The agency tracked Americans with a easily de-anonymized data broker, according to documents.
The US Centers for Disease Control and Prevention bought access to tens of millions of Americans’ cell phone location data under the guise of tracking compliance with Covid-19 control measures, but ultimately used the information to conduct much more complex and sweeping surveillance, according to documents obtained through a FOIA request by Motherboard, which published its findings on Tuesday.
The agency justified rapidly collecting comprehensive location information on millions of individuals using the Covid-19 pandemic as a reason. However, documents show the data was used to do more than just monitor compliance with social distancing and curfews. Americans’ visits to schools and places of worship were measured on a granular level, while another program focused on surveilling the effectiveness of policy interventions inside the Navajo nation and another concentrated on “Certain building types, cities and violence may be exposed.”
While the CDC’s data was aggregated – apparently aimed at tracking larger trends among populations – studies have repeatedly shown that such supposedly anonymous information can be de-anonymized to the point of pinpointing individuals. Worse, the company the CDC used to obtain its data, SafeGraph, is backed by Peter Thiel, whose company Palantir was deeply involved in the UK’s own ultra-intrusive Covid-19 tracking efforts.
Palantir: The activists want the NHS to be open about its secretive agreement with a data-mining firm
Even Google – itself criticized for breaches while protecting users’ privacy – banned SafeGraph from its Play Store over unscrupulous sales practices last year.
While the CDC insisted SafeGraph’s data was “It is critical to continue response efforts. This includes hourly monitoring activity in curfew areas or detailed count of visits at participating pharmacies.,” cybersecurity researcher Zach Edwards told Motherboard the agency appeared to have “purposefully created an open-ended list of use cases, which included monitoring curfews, neighbor to neighbor visits, visits to churches, schools and pharmacies, and also a variety of analysis with this data specifically focused on ‘violence.’”
While the data was obtained as “Urgent,” such expediency supposedly justified by the pandemic, many of the uses it was meant for had little if anything to do with the outbreak. Cases like “Research points of interest in physical activity, chronic disease prevention, such as visits at parks, gyms or weight management companies,” for example, appeared totally unrelated to the virus, as did “Exposure to environmental factors that are specific to a particular place, such as high levels of air pollution or an area with high incidences of polluting outcomes like asthma.”
Another vaguely ominous area of documentation focused on the use of “mobility data and services… to support non-Covid-19 programmatic areas and public health priorities… including but not limited to travel to parks and greenspaces, physical activity and mode of travel, and population migration before, during, and after natural disasters.” Such information would be used across the agency to “Many CDC priorities can be supported.”
The Health Agency spied millions of people during Covid lockdowns
The SafeGraph cellphone location information used to populate these datasets might also raise red flags for the privacy-conscious, revealing not just where an individual is at any given time but how long they spend there, where they came from, and where they go next, according to the company’s website.
Share this story via social media