Investigation Finds Google Subsidiary Set to Sell Harvested Data of Millions

Following the discovery of Facebook’s Project Atlas, the deceptive VPN software used to spy on users’ internet trends for a small compensation fee, journalists for both TechCrunch and The Intercept have revealed the world’s most powerful search engine and their parent company Alphabet have a few similar secrets of their own. 

The economy of Google, like any big tech company, thrives on attention and intel as the pillars of maintaining power. “We lived on farms, then we lived in cities, and now we’re going to live on the internet,” once screamed Sean Parker, the fictionalized coked-out tech visionary of David Fincher’s film The Social Network (2010). This is especially true of Google — both the home of two billion active monthly users and the inter-connective pipes of the online infrastructure (whether it’s through the vast market of apps, maps or storage which integrate their services) — where it’s safe to say the world truly lives within their online domain. 

“Most data collected by urban planners is messy, complex, and difficult to represent,” wrote journalist Ava Kofman. “It looks nothing like the smooth graphs and clean charts of city life in urban simulator games like ‘SimCity’. A new initiative from Sidewalk Labs, the city-building subsidiary of Google’s parent company Alphabet, has set out to change that.” 

The program she’s referring to is Replica, a pet project of the Google subsidiary which just so happens to be the key to deducing the data patterns of an entire city to the point that it can narrow results down to the individual themselves. 

“Like SimCity,” Kofman continues, “Replica’s ‘user-friendly’ tool deploys statistical simulations to give a comprehensive view of how, when, and where people travel in urban areas. It’s an appealing prospect for planners making critical decisions about transportation and land use. In recent months, transportation authorities in Kansas City, Portland, and the Chicago area have signed up to glean its insights.”

“The only catch: They’re not completely sure where the data is coming from… [since] the program gathers and de-identifies the location of cellphone users, which it obtains from unspecified third-party vendors,” at least according to Nick Bowden of Sidewalk Labs. “If Sidewalk Labs has access to people’s unique paths of movement prior to making its synthetic models,” she continues, “wouldn’t it be possible to figure out who they are, based on where they go to sleep or work?”

This skepticism isn’t unmerited since Google themselves have played the brazen privacy perverts before. Tech journalists Zack Whittaker, Josh Constine and Ingrid Lunden were responsible for an investigation into the obscure Screenwise Meter, another VPN surveillance app which is eerily similar to the recent Project Atlas that was banned from Apple’s app store recently. Google abused their Enterprise Certificate to have their users — which includes anyone upwards of 13 — to enter a special registration code which would eventually route every single piece of data to the company through this rat-hole intentionally disassociating themselves from the Google brand. The app has reportedly been running since 2012.

Is it unreasonable to question whether Google’s underlings will respect the privacy of millions whose cellphones the monopoly could utilize for higher ad revenue? “The privacy concerns are pretty extreme,” said Ben Green, an urban technology expert and author of “The Smart Enough City,” who wrote an emailed statement to The Intercept. “Mobile phone location data is extremely sensitive.” Which is exactly why Google loves it — and has exploited it before. 

Kofman then cites another investigation from The Associated Press which reveals “Google’s apps and website track people even after they have disabled the location history on their phones” through collecting the address of nearby cellphone towers and measuring the frequency from there. It’s unclear whether Sidewalk Labs has truly gone through the process of ensuring privacy protections — or whether anything can be done.

Kofman also cites Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic, who warned about the ease of the re-identification process for big tech institutions. “We see a lot of companies erring on the side of collecting [data] and doing coarse de-identifications, even though, more than any other type of data, location data has been shown to be highly re-identifiable,” he stated. “It’s obvious what home people leave and return to every night, what office they stop at every day from 9 to 5 p.m,” and what nearby stores Google can target ads towards — which can be extracted from the findings of Nature’s academic study on data collection.

It’s unclear the extent of this information-for-cash racket. Kofman cites a report from The New York Times which revealed third-party companies, such as those similarly associated with Sidewalk Labs, harvest location information from smartphones without the consent of the consumer. Behind the scenes, this stolen data can be purchased by a big tech company or any business seeking to gather intel on market strategies.

This can even be sold to individuals, as demonstrated by another investigation from VICE where cell companies sell user locations to bounty hunters and potential stalkers seeking intel on specific individuals. What’s to stop these companies from selling to government agencies? 

Immigration and Customs Enforcement (ICE), as we’ve reported in the past, have often been suspected of conducting parallel constructions — a process where illegally obtained evidence is justified by the creation of a false narrative as to how it was acquired. “We need to do a better job in ensuring the type of express consent commensurate with the sensitivity of data is actually being enforced when data is collected,” Israel continued, expressing the need for policy reform. “The explanations people see when prompted to give permission are often incomplete or misleading.”

The Replica problem needs addressing before Sidewalk Labs goes through with their controversial development of Quayside, a “smart city of surveillance” on the southern edge of Toronto’s downtown, which was originally going to act as the living experiment for Replica to gather information on the actual citizenry. Since this article, an anonymous Sidewalk Labs spokesperson told The Intercept that “there are no plans to bring Replica to Toronto” as of this time. 

“Replica is a perfect example of surveillance capitalism, profiting from information collected from and about us as we use the products that have become a part of our lives,” said Brenda McPhail, director of the Canadian Civil Liberties Association’s Privacy, Technology, and Surveillance Project. “We need to start asking, as a society, if we are going to continue to allow business models that are built around exploiting our information without meaningful consent.”

Related News