This article is part of the On Tech newsletter. You can sign up here to receive it on weekdays.
“Data protection” is one of those terms that feel deprived of any emotion. It’s like a flat lemonade. At least until America’s failure to provide even basic data protection becomes flesh-and-blood.
This week, a senior official in the American Roman Catholic Church hierarchy resigned after a news site said it had data from his cell phone that appeared to show that the administrator uses the LGBTQ dating app Grindr and regularly goes to gay bars . Journalists had access to data on the movements and digital traces of his mobile phone for parts of three years and were able to trace his whereabouts.
I know people are going to have complex feelings about this. Some of you may believe that it is acceptable to use whatever means necessary to determine when a public figure is breaking promises, including if it is a priest who has broken celibacy.
For me, however, this is not about a man. It is a structural failure that allows real-time data on Americans’ movements to exist in the first place and be used without our knowledge or true consent. This case shows the tangible consequences of the practices of America’s vast and largely unregulated data collection industries.
The reality in the United States is that there are few legal or other restrictions preventing companies from compiling the exact locations of our roaming and selling that information to third parties. This data is in the hands of companies we deal with on a daily basis, such as Facebook and Google, and also information brokers with whom we never interact directly.
This data is often packaged in bulk and is theoretically anonymous, but can often be traced back to individuals, as the history of the Catholic official shows. The existence of this data in such sheer abundance on practically everyone creates the conditions for abuse that can affect the wicked and the virtuous alike.
The Internal Revenue Service has bought commercially available cell phone location data in an attempt (apparently ineffective) to hunt down financial criminals. U.S. defense companies and military agencies have received location data from apps people use to pray or hang their shelves. Stalkers found targets by getting information about the location of people from cell phone companies. When Americans go to rallies or protests, political campaigns buy information about the participants in order to target them with messages.
I’m upset that there are still no federal laws restricting the collection or use of location data. If I were to make a tech to do list for Congress, such restrictions would be high on my agenda. (I am encouraged by some proposals from Congress and pending state laws to restrict aspects of the collection or use of Personal Location Information.)
Most Americans now understand that our phones track our movements, even if we don’t necessarily know all of the gory details. And I know how easy it can be to feel angry resignation or just to think, “So what?” I want to resist both of these reactions.
Hopelessness doesn’t help anyone, although I often feel that way too. Losing control of our data wasn’t inevitable. It was a decision – or rather, a year-long failure of individuals, governments, and corporations to think through the consequences of the digital age. We can now choose another path.
And even if you think that you and your family have nothing to hide, I suspect that many people would be unnerved if someone followed their teenager or spouse anywhere. What we have now may be worse. Potentially thousands of times a day, our phones report our locations and we can’t really stop them. (Still, here are steps we can take to mitigate Hell.)
The New York Times editors wrote in 2019 that if the U.S. government had ordered Americans to constantly provide information about their locations, the public and members of Congress would likely rebel. Over time, however, we have collectively and tacitly agreed to hand over this data voluntarily.
We take advantage of this location harvesting system including real-time traffic apps and nearby stores that send us coupons. But we shouldn’t have to accept the constant and increasingly invasive monitoring of our movements in return.