Priest Case Shows 'Weaponization' of App Data Is Here

A Catholic priest resigned from a top role at the US Conference of Catholic Bishops this week after a news site exposed his alleged use of the Grindr gay hookup app—but Monsignor Jeffrey Burrill isn't the only person in the US with secrets to hide, and analysts say the case raises worrying privacy issues. The Pillar, the Catholic news outlet that exposed Burrill, said it used data signals obtained "from a data vendor and authenticated by an independent data consulting firm" to confirm that Burrill used the app and visited gay bars and clubs." Analysts warn that since there is no real oversight of the collection of smartphone location data or the data broker industry, there could be many more such cases to come. More:

• App data "weaponized." Joseph Cox at Vice calls the exposure of Burrill a sign that the "inevitable weaponization of app data is here." He notes that as analysts have long warned, with information available from data brokers, anyone with a "bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information."

• How Burrill was tracked. The commercially available signal data obtained by the Pillar did not list the names of users, but it assigned a number to each device. The Pillar found a device that was consistently at Burrill's home and workplace, deduced that it was his, and found that its location data over the last three years was "littered with gay clubs and bars, all pinged by the 'near-daily' signals beamed out every time Burrill opened Grindr on his device," Gizmodo explains.
• Senator: Data brokers lied to the public. Sen. Ron Wyden says experts who warned that data collected by advertising companies could be used to track people have been proven right. "Data brokers and advertising companies have lied to the public, assuring them that the information they collected was anonymous," he said in a statement. "As this awful episode demonstrates, those claims were bogus—individuals can be tracked and identified."
• Grindr has had privacy issues before. Grindr argues that the data collection described by the Pillar was "infeasible from a technical standpoint and incredibly unlikely," but this is far from the first time privacy issues with the app have surfaced, Recode reports. Earlier this year, Norwegian authorities fined the company $12 million for providing user information—including tracking codes and location data—to advertising companies.
• Calls for more regulation. Shira Ovide at the New York Times is among many analysts saying the Burrill case shows there is a need for laws restricting the collection and use of location data. "This isn't about one man," Ovide writes. "This is about a structural failure that allows real-time data on Americans’ movements to exist in the first place and to be used without our knowledge or true consent."

(More online privacy stories.)