A report released this week by Motherboard Tech By Vice revealed it obtained documents through a Freedom of Information (FOI) request which confirm that the Centers for Disease Control (CDC) tracked the location of its citizens phones during the pandemic.
Vice news reported the CDC paid SafeGraph, a highly controversial data broker, for access to the location data of tens of millions of phones in the United States through its U.S. Core Place Data, Weekly Patterns Data, and Neighbourhood Patterns Data. The procurement documents relating to the data access purchase included a request from the CDC to expedite the process and marking the documents “This is an URGENT COVID-19 PR [procurement request].”
“SafeGraph, the company the CDC paid $420,000 for access to one year of data, includes Peter Thiel and the former head of Saudi intelligence among its investors,” Motherboard said.
The FOI documents obtained, dating from 2021, are said to contain a list of twenty-one potential CDC uses for case data. A screenshot of a portion of the FOI documents show that some of the potential uses include ‘examination of volume of mobile phones grouped in proximity’, ‘research points of interest such as visits to pharmacies in vaccine distribution plan or grocery stores’, ‘creation of user-defined queries and metrics of population mobility such as inferring mode of transport (e.g. walking, biking) ‘, examination of the correlation of mobility patterns data and rise in COVID-19 cases (movement restrictions, border closures, inter-regional and night curfews) to show compliance, and ‘examination of the effectiveness of public policy on [the] Navajo Nation.’
Using privacy-invasive location tracking the CDC purchased access to tens of millions of American’s phones to track and monitor people’s movements and compliance during the pandemic. FOI documents also show that the CDC’s intention was that the data would be used for other non-COVID related purposes.
The documents reviewed by Motherboard Tech by Vice and Cybersecurity Researcher Zach Edwards show that the CDC used the data for monitoring curfews, noting that it was written in the documents that SafeGraph’s data “has been critical for ongoing response efforts, such as hourly monitoring of activity in curfew zones or detailed counts of visits to participating pharmacies for vaccine monitoring.”
Also cited in the report is a statement by the CDC that says the “CDC also plans to use mobility data and services acquired through this acquisition to support non-COVID-19 programmatic areas and public health priorities across the agency, including but not limited to travel to parks and green spaces, physical activity and mode of travel, and population migration before, during, and after natural disasters… The mobility data obtained under this contract will be available for CDC agency-wide use and will support numerous CDC priorities.”
Edwards, on further examination of the documents told Motherboard “The CDC seems to have purposefully created an open-ended list of use cases, which included monitoring curfews, neighbor-to-neighbor visits, visits to churches, schools and pharmacies, and also a variety of analysis with this data specifically focused on ‘violence.”
He added that there are risks surrounding anonymity and the potential for attacks on specific users saying, “In my opinion the SafeGraph data is way beyond any safe thresholds.”
Vice news also confirmed that SafeGraph has previously sold location data to multiple buyers including the CDC, the Illinois Department of Transportation and Motherboard itself. Some of the information sold included location data to assess whether people around the country were following stay-at-home orders and the tracking of visits to Planned Parenting and abortion clinics.
