Data brokers sell location data of Americans who visit abortion clinics

of looking-at-you-looking-at-me department

With the leaked Supreme Court ruling indicating that the court is about to knock down effectively Roe V.Wadeyou can expect a new wave of concern over the weaponization and abuse of consumer location data as states increasingly seek to criminalize abortion — and those who help others seek such services.

As at the right time: the motherboard the latest scoop says that data brokers actively collect and sell location data of users who visit Planned Parenthood abortion clinics, including “aggregate” data about how long visitors have been at the clinic and from which block(s) (s) of census they travelled:

The company selling the data is SafeGraph. SafeGraph ultimately obtains location data from regular apps installed on people’s phones. Often, app developers install code, called software development kits (SDKs), into their apps that sends users’ location data to companies in exchange for payment from the developer. Sometimes app users are unaware that their phone, whether through a prayer app or a weather app, collects and sends location data to third parties, not to mention some of the most dangerous use cases. reported by Motherboard, including the transfer of data to US military contractors.

Safegraph works with all kinds of organizations and businesses interested in detailed tracking of user movements, including, it was also revealed this week, the CDC. Motherboard didn’t find it particularly difficult to purchase its own treasure trove of data, including Planned Parenthood’s recent visitors, for $160:

SafeGraph classifies “Planned Parenthood” as a “brand” that can be tracked, and data purchased by Motherboard includes more than 600 Planned Parenthood locations in the United States. The data included a week of location data for these locations in mid-April. SafeGraph calls the location data product “Patterns”. In total, the data costs just over $160. Not all Planned Parenthood sites offer abortion services. But Motherboard has verified that some facilities included in the purchased dataset do.

Again, this data can be useful to everyone, from epidemiologists to city planners. But it’s also incredibly lucrative, we don’t have a lot of standards in place as to how it can be used (so as not to stifle innovation, wink wink). As a result, it is routinely collected without the user’s knowledge or consent, sold without too many guarantees, and widely distributed across countless industries.

As we’ve noted many times, telecom, tech, app, and ad tech companies really like to argue that this type of granular data collection and sale is ok because the data collected is “anonymized”. But studies have repeatedly made it clear that “anonymization” is a meaningless term because users can be easily identified with just a few additional data sets.

The same was true here, with the privacy impact of aggregation and anonymization being overstated:

SafeGraph data is aggregated, which means it does not explicitly specify where a certain device has been moved. Instead, it focuses on the movements of groups of devices. But researchers have repeatedly alerted to the possibilities of unmasking individuals contained in purportedly anonymized datasets.

The sections of the SafeGraph dataset that the motherboard purchased handle a very small number of devices per record, theoretically facilitating the de-anonymization of these people. Some only had four or five devices visiting that location, with SafeGraph filtering the data based on whether the person was also using an Android or iOS device.

Safegraph declined to respond to a request for comment.

Journalists have documented this specific threat to the safety of those seeking abortions for several years. The broader concerns about harm caused by the excessive collection and sale of location data are not moot. There has been a parade of scandals by a wide variety of companies and services showing how the excessive collection and sale of location data is causing immeasurable harm.

Scandals at Securus, LocationSmart, T-Mobile, Grindr and others have all starkly illustrated how mobile carriers, app makers, tech companies and location data brokers routinely collect, buy and sell your daily movement records with only fleeting effort. to ensure that all subsequent buyers and sellers of this data adhere to basic privacy and security standards. This data is then misused by stalkers, criminals, law enforcement, and anyone with a penny to spare.

Although there are often many claims to the contrary, US lawmakers have done nothing meaningful to address this problem, not because it is difficult, but because a long list of industries and businesses have found the broken and dangerous status quo more profitable. And because these corporations have collectively pressured a corrupt Congress into a state of perpetual dysfunction and apathy.

The check for this apathy keeps coming. And the idea that this location data will not be abused by a burgeoning American authoritarian movement seeking to criminalize, vilify and harass not only those who seek abortions – but those who help and care for them – seems relatively naive.

Filed Under: abortion, adtech, apps, consumers, location data, parenting planning, privacy, smartphonw, surveillance, telecommunications, wireless

Companies: safegraph