Emerson Phillips
The Centers for Disease Control (CDC) paid $420,000 for a year of access to cell phone location data to track compliance with COVID-19 lockdown measures, according to CDC documents obtained by Motherboard.
Videos by Rare
Location data is information on a device’s location sourced from the phone, which can show where a person lives, works, and travels.
The CDC – the national public health agency of the United States – purchased the information from the controversial data brokerage firm SafeGraph to analyze compliance with curfews, track patterns of people visiting K-12 schools, and specifically monitor the effectiveness of policy in the Navajo Nation.
“The CDC seems to have purposefully created an open-ended list of use cases, which included monitoring curfews, neighbor to neighbor visits, visits to churches, schools and pharmacies, and also a variety of analysis with this data specifically focused on ‘violence.’” said Zach Edwards, a cybersecurity researcher who tracks the data marketplace.
The data was aggregated, meaning that it was intended to show general trends rather than the movements of specific phones.
Motherboard obtained the documents through a Freedom of Information Act (FOIA) request with the CDC. Another section of the document elaborates on the location data’s use for non-COVID-19 related programs.
“CDC also plans to use mobility data and services acquired through this acquisition to support non-COVID-19 programmatic areas and public health priorities across the agency, including but not limited to travel to parks and greenspaces, physical activity and mode of travel, and population migration before, during, and after natural disasters,” it reads. “The mobility data obtained under this contract will be available for CDC agency-wide use and will support numerous CDC priorities.”
SafeGraph investors include PayPal co-founder Peter Thiel, and a former head of Saudi intelligence. Google banned the company from the Play Store in June. The ban meant that any apps working with SafeGraph had to remove the offending location gathering code from their apps.
Google has cracked down on location data firms who sometimes, in violation of Google’s policies, pay app developers to include their data harvesting code and then sell the collected data to companies or government agencies, as in this case, the CDC.
“They are willing to sell extremely fine-grained data and anyone with a credit card can start buying it,” Edwards said.In the early days of the pandemic, SafeGraph made some of its aggregate data and analysis available publicly to help inform the policy response to the pandemic. A year later, the CDC purchased access to the data because SafeGraph no longer wanted to provide it for free, according to the documents.
