Data Broker That Trafficked In Abortion Clinic Location Data Also Helps The Air Force With ‘Targeting’

Privacy

from the conflict-of-interest-much? dept

There are two major reasons that the U.S. doesn’t pass an internet-era privacy law or regulate data brokers despite a parade of dangerous scandals. One, lobbied by a vast web of interconnected industries with unlimited budgets, Congress is too corrupt to do its job. Two, the U.S. government is disincentivized to do anything because it exploits this privacy dysfunction to dodge warrants and expand surveillance.

Case in point: a data broker by the name of SafeGraph was busted in 2022 selling the app-gleaned location data of users who had visited abortion clinics. Journalists found that the company was selling a week of granular location data of clinic visitors for as little as $160, documenting not just which clinic they visited and how long they stayed, but where they went before and after.

There have been multiple examples of data brokers trafficking in such data without doing much to even confirm the identities of purchasers. That’s obviously a problem post-Roe, given this data can be abused to harass or send targeted misinformation to vulnerable women, or exploited by state AGs in authoritarian-drifting states to prosecute women seeking health care (and those who help them).

At the same time, SafeGraph contracts with government agencies like the CDC to help do things like track the effectiveness of pandemic lockdowns. And there’s ongoing, emerging data indicating that the company has a fairly robust relationship with the U.S. Air Force that involves providing data for, among other things, “targeting cycle and decisions” in “contested geographies.”:

“Geospatial Data to Navigate Contested Geographies,” the documents and public procurement records, dated May 2023, read. “Improving AFCENT and 9AF Targeting Cycle and Decisions.” 9AF, or Ninth Air Force, is responsible for missions with partner nations in Southwest Asia.”

As with most companies and industries, this rampant over-collection and monetization of data (with very little in the way of meaningful safeguards) is justified by the claim the data is “anonymized.”

In reality, studies show that anonymization means nothing, and it’s trivial to identify individual users given how many different available datasets are now available in the wild. Our refusal to even modestly regulate these markets creates a treasure trove of surveillance opportunity not just for corporate America, but for global intelligence agencies.

So on one hand, you have a massive, unaccountable data broker industry that’s routinely found to be abusing privacy at unprecedented scale, resulting in no limit of abuse by stalkers, hackers, extremists, law enforcement, and global intelligence agencies. On the other hand, you have a U.S. government that’s disincentivized to do anything about that problem because it benefits from the broad dysfunction.

Much like telecoms like AT&T, once data brokers are tightly interwoven with surveillance, military, and other government functions they effectively become immune from meaningful regulation or oversight at any scale. The only thing that’s going to break that chain of dysfunction is a privacy scandal the likes of which we haven’t seen yet; one that likely either involves fatalities or a massive privacy violation of a large group of people with meaningful wealth or power.

Only then will Congress have the adequate political motivation to lay down some basic guidelines on the rampant over-collection and monetization of location and behavior data. But I’m not keen to see what this inevitable apathy backbreaker actually looks like.

Filed Under: corruption, location data, military, privacy, security
Companies: safegraph