If you marched in recent Black Lives Matter protests in Atlanta, Los Angeles, Minneapolis or New York, there’s a chance the mobile analytics company Mobilewalla gleaned demographic data from your cellphone use. Last week, Mobilewalla released a report detailing the race, age and gender breakdowns of individuals who participated in protests in those cities during the weekend of May 29th. What is especially disturbing is that protestors likely had no idea that the tech company was using location data harvested from their devices.
Mobilewalla “observed” a total of 16,902 devices (1,866 in Atlanta, 4,527 in Los Angeles, 2,357 in Minneapolis and 8,152 in New York). As BuzzFeed News explains, Mobilewalla buys data from sources like advertisers, data brokers and ISPs. It uses AI to predict a person’s demographics (race, age, gender, zip code, etc.) based on location data, device IDs and browser histories. The company then sells that info to clients so they can “better understand their target customer.”
“This report shows that an enormous number of Americans — probably without even knowing it — are handing over their full location history to shady location data brokers with zero restrictions on what companies can do with it,” Senator Elizabeth Warren told BuzzFeed News. “In an end-run around the Constitution's limits on government surveillance, these companies can even sell this data to the government, which can use it for law and immigration enforcement.”
Mobilewalla CEO Anindya Datta told BuzzFeed that the company produced the report to satisfy its employees’ curiosity.
“We shared this data out of a sense of social responsibility providing insight into the demographics of these protestors in light of what was becoming a national and even international movement,” Datta said in a statement provided to Engadget.
Datta said the data is anonymized and aggregated and does not include personally identifiable information at the individual level, ie no names, phone numbers, emails, etc. He added that the data is not used by law or immigration enforcement.
“We do not know who the protestors are, we are just able to derive their demographics,” Datta said.
But the incident is a reminder that data brokers have access to massive amounts of data from unassuming individuals. There’s a chance that data could be used by law enforcement or be leaked -- as we’ve seen happen in past data breaches. Some fear that individuals concerned about their data being swiped might avoid protests, so in effect, the practices of collecting data may suppress free speech.
At the moment, in the US, there are no federal laws preventing this type of info from being abused. Warren previously opened an investigation into government contracts held by local data brokers. Tim Cook has called for a regulatory body to oversee data brokers, and in 2018, Vermont passed a first-of-its-kind law to hold data brokers to at least some standards and to punish them for misuse. In the EU, officials have used the General Data Protection Regulation (GDPR) to go after data brokers for violating laws on personal information privacy.
Until the US has similar regulations in place, individuals will have to piece together tools and best practices to protect their privacy.
Update 6/26/2020 10:10AM ET: This story was updated to include a statement from Mobilewalla.