anonymized via unscrupulous companies," Edwards told Motherboard at the time when presented with our findings.

Senator Wyden called for the Federal Trade Commission to act on the data broker industry.

"Last year, I led a bipartisan letter to the FTC calling for a broad probe of the industry. The FTC needs to step up and protect Americans from these outrageous privacy violations, and Congress needs to pass comprehensive federal privacy legislation," he added.




No comments: