Photo by Yura Fresh on Unsplash

A Catholic publication that outed a high-ranking Catholic priest as gay and a regular user of the app Grindr and led to his resignation as the secretary general of the U.S. Conference of Catholic Bishops has not revealed where it obtained the data used in its report. But some experts say the level of detail included in the story suggests that whoever provided the information has access to large datasets and methods of analysis that could have cost hundreds of thousands of dollars—or more.

“When I first heard that this was happening, my mouth hit the floor,” Zach Edwards, the founder of the boutique analytics firm Victory Medium, told America. A data expert, Mr. Edwards previously helped a Norwegian consumer rights group bring a complaint against Grindr in 2020 that alleged that the gay hookup app violated European privacy laws by leaking users’ personal data. The company was eventually fined more than $11 million earlier this year by the Norwegian Data Protection Authority.

Mr. Edwards described the level of detail revealed in the data points included in The Pillar article as “alarming.”

Zach Edwards  the founder of the boutique analytics firm Victory Medium, described the level of detail revealed in the data points included in The Pillar article as “alarming.”

The Pillar has not said where it obtained the data about Msgr. Jeffrey Burrill, who resigned shortly before the story about his use of the app was published. The editors of The Pillar, J. D Flynn and Ed Condon, did not reply to an email from America asking who provided the data. Mr. Edwards said that acquiring data that appears to have been collected over at least three years could be costly and may have required a team of researchers to sort through it to identify specific individuals tied to the data. He estimated that the “database and deanonymization efforts” used to obtain details about Monsignor Burrill could have “run into the hundreds of thousands if not millions of dollars.”

The article in The Pillar contained allegations that a phone associated with Monsignor Burrill regularly logged onto Grindr, a dating app used by gay men, during periods of several months in 2018, 2019 and 2020 from his home and office in Washington, D.C., as well as from a family lake house in Wisconsin and from other cities, including Las Vegas.

“The inclusion of [Monsignor Burrill’s vacation destinations] speaks to a level of tracking obsession,” Mr. Edwards said. “Every Catholic should hope that’s the case because that is the only scenario that’s not a dystopian nightmare.”

It is possible, he said, that a person or organization held a grudge against Monsignor Burrill and tracked only his data. But he worries that the data appears to have been shopped around since 2018 and that whoever has access to it now probably has more information to release.

Mr. Edwards estimated that the “database and deanonymization efforts” used to obtain details about Monsignor Burrill could have “run into the hundreds of thousands if not millions of dollars.”

“It either is a larger organization tracking multiple priests and we have more shoes that are going to be dropping” or it was focused only on Monsignor Burrill, he said. He can imagine a situation in which the data could be used to blackmail or extort church leaders.

The specificity of geography included in The Pillar story suggests that whoever provided the information to the publication had access to an unusually comprehensive dataset that would have gone beyond what is normally available to advertising firms.

“That’s a really expensive, dangerous data sale,” he said.

Large, “deidentified” data sets like this—information that does not contain names or phone numbers—are often sold in aggregate for advertising purposes or even to track mass travel during epidemics. The data used as the basis for The Pillar story appears to have tracked Monsignor Burill through a process known as re-identification, which some experts said may have violated contracts from third-party vendors, who routinely prohibit the practice.

Yves-Alexandre de Montjoye, an applied mathematics professor at Imperial College, London, who has studied the ease with which individuals can be identified through supposedly pseudonymized data, told America the report in The Pillar was “quite vague on the technical details.”

But he said that, in general, a researcher or team of analysts can identify an individual with access to just a few data points. He gave as an example a fictional person living in Boston: That person’s mobile device may send a signal from an M.I.T. classroom in the morning, from a Harvard Square cafe in the afternoon, then in the evening from a bar in the Back Bay followed by a signal from a home in South Boston.

The specificity of geography included in The Pillar story suggests that whoever provided the information to the publication had access to an unusually comprehensive dataset that would have gone beyond what is normally available to advertising firms.

“A few of these places and times are going to be sufficient” to match other information a researcher might know about an individual that taken together makes it possible to identify the user of the mobile device, Mr. Montjoye said. That other information could include real estate records, social media posts or even published agendas. Even in large cities with millions of people, it is not difficult to use just a few data points to identify an individual as “very few people will be at the same places at roughly the same time as you.”

The co-founders of The Pillar defended their story against criticism that called the story journalistically unethical, saying in a statement that they “discovered an obvious correlation between hookup app usage and a high-ranking public figure who was responsible in a direct way for the development and oversight of policies addressing clerical accountability with regard to the Church’s approach to sexual morality.”

Daniella Zsupan-Jerome, the director of ministerial formation at St. John’s University School of Theology and Seminary in Collegeville, Minn., said more and more surveillance and tracking technology will not produce righteous men fit for ministry. Instead, she said, it will contribute to a culture of suspicion and perpetuate the lack of trust in the Catholic Church.

“Why not invest instead in formation processes that insist on a culture of honesty, transparency and integrity of character?” she said, adding that if and when religious leaders are found to have moral failings, there is a need to create space for conversation among the faithful. “Sadly, many of us have had the experience of finding out scandalous information about a priest or pastoral leader. This is a shocking experience, often coupled with a sense of betrayal, sadness, grief, anger, disgust and even despair,” she said.

“Communities experiencing this need spaces for turning together for conversation, honest sharing, and gathering to lament and grieve the loss of trust that occurred.”

Hours before The Pillar published its report, the Catholic News Agency published a story stating that the organization had been approached by a person in 2018 who “claimed to have access to technology capable of identifying clergy and others who download popular ‘hook-up’ apps, such as Grindr and Tinder, and to pinpoint their locations using the internet addresses of their computers or mobile devices.” The story said that C.N.A. declined to accept information from this person.

In a statement, Grindr called The Pillar’s report an “unethical, homophobic witch hunt” and said it does “not believe” it was the source of the data used. The company said it has policies and systems in place to protect personal data, although it didn’t say when those were implemented.

Mr. Edwards, who has been critical of Grindr’s privacy protections, said, “This is about the worst thing that could ever possibly happen to their business.”

Mr. Edwards, who has been critical of Grindr’s privacy protections, said, “This is about the worst thing that could ever possibly happen to their business.”

There may not be many legal avenues to protect individuals like Monsignor Burrill.

“Cases like this are only going to multiply,” said Alvaro Bedoya, the director of the Center for Privacy and Technology at Georgetown Law School.

Privacy activists have long agitated for laws that would prevent such abuses, although in the United States they exist in only a few states and then in varying forms. Mr. Bedoya said the resignation of Monsignor Burrill should drive home the danger of this situation and should finally spur Congress and the Federal Trade Commission to act.

U.S. Senator Ron Wyden, Democrat of Oregon, said the incident confirms yet again the dishonesty of an industry that falsely claims to safeguard the privacy of phone users.

“Experts have warned for years that data collected by advertising companies from Americans’ phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right,” he said in a statement. “Data brokers and advertising companies have lied to the public, assuring them that the information they collected was anonymous. As this awful episode demonstrates, those claims were bogus—individuals can be tracked and identified.”

Shira Ovide, the author of a technology newsletter at The New York Times, wrote that Monsignor Burrill’s outing and resignation “shows the tangible consequences of practices by America’s vast and largely unregulated data-harvesting industries.”

“We derive benefits from this location-harvesting system, including from real-time traffic apps and nearby stores that send us coupons,” Ms. Ovide wrote. “But we shouldn’t have to accept in return the perpetual and increasingly invasive surveillance of our movements.”

Mr. Edwards said that the buying and selling of data is largely unregulated and that “shady” practices are common. But such sales usually do not generate headlines.

“Due to how sophisticated data brokers are, and how big this story has become, I have pretty strong confidence that whoever sold it is now aware of the story,” he added. “And so they either are immediately trying to clear their name or destroy hard drives.”

Material from the Associated Press and Catholic News Service was used in this report.

More from America

The latest from america

 Father Paul Hill (Hamish Linklater) as Father Paul Hill in ‘Midnight Mass’ (photo: IMDB)
“Midnight Mass” feels like a throwback to the world that received “The Exorcist” in 1973.
Nick Ripatrazone September 27, 2021
A young woman takes part in a rally in Toronto June 6, 2021, after the remains of 215 children were on the grounds of the Kamloops Indian Residential School in May. For years Indigenous people in Canada have wanted an apology from the pope for the church's role in abuse at Catholic-run residential schools. (CNS photo/Chris Helgren, Reuters)
The discoveries of unmarked burials have left many wondering what motivated Catholics to participate in a colonial system that would be responsible for the loss and violation of thousands of Indigenous children.
Dean DettloffSeptember 27, 2021
Cardinal Raymond Burke, a vaccine skeptic who was placed on a ventilator after contracting Covid-19, has left the hospital but is still struggling to recover from the disease.
The bishops’ apology is the latest expression of remorse from the Canadian arms of the Catholic Church but still falls short of the Truth and Reconciliation Commission’s call for the pope himself to apologize in Canada.
The Associated PressSeptember 27, 2021