At the end of July, a Catholic priest resigned from the church, after Catholic news site The Pillar exposed him by purchase location data from a data broker about their use of Grindr. The incident didn’t just illustrate how people can use Grindr data against members of the LGBTQ community. He also highlighted the dangers of large, obscure and unregulated data brokerage industry sell real-time American locations to the highest bidder.
In a new report For the Cyber Policy program at the Sanford School of Public Policy at Duke University, I interviewed 10 top data brokers and the sensitive data they publish. They openly and explicitly disseminate data on the demographics of individuals (from race to gender to income level) and political preferences and beliefs (including support for the NAACP, ACLU, Planned Parenthood and the National LGBTQ. Task Force), and the current US government. and military personnel. Several of these firms also market another worrying product: American geolocation.
Acxiom, one of the largest brokers with data on billions people in the world, advertise “Location-based device data” about individuals. Need to know if someone has visited a place several times in the past 30 days, such as a church, their therapist’s office, or their ex’s house? They have what you need, according to one company marketing documents. What about other information based on the location of individuals? Check out data from marketing firm NinthDecimal, according to a 2018 fact sheet, an Acxiom “partner” that provides “location information and location context for mobile devices”. Military personnel, according to Acxiom, can also be located: they offers “Verification and location of military personnel (deployed but absent from the base)” as part of commercial work for credit card issuers and retail banks.
LexisNexis, another juggernaut, advertise the ability to “determine a person’s current location” using recent driver’s license records. Pure and simple experience advertise mobile location data. Oracle, which has made a significant shift towards data brokerage over the past decade, advertise marketing services based on the real-time location of a user. In 2019, Oracle partnered with location data provider Bluedot (one of many such partners), which claims that its data would make it possible to improve the location of an individual by twenty times. Among other factors, Bluedot claimed to track how many times an individual visited a place and how long they stayed there. A few years earlier, Oracle added PlaceIQ to its data market, a company that then had data “from 475 million location points, 100 million unique users and more than 10 billion daily movements of geolocated devices.”
Then, of course, there are people search sites, or “white pages,” which allow Internet users to search for data about anyone by entering their name. By scraping property records, tax returns, voting records, etc., these data brokers aggregate government documents and other publicly available documents and make them available to the public, for a small fee or at no cost. While they do not advertise real-time geolocations of individuals, they do provide relatively up-to-date information on where people live.
None of this is perhaps surprising: the data breach after the data privacy scandal shed light on just how intimately private companies follow the daily lives of Americans. Even as these companies want to standardize their surveillance, right down to the exact sidewalk you stand on or the restaurant you sit in, we can’t forget that data brokers selling this location data threaten civil rights, security. national and democracy.
On the civil rights front, federal agencies from the FBI to U.S. Immigration and Customs Enforcement buy data from data brokers – without a warrant, public disclosure, or robust surveillance – to to carry outside all from criminal investigations to evictions. In doing so, data brokers bypass limits placed on companies that pass data directly to law enforcement (for example, a mobile phone company can sell user data to a data broker who can then sell the data. to the FBI). Federal government agencies using the data can then also bypass various legal restrictions in place regarding searches and seizures as well as federal controls that are not applied to “open source” or “commercially obtained” data, even if the data is secure. American individuals.