Analysis

Tracking of Priest Hookup App Data Highlights We're Living in Surveillance Dystopia

On Thursday, the Washington Post published a report on a Denver-based Catholic group buying app data from data brokers and using that information to find whether priests in the church are using hookup apps.
Sputnik
Some in the group were behind the outing of prominent priest Jeffery Burrill, after Catholic news outlet The Pillar reported on his use of gay hookup app Grindr and his visits to gay bars and gay bathhouses.
Burill stepped down from his position as the top administrator of the US Conference of Catholic Bishops days later.
The group, the Catholic Laity and Clergy for Renewal, admitted to the research in a lengthy op-ed posted on the Catholic magazine First Things’ website, which was published after the Post sent questions to the Renewal about the program.
According to The Post, which reviewed two reports prepared by the organization, the Renewal used data from multiple gay-hookup sites, including Grindr, Scruff, Growlr, and Jack’d, as well as OKCupid, which caters to various sexualities. The reports were given to bishops in the church.
Renewal says that the bishops were free to use the information as they liked. However, while The Post said that outside of Burrill there are no known instances of priests resigning over the data, a source told the outlet the priests could be punished by not getting promotions or being forced into early retirement, without being told why.
The op-ed by the Renewal slams The Post and “similar secular outlets” that focus on “a small part of what we do–anything that touches sex.” The Renewal also says the program is not about homosexuality exclusively but is instead focused on priests who break their vows of celibacy, whether that is through straight or gay sex.
“It’s not about straight or gay priests and seminarians,” the op-ed contends. “It’s about behavior that harms everyone involved, at some level and in some way, and is a witness against the ministry of the Church.”
The op-ed also states that the group obtained the data “in the ordinary way” i.e. buying it from a data broker or someone who had bought it from a data broker. The Post article states that Renewal spent at least $4 million getting the data.
Legally, apps on our devices are allowed to sell location and other personal data to advertisers. They justify the practice because, they contend, as long as they strip names from the data, it protects the user’s privacy.
Big Brother Never Sleeps: ACLU Dubs DHS’s Phone Location Data Use ‘Massive Privacy Disaster’
But multiple studies have shown that it is fairly trivial to connect a phone to a person using location data–even without that person’s name–when using other publicly available information. Using location data, a company could easily connect a device to a person simply by watching where it goes every day. Where it goes during work hours and where it returns would tell a prying eye where the person holding that device works and lives. And if you already know where someone works or lives, seeing everywhere they go is as simple as tracking where else the phone goes.
In the case of Renewal, they also had access to the type of device used, the device ID and the internet service provider, in addition to location data. It isn’t hard to imagine how easy it would be to link that device to a specific person.
For their part, the dating apps in question have all said they have limited tracking data further in recent years. Grindr said it stopped sharing location data in 2020, Growlr says it no longer shares GPS data, OKCupid said it obfuscates location data within a kilometer, and Scruff and Jack’d, both owned by the same parent company, say they removed third-party ad networks in 2018 and 2020, respectively.
Still, Renewal was able to get the data it needed from someone. And dating apps are hardly the worst offenders when it comes to tracking and selling data.
The laws on data selling are vague and broad. Justin Sherman, a senior fellow at Duke University's public policy school, told The Post that “you can count [the number of data privacy laws] on one or two hands.”
Anyone can buy advertising data if they have enough money. Anti-abortion groups have used it to track people who visit abortion clinics. On Monday, the FBI admitted to buying data to avoid getting a warrant. And women’s groups have warned that domestic abusers and stalkers may use the data to track their victims.
FBI Potentially Searched Millions of Americans’ Personal Data in 2021 Without a Warrant
It is not difficult to think of other nightmare scenarios.
What is stopping an employer from tracking an employee to make sure they are actually staying home when sick, or checking to see if they visited a bar the night before calling out? Furthermore, what's to stop a Church from expanding its tracking spotlight from priests to parishioners? Or a school from tracking what their students do outside of class hours, something they have become increasingly interested in since the pandemic.
In the early 1990s, Phill Zimmerman released “Pretty Good Privacy,” better known as PGP. It was the first time the public gained access to private digital communications through the use of cryptography, not unlike technology that was previously exclusive to the National Security Administration (NSA).
It allowed individuals to send messages to each other using public and private digital signatures. If the authorities or anyone else intercepted the messages, they would only see noise, but if the message was sent to your public key, you could decode it using your private key.
Zimmerman was investigated for years by the authorities because, they said, his software was downloaded by foreign citizens and that could have been considered exporting a weapon. The Justice Department ultimately decided against pressing charges against Zimmerman, which was a big win for privacy advocates at the time.
While the principles of Zimmerman’s software became the basis for all private online communications we have today, from credit card purchases to private messaging apps like Signal, the public by and large didn’t use the privacy tools that Zimmerman created and the majority of online services didn’t bother incorporating it.
CDC Collecting Tens of Millions of Americans’ Location Data - And Not Just for COVID
As apps started sucking up more data about their users, and as cellphones went from a luxury to an essential part of everyday life, online privacy has become more important, and more ignored, than ever.
Speaking to Wired in 1994, legendary cryptographer Niels Ferguson, who at the time was working for a failed pre-Bitcoin digital currency called DigiCash, warned about the dangers of the lack of privacy in the growing digital world. Ferguson was speaking about digital purchases, but considering the ubiquitousness of smartphones today, it can easily be applied to location data.
“Oh, the number of times I've had to argue with people that they need privacy!” Ferguson exclaimed in a response to a question if digital cash should be traceable.
“They'll say, 'I don't care if you know where I spend my money.' I usually tell them, 'What if I hire a private investigator to follow you around all day? Would you get mad?' And the answer always is, 'Yes, of course I would get mad.' And then my argument is, 'If we have no privacy in our transaction systems, I can see every payment - every cup of coffee you drink, every Mars bar you get, every glass of Coke you drink, every door you open, every telephone call - you make. If I can see those, I don't need a private investigator. I can just sit behind my terminal and follow you around all day.' And then people start to realize that, yes, privacy is in fact something important. Any one part of the information is probably unimportant. But the collection of the information, that is important.”
Which of course, is why advertisers are so interested in our information. Our phones essentially act as little personal private investigators, reporting back to massive conglomerates of a multibillion-dollar industry, ready to sell that information to anyone or any entity willing to pay for it. Churches, the government, spouses, employers, or anyone motivated and wealthy enough can find out where you’ve been, what you’ve bought and who you associate with.
That is an issue that goes far beyond the inner workings of the Catholic Church.
Discuss