This is a breaking news story. Please check back for updates as more information becomes available.
The US Center for Disease Control and Prevention (CDC) purchased access to a vast trove of data collected from the phones of millions of Americans, to monitor overall compliance with COVID-19 lockdown orders throughout the country.
VICE first reported on the CDC’s actions after obtaining internal agency documents through a freedom of information act (FOIA) request. The CDC documents state the database is “derived from at least 20 million active cellphone users per day across the United States” to provide a geographically representative sample to study lockdown compliance.
According to VICE, the documents specifically show the CDC used the data to monitor curfew compliance. A 2021 document states the data “has been critical for ongoing response efforts, such as hourly monitoring of activity in curfew zones or detailed counts of visits to participating pharmacies for vaccine monitoring.”
The CDC reportedly purchased the commercially available data from a company called SafeGraph. The company gave the CDC access to one year of data for $420,000.
In a document describing its data procurement plan, the CDC said “This is an URGENT COVID-19 PR [procurement request].”
The agency further called for data to monitor people visiting K-12 schools, pharmacies and grocery stores. Another portion of the procurement request states that the agency plans to “Research points of interest for physical activity and chronic disease prevention such as visits to parks, gyms, or weight management businesses.”
The procurement document also describes monitoring the correlations between rises in COVID cases and mass gatherings, public transit, and popular travel destinations. The data would also study changes in COVID cases correlating with changing lockdown measures.
While the CDC described its initial request for phone data as a means of tracking lockdown compliance, the agency could use this type of data for expanded purposes in the future.
“The CDC seems to have purposefully created an open-ended list of use cases, which included monitoring curfews, neighbor to neighbor visits, visits to churches, schools and pharmacies,” cybersecurity researcher Zach Edwards told VICE. “And also a variety of analysis with this data specifically focused on ‘violence.’”