Commercially available location data has outed Planned Parenthood visitors and gay priests — and a newly published research paper shows that federal investigations are at risk of being tracked without their knowledge as well. Researchers have now shown they can buy phone location data and use it to trace the movements of Securities and Exchange Commission employees. In a paper titled “Watching the Watchdogs: Tracking SEC Inquiries Using Geolocation Data,” the researchers — from universities in St. Louis, New Hampshire and Kentucky — detailed how they used the data to track regulators visiting companies, and how those visits affected financial markets. Initial reporting on the study focused on the financial insights gleaned from this data, linking visits from the SEC to insiders selling stock before investigations became public knowledge. The majority of the visits were to companies that were not publicly under investigation. Experts say the concern raised by the study is far broader. “Tracking SEC officials as they carry out their duties is creepy enough. Imagine someone did the same thing to FTC regulators, Justice Department officials, or military service members,” said Justin Sherman, a researcher who studies data brokers at Duke University. “Data brokers selling this kind of geolocation data violate federal workers' privacy, potentially reveal confidential or highly sensitive information, and even potentially impact agency missions.” The data was all legal and anonymized, and the researchers stress that they didn’t know what individuals they were looking at. Even so, their work highlights a key concern about the location data industry: That this information can be collected, sold and used to identify sensitive details about people’s lives — including a strong guess about what their jobs are. Criminals have used personal information purchased from data brokers to threaten law enforcement officials. Location data tracking government regulators pose similar risks, Sen. Ron Wyden, (D-Ore.), said. The senator, a known privacy hawk on Capitol Hill, has frequently raised concerns about the data broker industry and the threats that location data poses for national security. “If anyone with a credit card can track federal investigators from the office, to their homes, to the companies they are investigating, data brokers are threatening our country's ability to police corporate malfeasance and fraud,” he said in a statement to POLITICO. “It is likely that this technique would work against other government agencies too, and could be used to identify undercover investigators.” How they did it: The researchers purchased phone location data for the top 26 major metropolitan areas in the U.S., for a time period between January 2019 and February 2020. They then narrowed down the dataset for devices that were at SEC offices between the hours of 7 a.m. and 7 p.m., and were marked at those locations for at least 20 hours a month. The data that met those requirements were flagged as SEC-associated devices. The researchers then tracked those devices as they visited corporate offices around the U.S. during that time period. The research paper looked at the market effects of SEC visits, noting the “importance of watching the watchdogs.” Like many federal agencies, the SEC’s investigations are often unpublicized, and the use of location data to track its workers’ visits to companies could jeopardize the confidentiality behind these investigations. The SEC declined to comment on the study. The researchers told POLITICO they did not consider repeating this study for other federal agencies like the FTC, and didn’t comment on the concerns about how this tracking could affect regulators carrying out investigations. Will Gerken, a professor of finance at the University of Kentucky and one of four researchers credited on the paper, said “privacy considerations were paramount” throughout the project. He declined to disclose what data broker provided the location data, or how much they paid for the information. There are no laws in the U.S. restricting the sale of location data, though the industry has attempted to self-regulate through limiting sales of information about sensitive locations like places of worship and reproductive health facilities. Lawmakers in Massachusetts have proposed outlawing location data sales entirely, while Congress passed a law earlier this year banning data brokers from selling Americans’ sensitive information to foreign adversaries. In New Jersey, lawmakers passed legislation that allowed law enforcement officials to request companies stop sharing their sensitive information, citing public safety concerns. Gerken added that while there is a broader debate on selling location data, the information can have public benefits, too, like better understanding the SEC’s practices. “Our research demonstrates some of the valuable insights that can be gleaned from this type of data when used responsibly. However, we also recognize the need for strong privacy protections,” he said. |