Earlier this month, Federal Trade Commission member Alvaro Bedoya spoke of a “large, unregulated market” for location data.
“In 2022, our geolocation technology is not under control,” he warned.
The digital rights group Electronic Frontier Foundation proved his point this week, when it published a new report about Fog Data Science -- a company that obtains location data originally collected by mobile apps, then sells that to law enforcement.
Fog says in documents that it has data from 250 million devices in the U.S.
“Police use of Fog is a major blow to civil liberties in the United States,” the Electronic Frontier Foundation writes. “With a click and drag of a mouse, police can ... track people whose devices have been inside an immigration attorney’s office, a women’s health clinic, or a mental health facility. Police could easily, with almost no oversight, use this tool to watch secret rendezvous between a journalist and their whistleblowing source.”
"This is mass surveillance, often with no judicial oversight," the organization adds.
On Thursday, Senator Ron Wyden (D-Oregon) responded to the report by renewing his call to curb law enforcement purchases of location data.
“Unfortunately, while it’s outrageous that data brokers are selling location data to law-enforcement agencies, it’s not surprising,” Wyden said on Twitter. “This is exactly why I’ve been fighting to pass my bill to outlaw the government from using its credit card to end run the constitution.”
Last year Wyden, along with other lawmakers, introduced the “Fourth Amendment Is Not For Sale Act,” which would require government agencies to obtain a court order before buying personal information from data brokers.
Fog Data Science doesn't require that police departments obtain a warrant before purchasing the location data.
The company, which offers annual subscriptions to police for less than $10,000 per year, says in documents that it is “100% opt-in,” and that no personally identifiable information is collected.
The Electronic Frontier Foundation casts doubt on both claims.
“People did not hand their geolocation data over to Fog or the police, willingly or even knowingly,” the group writes. “Rather, they gave it over, for example, to a weather app so that they could see if it will rain in their town today. When they downloaded the app, they may have clicked a box purporting to grant various so-called 'consents,' but no reasonable person expects this will result in the app tracking all their movements, the app developer selling this sensitive information to a data broker, and police ultimately buying it.”
The organization adds that location data in itself can reveal people's identities.
“The police looking at a dot representing you on a map may not know your phone number or your name -- but when they follow that dot to the place where you sleep at night, suddenly they have your address,” the group writes.
Fog reportedly obtains at least some data from Venntel -- a subsidiary of Gravy Analytics, which itself purchases mobile location data from Mobilewalla and other brokers. (Mobilewalla came under scrutiny two years ago, when it published a report analyzing the demographics of Black Lives Matter protesters in Atlanta, Los Angeles, Minneapolis and New York.)
Gravy Analytics is a member of the ad industry self-regulatory group Network Advertising Initiative, which recommended in 2020 that companies obtain consumers' permission before sharing their location data with law enforcement authorities. The Network Advertising Initiative didn't incorporate that recommendation into an official privacy code.
Gravy Analytics declined to comment to MediaPost, except to share Venntel's statement that “the confidential nature of our business relationships prevents us from disclosing our customers and their work.”