Data Brokers Know Where You Are—and Want to Sell That Intel

After Catholic news site The Pillar exposed him, a priest from Catholic Church resigned. He had purchased location data from a broker about his use of Grindr. This incident did not only show how Grindr data can be used against LGBTQ people. The incident also exposed the dangers of the unregulated, large and shadowy data brokerage industry that sells real-time location information to Americans at the highest price.
A new report I wrote for Duke University's Cyber Policy Program was published. It surveyed 10 data brokers to find out what sensitive data they are selling. Openly and explicitly, they publish data about individuals' demographic characteristics (from gender to income level to race, gender, and race), as well as their political beliefs and preferences (including support for the NAACP and ACLU and Planned Parenthood) and current US government and military personnel. Many of these companies also sell another troubling product: Americans geolocations.

Acxiom is one of the most important brokers, with data on billions worldwide. They advertise location-based data on individuals. You want to find out if someone visited a specific location more than once in the past 30 days. This could be a church, their therapists office or their ex's house. According to a company marketing document, they have you covered. You might also be able to gain insights based on individual locations. You might also be interested in other insights based on individual locations.

LexisNexis is another giant that advertises the ability of determining a person's current location using their most recent driver license records. Experian outright advertises mobile location data. Oracle, which has made a significant turn to data brokerage over the past decade, now advertises mobile location-based marketing services. Bluedot, a location data provider, was one of Oracle's partners in 2019. Bluedot claimed its data would improve the accuracy and pinpointing of an individual's location by twentyfold. Bluedot claims it can track how many times an individual has visited a particular location, and for how long. Oracle had added PlaceIQ to their data marketplace a few years before. This company then had data from 475,000,000 location points, 100,000,000 unique users, and more that 10 billion daily location-enabled devices movements.

There are also white pages and people-search sites that allow users to search data about anyone they want by simply entering their name. These data brokers combine public records such as tax filings, voter records, property records, and tax records to make them searchable publicly. Although they don't advertise individual geo-locations in real time, they provide up-to-date information about where people live.

It is not surprising that data breaches and data privacy scandals have highlighted how private companies can track Americans' daily lives. Regardless of how much companies want to normalize their surveillance down to the exact location of your sidewalk or restaurant, it is important to remember that data brokers are selling this data to national security and civil rights.

Federal agencies, including the FBI and US Immigration and Customs Enforcement, purchase data from data brokers without warrants, public disclosures or strong oversight to carry out everything, from criminal investigations to deportations. Data brokers can circumvent the restrictions on companies selling data directly to law enforcement. For example, a cell company can sell data to a broker who can then sell data to the FBI. Federal government agencies that use the data could also bypass various legal restrictions. These include federal controls not applicable to commercially or open-source data.