Every subscriber of digital services and smartphones which access personal information should be aware that their actions are no longer “private” — even despite the best efforts and intentions of service providers.
That is the opinion of Brett Robinson, director of communications and Catholic media studies at the McGrath Institute for Church Life at the University of Notre Dame.
He talked with Catholic News Service in light of reports of the global Pegasus spyware cellphone scandal targeting human rights activists, journalists and state officials, as well as the resignation July 20 of the general secretary of the U.S. Conference of Catholic Bishops.
Msgr. Jeffrey D. Burrill resigned his post after the USCCB was contacted by The Pillar, an online outlet that covers the Catholic Church and provides news and analysis, regarding evidence the news outlet claimed to have “of a pattern of sexual misconduct” on the priest’s part.
In a lengthy news story posted midday July 20, The Pillar said it had gleaned information on alleged adult sexual misconduct from his cellphone usage and location tracking.
“What was shared with us did not include allegations of misconduct with minors. However, in order to avoid becoming a distraction to the operations and ongoing work of the conference, Monsignor has resigned,” Archbishop José H. Gomez of Los Angeles, USCCB president, said in a statement.
“The conference takes all allegations of misconduct seriously and will pursue all appropriate steps to address them,” the archbishop said.
In the case of the Israeli-based surveillance company NSO Group and its Pegasus spyware product, the surveillance tool apparently licensed only to governments was used to infiltrate mobile phones belonging to thousands of phones around the world and owned by journalists, activists, politicians, public health experts, business executives and diplomats.
An investigation into Pegasus by a global media consortium including The Washington Post recently reported that the Pegasus tool can infect cellphones in order to retrieve emails, phone call records, social media posts, user passwords, contact information, pictures, videos, sound recordings and browsing histories.
All of this can allegedly happen without a user even touching the phone or knowing that he or she has received a hostile message from the sender.
While the product was intended for government security agencies to thwart terrorism, it may have been widely used for private and political purposes, raising deep ethical questions about illegal or even legal means of invasive information gathering.
“Personally, I do not own a smartphone for this reason,” Robinson told CNS.
“The only way to ensure privacy in these matters is to refrain from volunteering one’s information in exchange for a digital service, whether it’s a grocery delivery app, a banking app or a … dating app,” he said.
Robinson oversees outreach efforts for the institute while conducting research at the intersection of religion, technology and culture.
He also is the author of “Appletopia: Media Technology and the Religious Imagination of Steve Jobs,” and has taught media studies courses at Duquesne University, the University of Georgia, St. Vincent College and Notre Dame. He cited the example of China’s growing state spycraft being used on its own citizens.
“You can see the ways in which surveillance data becomes a way of life for citizens as it determines their fitness for employment and access to public services,” Robinson said.
“This model is becoming increasingly commonplace in other countries as well and it would be naive for anyone, especially priests, to assume that their digital profile is off limits to third parties — this is made clear in the terms and conditions of many digital service providers,’“ he noted.
“It is assumed that third-party access is limited to advertisers but this would be a naive assumption,” Robinson added, noting that California and Virginia state legislation is being modeled to mirror the more stringent privacy laws in Europe, with its General Data Protection Regulation, or GDPR.
Now would be the time for regulators to act on protecting user data and limiting the reach of technology providers, he said, but it is harder to do on a federal level because it would require lawmakers to take up a tenuous political position that would alienate large technology firms who provide a lot of material support to politicians and government agencies.
“The amount of user data harvested by large technology firms puts them in the position of becoming a quasi-government that works in conjunction with the administrative state. Perhaps more radical solutions are required, similar to the one proposed by internet pioneer Tim Berners-Lee, who has advocated for allowing users to own their own data,” Robinson said.
In the case of Msgr. Burrill, it is believed his whereabouts and cellphone application usage were tracked by third-party, commercially available data analysis service that pinpoints the whereabouts of your cellphone service.
It is a legal but not well-known service that The New York Times detailed in a 2019 investigative report which accurately traced the movements of a cellphone associated with then-President Donald Trump in Florida and elsewhere to illustrate capabilities of such services.
The Pillar, co-founded by JD Flynn and Ed Condon, claimed it had “found evidence the priest engaged in serial sexual misconduct, while he held a critical oversight role in the Catholic Church’s response to the recent spate of sexual abuse and misconduct scandals.”
“An analysis of app data signals correlated to Burrill’s mobile device shows the priest also visited gay bars and private residences while using a location-based hookup app in numerous cities from 2018 to 2020, even while traveling on assignment for the U.S. bishops’ conference,” it reported.
Commercially available app signal data, The Pillar said, “does not identify the names of app users, but instead correlates a unique numerical identifier to each mobile device using particular apps.”
“Signal data, collected by apps after users consent to data collection, is aggregated and sold by data vendors. It can be analyzed to provide timestamped location data and usage information for each numbered device,” it added.
Steven P. Millies, associate professor of public theology and director of the Bernardin Center at Catholic Theological Union in Chicago, wrote a scathing essay critical of The Pillar’s report on Msgr. Burrill, writing that whatever else can be said of their practice of Catholicism, The Pillar’s investigators also paid little heed to the canons of ethics for journalists.
“How did they get their story? The Society for Professional Journalists’ Code of Ethics encourages journalists to ‘avoid using undercover or other surreptitious methods of gathering information’ and admonishes that ‘pursuit of the news is not a license for … undue intrusiveness,’“ Millies wrote.
“I am not sure what the investigators at The Pillar believe. I feel comfortably sure that before they embarked on their ‘investigation,’ they must not have thought about the Code of Canon Law, which states, ‘No one is permitted to harm illegitimately the good reputation which a person possesses nor to injure the right of any person to protect his or her own privacy.’“
Daniella Zsupan-Jerome, director of ministerial formation at St. John’s University School of Theology and Seminary in Collegeville, Minn., said more and more surveillance and tracking technology will not produce righteous men fit for ministry, but instead will contribute to a culture of suspicion and a perpetuate the lack of trust in the Catholic Church.
“Why not invest instead in formation processes that insist on a culture of honesty, transparency and integrity of character?” she told CNS, adding that if and when religious leaders are found to have moral failings, there is a need to create space for conversation among the faithful.
“Sadly, many of us have had the experience of finding out scandalous information about a priest or pastoral leader. This is a shocking experience, often coupled with a sense of betrayal, sadness, grief, anger, disgust and even despair,” she said.
“Communities experiencing this need spaces for turning together for conversation, honest sharing, and gathering to lament and grieve the loss of trust that occurred.”
Apart from the case of a priest allegedly failing his priestly vows, should ordinary citizens who wish a modicum of privacy accept the fact that it is now impossible or just give up their smartphones for simpler technology? Should they expect better privacy reforms from lawmakers?
“If one desires the convenience and access that smartphones allow then some level of invasion of privacy may be tolerable,” Notre Dame’s Robinson said. Consumers have been conditioned to “rate” everything from hotels to restaurants to products on Amazon, he noted.
The idea that this rating system also applies to human beings may not seem so foreign to many people anymore, he noted, adding that more broadly society is witnessing the cultural spasms that come with any seismic shift in the media environment.
Reading books was a private experience, but with the advent of radio, TV and film the idea that our privacy could be compromised by being watched or heard electronically became more commonplace, he said.
And reality TV showed that being watched could be a form of pleasurable entertainment.
“The internet amplified that reality and now there are millions who willingly broadcast their most intimate moments to an invisible audience. The fact that it has become lucrative means that it’s not going away anytime soon. The internet is ‘weaponized television,’ so there will be collateral damage,” Robinson said.