The Federal Trade Commission (FTC) has initiated actions against two American data brokers that have allegedly engaged in the illegal trafficking of sensitive location data of U.S. citizens. The FTC claims this data was utilized to monitor individuals in sensitive locations, including churches, military installations, and healthcare facilities. The information has reportedly been marketed not only for advertising purposes but also for political initiatives and government applications, notably in the realm of immigration enforcement.
Mobilewalla, a data broker based in Georgia, faces accusations of improperly tracking individuals residing in domestic abuse shelters and intentionally surveilling protesters following the murder of George Floyd in 2020. The FTC’s court filings indicate that Mobilewalla attempted to uncover the racial identities of these protesters by following their mobile devices to locations such as Hindu temples and Black churches.
Additionally, the FTC has accused Gravy Analytics and its subsidiary Venntel of gathering and misusing consumer location data without obtaining consent. These companies stand accused of drawing unfair conclusions regarding individuals’ health choices and religious affiliations based on the location data they collected.
The FTC asserts that Gravy Analytics harvested over 17 billion location signals from around a billion mobile devices each day. This vast dataset has been reportedly sold to federal law enforcement entities, including the Department of Homeland Security and the Federal Bureau of Investigation. Such practices raise significant concerns about privacy and the ethical use of location data.
In response to the allegations, a spokesperson for Mobilewalla emphasized that the company is continuously refining its privacy policies. They expressed disagreement with many of the FTC’s claims but indicated that a resolution would enable them to deliver valuable insights to businesses while respecting consumer privacy.
The FTC further indicated that the data amassed by these companies can be utilized to categorize consumers by their religious beliefs. This capability arises from the detailed insights that location data provides regarding where individuals live, work, and worship, thereby revealing their social connections and routines.
Under two proposed settlements that await court approval, both Gravy Analytics and Mobilewalla would be prohibited from acquiring sensitive location data from consumers. They are also required to delete existing historical data collected on millions of Americans. Moreover, Mobilewalla would face restrictions on obtaining location data through real-time bidding exchanges, a common marketplace for advertisers seeking to deliver targeted ad content.
This case represents a pivotal moment as the FTC takes steps to regulate data collection practices directly from advertising exchanges—a significant move in enhancing cybersecurity and consumer privacy protections. The tactics executed by these businesses could relate to MITRE ATT&CK Framework categories such as data collection and credential dumping; illustrating how adversary tactics can manifest in commercial data practices, albeit in a less hostile context yet still deeply connected to significant privacy vulnerabilities.
The implications of these settlements underscore the increasing scrutiny on the data broker industry and highlight the vital necessity for businesses to engage in ethical data practices, ensuring they respect consumer rights and comply with legal standards surrounding data security and usage.
