According to documents obtained by Motherboard, the CDC used phone location data to monitor schools and churches and wanted to use the data for applications beyond COVID-19: “The documents also show that although the CDC used COVID-19 as a reason to buy access to the data more quickly, it intended to use it for more-general CDC purposes.”
The recovered CDC documents, dating from 2021, state that the data “has been critical for ongoing response efforts, such as hourly monitoring of activity in curfew zones or detailed counts of visits to participating pharmacies for vaccine monitoring.”
The documents contain a long list of what the CDC describes as 21 different “potential CDC use cases for data.” These include, among others, monitoring curfews, neighbor-to-neighbor visits, visits to churches and other places of worship, school visits, and “examination of the effectiveness of public policy on [the] Navajo Nation.”
Although the data that the CDC purchased from the controversial broker SafeGraph was aggregated and designed to show trends, “researchers have repeatedly raised concerns with how location data can be deanonymized and used to track specific people.” Researchers have repeatedly demonstrated that unmasking specific users from these aggregated human mobility datasets is possible.
They coarsened the special and temporal data and still found that “even coarse datasets provide little anonymity.”
“SafeGraph offers visitor data at the Census Block Group level that allows for extremely accurate insights related to age, gender, race, citizenship status, income, and more,” one of the CDC documents reads.
Because of its questionable practices, SafeGraph was banned from the Google Play Store in June 2021, which meant that any app developers using SafeGraph’s code had to remove it from their apps. The company includes among its investors the former head of Saudi intelligence. This is where the CDC went to get its tracking data, paying SafeGraph $420,000 for access to one year of data.
Evidence also emerged recently that the CIA, like Israel and Canada, has been similarly using unauthorized digital surveillance to spy on citizens. After supporting COVID-19 vaccine mandates in 2021, the ACLU finally took an interest again in civil liberties in 2022. They expressed alarm when newly declassified documents revealed that the CIA had been secretly conducting massive surveillance programs that capture Americans’ private information.
Like the Israeli spy agency Shin Bet, our federal intelligence agency was spying not on suspected terrorists, but on ordinary citizens, with no judicial oversight and without congressional approval, as the ACLU noted: “This surveillance is done without any court approval, and with few, if any, safeguards imposed by Congress to protect our civil liberties. These reports raise serious questions about what information of ours the CIA is vacuuming up in bulk and how the agency exploits that information to spy on Americans. This invasion of our privacy must stop.”
Although ACLU arrived a bit late to the party, as the old saw has it, better late than never.
Despite Congress’s clear intent, with the support of the American people, to limit the warrantless collection of Americans’ private records, the senators wrote that “these documents reveal serious problems associated with warrantless backdoor searches of Americans, the same issue that has generated bipartisan concern in the FISA context.”
There's a broader legal context for these extra-legal developments in mass surveillance of civilian populations. Since the war on terror began, Western nations have legislatively scaled up their increasingly intrusive networks of mass surveillance (often referred to by the euphemism “bulk collection”).