Priest unmasked via Grindr app highlights endemic data tracking
When a religious publication used data from a smartphone app to infer the sexual orientation of a senior Roman Catholic official, it revealed a problem that goes far beyond a debate over the doctrine of the church and priestly celibacy.
With few US restrictions on what businesses can do with the large amount of data they collect from web page visits, apps, and in-phone location tracking, there’s not much. to stop similar spying on politicians, celebrities and just about anyone who is the target of another person’s curiosity – or meanness.
Citing allegations of “possible inappropriate behavior”, the United States Conference of Catholic Bishops on Tuesday announced the resignation of its top administrative official, Monsignor Jeffrey Burrill, ahead of a report by Catholic media outlet The Pillar which probed his private love life .
The Pillar said it obtained “commercially available” location data from a vendor it did not name and that it “correlated” to Burrill’s phone to determine he had visited gay bars and private residences while using Grindr, a dating app popular with gay people.
“Cases like this will only multiply,” said Alvaro Bedoya, director of the Center for Privacy and Technology at Georgetown Law School.
Privacy activists have long advocated for laws that would prevent such abuses, although in the United States they exist in only a few states and then in various forms. Bedoya said Burrill’s sacking should make the danger of this situation clear and should finally spur Congress and the Federal Trade Commission to act.
Privacy issues are often interpreted in abstract terms, he said, “when it’s really about ‘Can you explore your sexuality without your employer firing you? Can you live in peace after an abusive relationship without fear? ‘ Many victims of abuse make sure that their attacker can no longer find them.
As a congressman in 2012, Bedoya worked on legislation that would have banned apps that allow attackers to covertly track the location of their victims using data from their smartphones. But he was never adopted.
“No one can claim it’s a surprise,” Bedoya said. “No one can claim that he was not warned.
Privacy advocates have warned for years that location and personal data collected by advertisers and gathered and sold by brokers can be used to identify individuals, is not as secure as it should be and are not governed by laws that require the clear consent of the person being tracked. Legal and technical protections are needed for smartphone users to push back, they say.
The pillar alleged “serial sexual misconduct” by Burrill – homosexual activity is considered a sin under Catholic doctrine, and priests are expected to remain celibate. The online publication’s website describes it as focused on investigative journalism that “can help the Church better serve its sacred mission, the salvation of souls.”
Its editors did not immediately respond to requests for comment Thursday on how they got the data. The report only stated that the data came from one of the data brokers who aggregate and sell the app signal data, and that the publication also hired an independent data consultancy to authenticate it.
Senator Ron Wyden, D-Ore., Said the incident once again confirms the dishonesty of an industry that falsely claims to protect the privacy of phone users.
“Experts have warned for years that data collected by advertising companies from Americans’ phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right, ”he said in a statement. “Data brokers and advertising companies lied to the public, assuring them that the information they collected was anonymous. As this horrific episode shows, these claims were wrong – individuals can be tracked and identified. “
Wyden and other lawmakers asked the FTC to investigate the industry last year. It must “step up and protect Americans from these outrageous privacy breaches, and Congress must pass comprehensive federal privacy legislation,” he added.
The Norwegian data privacy watchdog concluded earlier this year that Grindr was sharing users’ personal data with a number of third parties without a legal basis and said it would impose a fine of $ 11.7 million (100 million Norwegian crowns), or 10% of the worldwide turnover of the Californian company. .
Data disclosed to ad technology companies for targeted ads included GPS location, user profile information as well as whether particular individuals were using Grindr, which could indicate their sexual orientation.
Advertising partners Grindr shared data with included Twitter, AT&T’s Xandr service and other ad technology companies OpenX, AdColony and Smaato, the Norwegian watchdog said. Its investigation follows a complaint from a Norwegian consumer group that discovered similar data leak issues in other popular dating apps such as OkCupid and Tinder.
In a statement, Grindr called The Pillar’s report a “homophobic and unethical witch hunt” and said he did not “believe” that this was the source of the data used. The company said it has policies and systems in place to protect personal data, although it did not say when these were implemented. The Pillar said the app’s data it obtained from Burrill covered parts of 2018, 2019 and 2020.