So much for claims that data is effectively "anonymized"
The top administrator of the U.S. Conference of Catholic Bishops resigned after a Catholic media site told the conference it had access to cellphone data that appeared to show he was a regular user of Grindr, the queer dating app, and frequented gay bars.
Monsignor Jeffrey Burrill, seen in 2018, resigned July 20 as the general secretary of the U.S. Conference of Catholic Bishops amid “impending media reports alleging possible improper behavior.” (Bob Roller/Catholic News Service)
Some privacy experts said that they couldn’t recall other instances of phone data being de-anonymized and reported publicly, but that it’s not illegal and will likely happen more as people come to understand what data is available about others.
Monsignor Jeffrey Burrill has since last fall been the general secretary of the USCCB, a position that coordinates all administrative work and planning for the conference, which is the country’s network for Catholic bishops. As a priest, he takes a vow of celibacy. Catholic teaching opposes sexual activity outside heterosexual marriage.
Burrill was not immediately available for comment Tuesday.
The National Catholic Reporter was the first to report Tuesday morning that Burrill had resigned, citing a memo from Archbishop José Gomez, the USCCB president, to other bishops. The Tuesday memo said it was “with sadness” that Gomez announced Burrill’s resignation, saying the day before, the USCCB staff learned of “impending media reports alleging possible improper behavior.”
Burrill is a priest from the La Crosse, Wis., diocese and was a parish priest and a professor before joining the administrative staff of the USCCB in 2016. Some USCCB staff and former staff said they were reeling and shocked.
Takeaways from the Pegasus Project
USCCB spokeswoman Chieko Noguchi told The Washington Post on Tuesday afternoon it was Burrill’s decision to resign, and came after allegations of his “improper behavior” were brought to the USCCB by the Pillar, a Catholic news site.
“However, to avoid becoming a distraction to the operations and ongoing work of the Conference, Monsignor has resigned effective immediately,” read the statement from Gomez. “The Conference takes all allegations of misconduct seriously and will pursue all appropriate steps to address them.”
It wasn’t clear who had collected the information about Burrill. USCCB spokespeople declined to answer questions Tuesday about what it knew about the information-gathering and what its leadership feels about it, except to say the USCCB wasn’t involved. They also declined to comment on whether they knew if Burrill’s alleged actions were tracked on a private or church-owned phone.
The resignation stemmed from reporting in the Pillar, an online newsletter that reports on the Catholic Church. Tuesday afternoon, after Burrill’s resignation became public, the Pillar reported that it had obtained information based on the data Grindr collects from its users, and hired an independent firm to authenticate it.
“A mobile device correlated to Burrill emitted app data signals from the location-based hookup app Grindr on a near-daily basis during parts of 2018, 2019, and 2020 — at both his USCCB office and his USCCB-owned residence, as well as during USCCB meetings and events in other cities,” the Pillar reported.
“The data obtained and analyzed by The Pillar conveys mobile app date signals during two 26-week periods, the first in 2018 and the second in 2019 and 2020. The data was obtained from a data vendor and authenticated by an independent data consulting firm contracted by The Pillar,” the site reported. It did not identify who the vendor was or if the site bought the information or got it from a third party.
The Pillar story says app data “correlated” to Burrill’s phone shows the priest visited gay bars, including while traveling for the USCCB.
Pope Francis renews restrictions on old Latin Mass, reversing Benedict XVI
A spokeswoman for Grindr described the Pillar’s story as “homophobic” and denied that the data described in it could be publicly accessed.
“The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur,” she said late Tuesday in a statement. “There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported.”
Privacy experts have long raised concerns about “anonymized” data collected by apps and sold to or shared with aggregators and marketing companies. While the information is typically stripped of obviously identifying fields, like a user’s name or phone number, it can contain everything from age and gender to a device ID. It’s possible for experts to de-anonymize some of this data and connect it to real people.
No federal laws prohibit buying this data, said Jennifer King, a privacy and data policy fellow at the Stanford University Institute for Human-Centered Artificial Intelligence. While some state laws may regulate the use of this kind of information, she said those tend to focus on stalking scenarios. King said the publication of location data from Burrill’s phone serves as a reminder that anyone with a cellphone whose location data is turned on is not truly anonymous.
Patrick Jackson, chief technology officer of the privacy-protection firm Disconnect, said he was unaware of other instances of phone data being de-anonymized and reported publicly but expects it to happen more frequently.
“It unleashes this chain that a user cannot stop because they don’t even know that it was collected in the first place and they have no idea where this data actually lives,” Jackson said. “But it’s out there, and it’s for sale.”
On Monday, the Catholic News Agency — the previous employer of Pillar journalists — published an unsourced story raising issues within the church about privacy and people allegedly tracking members of the clergy to catch those who use hookup apps such as Grindr. The story said “a person concerned with reforming the Catholic clergy approached some Church individuals and organizations” including CNA starting in 2018.
The report comes the same week as The Post and other organizations reported that military-grade spyware normally leased to governments for tracking terrorists and criminals was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and others, revealing new concerns and issues around technology and privacy and democracy.
I have never felt the need for a smart phone. I recognize the benefits, just don't need one. That said, my first thought after reading the article was, shit happens .
I felt as you and had my late partners old cell and was on a simple pay for minutes plan. I did not get coverage at my house. The phone was good for checking weather and solitaire. It quite so I looked into getting it fixed. Nope, too old but was talked into getting a newer model which did allow use in the house. It's a new and weird experience and don't know some of the finer details but it is still a limited talk and text (+ a few other built-ins). Don't ask how much it cost. In the end if I get the local fiber optics and with this phone I could save a lot on the Century Link bill which will make it worth it.