OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Letter to Auren Hoffman, Chief Executive Officer of Safegraph, Inc. - Blumenthal, Murphy Blast Data Brokers for Collecting & Selling Cell Phone Location Data of People Who Visit Abortion Clinics

Letter

Date: May 17, 2022
Location: Washington, DC
Issues: Technology and Communication Abortion

Dear Mr. Hoffman:

We write to demand answers regarding an appalling new report that SafeGraph has been collecting and selling the cellphone-based location data of people who visit abortion clinics such as Planned Parenthood.1 Especially in the wake of the Supreme Court's leaked draft opinion overturning Roe v. Wade,2 your company's sale of such data--to virtually anyone with a credit card--poses serious dangers for all women seeking access to abortion services. SafeGraph must immediately account for its problematic practices to Congress and to the American people and guarantee that it will eliminate these practices, and others like them, completely and permanently.

Data brokers across the country use a similar three-step business model. First, companies collect untold amounts of data from Americans when they use websites, mobile applications, and more, oftentimes without the consumer's informed consent or knowledge.3 Second, data brokers scoop up that information in bulk and repackage that information for sale.4 Third, purchasers of all stripes buy the data for almost any purpose5--whether to serve targeted ads or assemble credit reports6--reaping massive profits for the $200 billion data-broker industry.7

But SafeGraph's sale of abortion clinic data is especially pernicious, even by the low standards of the largely unregulated data-broker market. SafeGraph collects location data on millions of Americans using the apps on their phones, such as weather apps or prayer apps.8 The data is incredibly precise: it reveals "the latitude and longitude of a device at a given point in time," down to the exact building.9 Purchasers of the data--per SafeGraph's own marketing-- can determine "how often people visit [any given location], how long they stay, where they came from, where else they go, and more,"10 even including where someone lives based on where their phone is located overnight.11 And perhaps most alarmingly, essentially anyone can buy SafeGraph's repackaged data,12 enabling individuals, corporations, and governments alike to learn who is seeking access to abortion care and where they are.

It is difficult to overstate the dangers of SafeGraph's unsavory business practices. Antiabortion activists have already used location data to send targeted anti-choice ads to women's phones while they are sitting in abortion clinics.13 Anti-abortion violence is on the rise, with assaults and threats of harm against abortion providers more than doubling between 2016 and 2020.14 Anti-abortion politicians in Republican-led states have placed bounties on women who receive abortions and doctors that provide them and even proposed laws that would punish pregnant people for traveling to seek abortions out of state.15 Anti-abortion prosecutors have used search and message data to criminally charge abortion seekers.16 These and other practices targeting women seeking necessary health care services are almost certain to escalate if Roe v. Wade is gutted and abortion is criminalized instantly in states across the nation. Under these circumstances, SafeGraph's decision to sell data that allowed any buying customer to determine the locations of people seeking abortion services was simply unconscionable, risking the safety and security of women everywhere.

SafeGraph's response to the public outcry over its practices misses the mark. In your blog post justifying SafeGraph's sale of abortion clinic data, you claimed that your company's location data was "fully aggregated and anonymized."17 But as experts have repeatedly warned, it can be "trivially easy" to link someone's location data with their real-world identities, especially when datasets are limited to only "four or five" devices in a location.18 In the same blog post, you assured the public that SafeGraph was "removing Patterns data for locations classified as … "Family Planning Centers'" from its self-serve store.19 But SafeGraph offered no further details about: (a) how many Americans had their sensitive data sold, (b) who purchased this data, (c) how long this data was available to the public, (d) whether the data removal would be permanent, (e) what SafeGraph would do to support those whose data was already sold, or (f) any other remedial measures that your company planned on taking.

SafeGraph's sale of this data presents an ongoing threat to women who have sought abortions and who may seek them in the future, a threat that is magnified by the leaked Supreme Court draft opinion which would eviscerate a woman's right to choose.20 To better understand SafeGraph's disturbing practice of collecting and selling the location data of Americans at abortion clinics across the country--especially given your company's long history of prior privacy violations and its resulting removal from the Google Play Store21--we request that you answer the following questions by May 31, 2022:

1. How many individuals who visited "Family Planning Centers" had their location data sold by SafeGraph in total?

2. Was any other data indicating locations where people may have sought or obtained abortions sold by SafeGraph? If so, what data was sold?

3. Did any advocacy organizations or government agencies purchase the location data of people who visited "Family Planning Centers" from SafeGraph? If so, which ones?

4. Which mobile applications and data brokers supplied the location data of people who visited "Family Planning Centers"?

5. What steps has SafeGraph taken to ensure that all its data suppliers--such as mobile applications--obtain informed consent from consumers before collecting and selling their data to SafeGraph?

6. Does SafeGraph continue to receive and sell data collected from applications in Google's Play Store despite its reported ban? If so, how has SafeGraph circumvented Google's ban?

7. For how long was the location data of people who visited "Family Planning Centers" available through SafeGraph?

8. Is the location data of people who visited "Family Planning Centers" or other locations where people may have sought or obtained abortions available from your company outside of SafeGraph's self-serve store?

9. What procedures did SafeGraph have in place to screen the individuals, organizations, or governments who purchased the location data of people who visited "Family Planning Centers" to prevent the data's misuse?

10. How is SafeGraph supporting the people whose location data has already been sold by your company to countless customers?

11. Precisely what data is encompassed by SafeGraph's new commitment to no longer sell the data of individuals who visited "Family Planning Centers"?

12. Is there any other data involving locations where people may have sought or obtained abortions that will still be sold by SafeGraph? If so, what data will be sold?

13. Will SafeGraph commit to a permanent ban on the sale of the location data of people who visited "Family Planning Centers" and any other sensitive locations?

Thank you for your attention to this important matter.


Source
arrow_upward