Early Monday morning, the executive director of the conservative news service Catholic News Agency published a warning to the Catholic world: an unknown Catholic group was about to use mobile app data to expose a member of the clergy who was having gay sex.
He knew this in part, he wrote, because back in 2018, someone “concerned with reforming the Catholic clergy” approached him and other Catholic groups, media organizations, and people to offer the tools to do the same. “This party claimed to have access to technology capable of identifying clergy and others who download popular ‘hook-up’ apps, such as Grindr and Tinder, and to pinpoint their locations using the internet addresses of their computers or mobile devices,” the journalist, Alejandro Bermudez, wrote.
Then, on Tuesday afternoon, The Pillar—a new Catholic news site founded by former Catholic News Agency journalists—dropped its report. In it, the site reported that Monsignor Jeffrey Burrill, the general secretary of the U.S. bishops’ conference, visited gay bars and used Grindr “on a near-daily basis” in the last several years. Their investigation was based on “an analysis of app data signals correlated to Burrill’s mobile device,” using “commercially available records of app signal data.” Burrill had resigned from his position by the time Pillar published their piece.
The fallout exploded beyond typical Catholic infighting. Many progressive Catholics cried out against the outing of a gay priest and of the public airing of a single man’s private struggles with celibacy. Others began to argue, again, about the place of gay men in the priesthood, and about the journalistic ethics of publishing the information. But the most immediate reaction was one of deep discomfort over the way Pillar had found out about Burrill’s actions in the first place. It was unsettling to watch someone publicly go after a single individual—and track their movements—based on their private app use.
According to one privacy engineer who has worked on issues related to location data, Pillar (or the group that had offered CNA the data back in 2018) probably purchased a data set from a data broker, which in turn had likely purchased the data from a third-party ad network that Grindr uses. Grindr itself would not have been the source of the data, but the ad network would have been given full access to the users’ information as long as they agreed to Grindr’s terms of services. (In 2018, Grindr, which uses highly granular location information, was found to have shared users’ anonymized locations, race, sexual preferences, and even HIV status with third-party analytic firms. This year, Norway fined Grindr $11.7 million for disclosing users’ private information to advertising companies, in violation of European privacy laws. Grindr said in a statement that the company did not believe it was the source of the data. “We have looked closely at this story, and the pieces simply do not add up. Grindr has policies and systems in place to protect personal data, and our users should continue to feel confident and proud in using Grindr regardless of their religion, ethnicity, sexual orientation, or gender identity.”) The data would have been presented as “anonymized” through the removal of certain pieces of information, such as users’ names. But it would have included the timestamped GPS locations for the device from when the app was in use. All of this is legal, the privacy engineer said, but not something most users factor into their risk-taking.
After purchasing the data, Pillar would have been able to search locations they had already identified as being associated with Burrill—or a number of Catholics clerics, if they wanted—in the data set. (It’s not clear if the investigation targeted Burrill from the beginning or if he was found among a list of clergy being investigated. According to Bermudez, the group that approached him in 2018 also offered up the names of high-profile Catholics they said were using the apps.) At that point, it was just a matter of cross-referencing.
“There’s an entire multi-hundred billion dollar industry of companies you’ve never heard of,” said Ari Ezra Waldman, a professor of law and computer science at Northeastern University. “Their business model is collecting info from all corners of the internet and selling it to people so they can make general conclusions about a population and advertise to it. They say that information is non-identifiable. This is another example of how it’s an utter lie.”
There’s little precedent for this kind of tactic in the U.S. While authorities in other countries have used gay dating and hookup apps—mainly through entrapment with fake accounts—to persecute queer people, the concerns over the app in the U.S. have had more to do with protecting users from other users.
The Pillar incident raises an alarming prospect in the context of the Catholic priesthood, where being gay—and acting on it—is considered a line-crossing sin. In his CNA article, Bermudez wrote that the group that approached him had wanted “to provide this information privately to Church officials in the hopes that they would discipline or remove those found to be using these technologies to violate their clerical vows and possibly bring scandal to the Church.”
This group would have a large number of allies who believe not only that gay and sexually active priests are an outrage because of the church’s teachings on sexuality and the vocation’s call for celibacy, but because of the incorrect belief that gay priests are responsible for the sex abuse crisis. (The Pillar presented no evidence that Burrill had sexual encounters with minors.)
JD Flynn, one of the Pillar journalists behind the expose, defended himself from criticism on Wednesday in a tweet saying that he and his co-author had weighed the question of individual privacy and decided that Burrill’s Grindr use was a matter of public interest because he was a “high-ranking public figure who was responsible in a direct way for the development and oversight of policies addressing clerical accountability with regard to the Church’s approach to sexual morality.”
In the original Pillar piece, however, the journalists made it clear that their reasoning went beyond the hypocrisy of Burrill’s actions: “[A]ny use of the app by the priest could be seen to present a conflict with his role in developing and overseeing national child protection policies, as Church leaders have called in recent months for a greater emphasis on technology accountability in Church policies.”
Many critics protested that such a linking of gay sex with child abuse, with no evidence, revealed the homophobia at work in the efforts to expose the priest. “Of course it’s aimed at gay priests, and ‘gay apps,’ which shouldn’t surprise anyone,” Fr. James Martin, a progressive priest who advocates for LGBTQ Catholics, said on Twitter. “It’s part of the ongoing witch hunt against gay priests, the vast majority of whom, like their straight counterparts, are celibate and chaste, no matter what you may read online.”
There’s little to stop the Catholic Church itself from conducting such data plumbing. And many groups and individuals argue that beyond the matter of the priest’s vows, any use of dating apps feeds a dangerous culture of secrecy among the clergy. Some of these groups might decide that the public’s—and Church’s—needs come before the individual’s privacy rights.
Nat Meysenburg, a technologist at New America’s Open Technology Institute, said that experts had warned about something like this happening for years, and that it only took a particularly determined group of people with a very specific goal in mind and the time to work through the data. “The worry is that this gets replicated by all kinds of people for all kinds of reasons,” he said. “And now there’s a proof of concept out there.”
Update, July 23 at 11 a.m.: This post has been updated with a statement from Grindr.