Published May 4, 2022
(This post originally appeared in Aaron Kheriaty’s Substack newsletter “Human Flourishing.” Read other issues and subscribe to the newsletter here.)
Yesterday, Vice broke the story that during the previous two years, as the headline announced, “The CDC tracked Millions of Phones to See If Americans Followed COVID Lockdown Orders.” According to documents obtained by Motherboard, the CDC used phone location data to monitor schools and churches, and wanted to use the data for applications beyond covid: “The documents also show that although the CDC used COVID-19 as a reason to buy access to the data more quickly, it intended to use it for more-general CDC purposes.” The recovered CDC documents, dating from 2021, state that the data “has been critical for ongoing response efforts, such as hourly monitoring of activity in curfew zones or detailed counts of visits to participating pharmacies for vaccine monitoring.”
The documents contain a long list of what the CDC describes as 21 different “potential CDC use cases for data.” These include, among others, monitoring curfews, neighbor-to-neighbor visits, visits to churches and other places of worship, school visits, and “examination of the effectiveness of public policy on [the] Navajo Nation.” Other use cases mentioned in the documents include public health issues beyond covid, such as “research points of interest for physical activity and chronic disease prevention such as visits to parks, gyms, or weight management businesses” as well as “exposure to certain building types, urban areas, and violence.”
Although the data the CDC purchased from the controversial broker, SafeGraph, was aggregated and designed to show trends, “researchers have repeatedly raised concerns with how location data can be deanonymized and used to track specific people.” Researchers have repeatedly demonstrated that that unmasking specific users from these aggregated human mobility datasets is possible. One research team studied fifteen months of human mobility data for one and a half million individuals and published their results in Nature: Scientific Reports: “In a dataset where the location of an individual is specified hourly and with a spatial resolution equal to that given by the [mobile phone] carrier’s antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.” They coarsened the special and temporal data and still found “even coarse datasets provide little anonymity.”
“SafeGraph offers visitor data at the Census Block Group level that allows for extremely accurate insights related to age, gender, race, citizenship status, income, and more,” one of the CDC documents reads. Due to its questionable practices, SafeGraph was banned from the Google Play Store in June 2021, which meant that meant that any app developers using SafeGraph’s code had to remove it from their apps. The company includes among its investors the former head of Saudi intelligence. This is where the CDC went to get its tracking data, paying SafeGraph $420,000 for access to one year of data.
Evidence also emerged recently that the CIA, like Israel and Canada, has been similarly using unauthorized digital surveillance to spy on Americans. After supporting vaccine mandates in 2021, the ACLU finally took an interest again in civil liberties in 2022. They expressed alarm when newly declassified documents revealed that the CIA has been secretly conducting massive surveillance programs that capture Americans’ private information.
Like the Israeli spy agency Shin Bet, our federal intelligence agency was spying not on suspected terrorists but on ordinary Americans, with no judicial oversight and without congressional approval, as the ACLU noted: “This surveillance is done without any court approval, and with few, if any, safeguards imposed by Congress to protect our civil liberties.” They concluded: “These reports raise serious questions about what information of ours the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans. This invasion of our privacy must stop.” Though ACLU arrived a bit late to the party, as the old saw has it, better late than never.
U.S. Senators Senator Ron Wyden of Oregon, and Martin Heinrich of New Mexico, both Democrats and members of the Senate Intelligence Committee, called for declassification of relevant CIA documents. In a letter of April 13, 2021 which they made public, the two senators expressed concern that the CIA program was “entirely outside the statutory framework that Congress and the public believe govern this collection [of data], and without any of the judicial, congressional or even executive branch oversight that comes from [Foreign Intelligence Surveillance Act—FISA] collection.” Despite Congress’s clear intent, with the support of the American people, to limit warrantless collection of Americans’ private records, the senators warn, “these documents reveal serious problems associated with warrantless backdoor searches of Americans, the same issue that has generated bipartisan concern in the FISA context.”
There is a broader legal context for these extra-legal developments in mass surveillance of civilian populations. Since the war on terror began, Western nations have legislatively scaled up their increasingly intrusive networks of mass surveillance (often referred to with the euphemism “bulk collection”). The last decade has seen such measures passed in the U.K., France, Australia, India, Sweden, and other countries—not to mention the AI and facial- and gate-recognition enabled surveillance in China, technology that Xi is already exporting to eager rogue regimes around the globe.
Aaron Kheriaty is a physician, a fellow at the Ethics and Public Policy Center, and chief of ethics at The Unity Project.