Traditionally, the acronym CDC stands for the Centers for Disease Control and Prevention.
However, now perhaps it should be renamed Cyber-Data Collectors.
The US Centers for Disease Control and Prevention paid for location data harvested from millions of cell phones to track compliance with COVID-19 lockdown measures, according to a new report.The CDC paid $420,000 for a year of access to the cell phone location data from the data brokerage SafeGraph, according to documents reported by Vice News on Tuesday.The data was aggregated, meaning that it was intended to show general trends rather than the movements of specific phones, however the move still set off alarm bells with some privacy advocates.
Documents obtained by Vice News’ Motherboard indicate that the CDC purchased access to millions of Americans’ phone data, not just for covid lockdown tracking.
SafeGraph, the company the CDC paid $420,000 for access to one year of data to, includes Peter Thiel and the former head of Saudi intelligence among its investors. Google banned the company from the Play Store in June. Do you work in the location data industry? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.The CDC used the data for monitoring curfews, with the documents saying that SafeGraph’s data “has been critical for ongoing response efforts, such as hourly monitoring of activity in curfew zones or detailed counts of visits to participating pharmacies for vaccine monitoring.” The documents date from 2021.Zach Edwards, a cybersecurity researcher who closely follows the data marketplace, told Motherboard in an online chat after reviewing the documents that “The CDC seems to have purposefully created an open-ended list of use cases, which included monitoring curfews, neighbor to neighbor visits, visits to churches, schools and pharmacies, and also a variety of analysis with this data specifically focused on ‘violence.’” (The document doesn’t stop at churches; it mentions “places of worship.”)
It appears as if the CDC’s data collection efforts are ongoing.
…{T]he documents also reveal 21 other ways the CDC planned to utilize the data, including “tracking patterns of those visiting K-12 schools by the school” and “examination of the effectiveness of public policy on [the] Navajo Nation.”While the data purchase was initially marked “URGENT” amid the pandemic, the agreement between the CDC and SafeGraph has been extended as the CDC argues it “has interest in continued access to this mobility data as the country opens back up.”
I must note that the CDC did not track any specific phones. It simply bought aggregated location data from a third-party vendor to do population-level analysis.
However, the next time an agency wants to lock down the country and then monitor whether people obey their arbitrary rules, it is good to be mindful of how your personal phone location data may be used. The CDC has earned exactly ZERO trust during its pandemic response.
CLICK HERE FOR FULL VERSION OF THIS STORY