As the debate over abortion rights in the United States reaches a flash point once again, a firm has been discovered selling data on those who have visited abortion clinics.
Motherboard discovered that SafeGraph, a company that sells data for all kinds of uses — demographic analysis, advertising, real estate, and more – is selling packs of data showing where groups of visitors came from, how long they stayed around facilities including Planned Parenthood clinics, as well as where they went after the ordeal.
The report also says the company is able to estimate where the tracked individuals live, down to the census block level, by analyzing the location where a mobile device spent the night.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Selling data
Motherboard bought some of the data to verify its authenticity, and says data on more than 600 Planned Parenthood locations in the US, for mid-April, was bought for just over $160.
SafeGraph works by selling its software development kits (SDK) to developers, which then push them into various mobile apps, such as prayer apps, weather apps, QR codes, and more. App users are often oblivious to the fact that a third party is gathering and selling this data.
These apps then gather user data, including location data. SafeGraph is then able to sell it to third parties and, according to Motherboard, various U.S. military contractors were among the buyers, in the past.
SafeGraph, however, does not sell data on individual users, or illegal data, per se (such as, for example, passwords), but rather aggregates data, and focuses on the movement of groups. However, Vice says that with some sections of data containing a “very small number of devices per record”, the risk of deanonymization is very real.
Some locations have had “just four, or five devices, visiting”, the report says. And with further filtering, by mobile OS, possible, identifying individuals becomes a real threat.
SafeGraph was banned from the Google Play Store last June.
“It’s bonkers dangerous to have abortion clinics and then let someone buy the census tracks where people are coming from to visit that abortion clinic,” cybersecurity researcher Zach Edwards told Motherboard after reviewing the data. “This is how you dox someone traveling across state lines for abortions—how you dox clinics providing this service.”