Citizen, a mobile app that alerts people to nearby emergencies, is testing the reintroduction of a controversial feature that lets users report crimes and incidents on their own by live streaming video. Created by New York-based startup sp0n, Citizen first launched under the name “Vigilante” in 2016 in New York City, broadcasting alerts of 911 calls to users in the vicinity and allowing those users to send live video from incident scenes, comment on alerts, and report incidents on their own. In a splashy launch video with the hashtag #CrimeNoMore, several young men were depicted rushing to aid a woman who was chased by a menacing stranger; the video instructs users not to “interfere with the crime,” but then adds, “Good luck out there!” Vigilante was met with swift backlash from the public and police departments, and Apple soon pulled the app from its store. At that time, the New York Police Department issued a statement saying, “Crimes in progress should be handled by the NYPD and not a vigilante with a cell phone.” Several months later, the app rebranded as Citizen, removed the incident reporting feature, and said it was shifting its focus to “safety” and “avoiding crime” — a far cry from its prior positioning. Citizen’s return to public crime reporting has not been publicized, but is documented on the company’s user support website. The app’s latest version in Apple and Google’s app stores also includes the description: “Keep Your Community Safe: Report incidents right when they happen to protect the people around you.”

Dominic McMullan, a Citizen representative, refused to speak with The Intercept on the record during a phone call. In an emailed statement the company sent instead, it said that about five percent of its incidents are reported via the live broadcast feature. They are “merged with 911-reported incidents” and reviewed by Citizen moderators before appearing in the app, according to the statement. The experiment comes after the company made more attempts to work with law enforcement, including bringing onto its board Bill Bratton (who opposed Vigilante when he was police commissioner in New York) and hiring as an executive someone who oversaw NYPD communications when the department spoke out against the app. Experts say that, if not addressed with great care, what Citizen does next could set the stage for invasive advertising, greater injustice for vulnerable people, and increased government surveillance. User-powered crime reporting has been rife with racism, panic, and concerns users might bring about personal harm — issues not just for Citizen’s predecessor app Vigilante but also for platforms like Amazon’s Ring, which makes home security cameras and a related social network, and Nextdoor, an app that networks neighbors with one another to communicate about crime and other matters. Community Involvement and Crime Reporting Citizen’s reintroduction of user reporting is a walk back for the company, which had removed the feature in emphatic terms. In 2017, CEO Andrew Frame told TechCrunch user reporting would be removed because it had become a distraction from the app’s mission, which he said was to “reduce crime, not exploitation of people.” To head off racial bias concerns, Frame had also said that suspicious persons reports would not be included in the app. Now, on its user support website, Citizen encourages people to report incidents about “protests, lost pets, downed power lines, and other community FYIs.” But its general criteria for reported incidents from 911 calls are broader, and include alleged crimes in progress such as assaults and thefts, fire, smoke, gas leaks, situations involving hazardous materials, and heightened police activity. In addition to now accepting incident reports from users through its app, Citizen has experimented with taking reports from outsiders via other channels. In 2018, it began rolling out a tool and community called “GuardianNet” or “GNet.” The tool gave users, or “Guardians,” access to Citizen’s internal feed of real-time police, fire, and emergency radio through a web-based interface, allowing them to comb through dispatches and, until last year, to create safety alerts. The company has aggressively recruited people, typically police scanner hobbyists, to volunteer as unpaid dispatchers. Its representatives have posted on local classified web pages, popular radio scanning forums, and Facebook groups, and tried to organize in-person meetups. David Choi, a Citizen operations manager, wrote on Reddit that the network was “built exclusively for scanner enthusiasts to listen to police/fire radios and report incidents to keep their communities safe and informed.” In response to concerns from Reddit users that a phone number was needed to sign up for the network, Choi responded, “We’re not looking to sell you anything at all. We’re just trying to build up this community of people who like listening to emergency responder radio and give these people an opportunity to help others and maybe even save lives.” Citizen has previously highlighted the importance of its Guardians in keeping the public safe: In September 2018, it said one Guardian “hero” helped alert thousands of people in real time about a bomb threat in New Jersey, and last year said another Guardian broke the news of a shooting at a New Jersey mall. But the “Guardians” are a key component of Citizen’s expansion beyond the 15 American cities it currently operates in; if a city has publicly accessible radio bands and people combing through them, Citizen can gather enough resources to enter the market. Last March, Choi announced that GuardianNet’s incident reporting feature would be “temporarily paused for the near term future” to prepare for a reboot, but that its scanner feeds and chat rooms would remain open. Now, it seems Citizen is changing course again. In a statement, the company said GuardianNet was “a beta test” that “never launched,” and is no longer accessible to the public. The Guardian site now redirects to a page called “ProtectOS,” which requires a phone number to sign up.



Illustration: Soohee Cho/The Intercept

Location data, privacy, and surveillance Experts say Citizen’s location data collection raises questions about privacy and surveillance, the government’s interest in such data, and the lack of oversight into location data tracking. Citizen’s terms of service state that users must permit the app to access their location data even when it isn’t open. The company says it needs both location and notification permissions to notify users of emergencies, which might include “life-saving” crime and safety alerts. Metadata associated with content like videos, which are required to initiate an incident report on the app, are also collected, according to the company’s privacy policy. These include unique device identifiers, information on wireless networks, location information, and more, all of which can be tied back to users, who sign up for Citizen using their names, email addresses, and phone numbers. Privacy and Advertising Florian Schaub, a professor at the University of Michigan’s School of Information who focuses on digital privacy, said the privacy risks of using Citizen are similar to those of any app that relies on location data to work. “The risk is always that these location traces are used in ways that users are not anticipating. Advertising is the most common risk,” he said. Location data is valuable, and its sale is growing and largely unregulated. Broadly speaking, private companies collect users’ movements through popular cellphone apps and sell the data to advertising firms and data brokers. It is completely legal to collect location data, and the companies often defend their practices by claiming the location pings they collect are anonymized, essentially raw data with no identifying information. But experts say that’s impossible: Location information can be easily tied to someone’s identity. “Based on where one lives, you can infer their income level, track where they go,” said Schaub. “You might be able to see they are going to an AA meeting, which is not that anonymous anymore, or going to a mental health service provider, or a fertility clinic.” Though Citizen has repeatedly stated that it does not and never will sell user data, it’s possible the company may change its mind as it did with user crime reporting. In response to questions about sharing user data, Citizen sent the following statement: “Citizen shares personal information with the service providers that provide services to or on behalf of Citizen. We also enable service providers to collect personal information from app users only to provide services to or on behalf of Citizen. We pay these service providers and have agreements in place that prevent them from using the data for their own benefit. There is no service provider paying us for any data or data derivative.”

“No one is literally exchanging a pile of data for a suitcase of money.”

Generally, tech companies’ claims that they will never sell users’ data is a misnomer, said Gennie Gebhart, associate director of research at the Electronic Frontier Foundation. “No one is literally exchanging a pile of data for a suitcase of money,” Gebhart told The Intercept. Even if a company is not selling data to third parties, it may be making data available to other companies for valuable consideration, or otherwise profiting from what it collects. Facebook CEO Mark Zuckerberg, for example, has long insisted that Facebook does not sell its users’ data, and even testified before the Senate to this effect. But it allows advertisers to target users at a very granular level, reaping the benefit of invasive tracking even if the underlying user data used for targeting is never provided. Citizen’s terms of service contain a provision that allows sp0n and third-party providers to advertise based on users’ location and what they do in the app, including what they search for. Ads on Citizen might be targeted based on the photos and videos uploaded by users and other tracked information, according to its terms. Experts also pointed out Citizen’s lack of transparency when it comes to how long it stores user data. Citizen says it stores user information for “as short a duration as possible” and aims to “lower the accuracy of historical location data where possible.” If Citizen’s main concern was user privacy, said Schaub, it would explicitly state how long location data was kept for. Nate Wessler, a staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, questioned the breadth of Citizen’s location data collection. “I very much doubt they need location data, a year’s worth or five year’s worth, or even a month’s worth,” he said. “The more customer data is kept, the more is potentially exposed to law enforcement.” Citizen’s app once worked without continuous location tracking. But one update last year changed that, forcing users to enable full location data access to use any part of the app. Users were outraged, flooding Citizen’s App Store reviews with negative comments about the “location-hungry,” “creepy,” and “hostile” nature of the company’s attempts to access their data. In response, Citizen “adjusted” the setting, telling users they could use the app without enabling location access by closing a pop-up that asked for permanent location sharing. In other responses, Citizen acknowledged that “some users” had privacy concerns about sharing location data but maintained that if users’ location settings were not “properly configured,” they would continue receiving in-app reminders to change them whenever they opened the app. A Citizen spokesperson said over email that users can currently “control their own location data access” on the app, though it still prompts users to enable such access. Schaub offered alternatives for Citizen to work without the need for constant, or even occasional, location data sharing. Instead of revealing their movements to Citizen, users could select specific coverage areas where they’d like to receive safety notifications, for example. Even if the app does continue requiring location data, Schaub said Citizen could be more forthcoming about the data it collects and what it is used for. “This notice shouldn’t just be in the privacy policy, it should be made explicit when you activate the feature or when you see it for the first time. This should be shared with users rather than buried in the terms of service,” he said. It’s also worth noting that if Citizen did end up selling user data, it would not be the first time the company has breached a user privacy assurance. Last year, the Washington Post found that Citizen sent personally identifying information such as users’ phone numbers, emails, and GPS coordinates to the marketing tracking company Amplitude — a direct violation of its privacy policy. Citizen said it removed the tracker after being informed of it, and J. Peter Donald, Citizen’s then spokesperson, said the company would do a better job of clarifying its privacy policy. Surveillance Location data is interesting not only to advertisers, but also the federal government. In early February, the Wall Street Journal reported that the Trump administration purchased a database containing millions of Americans’ cellphone location data to help identify and deport undocumented immigrants. Though a landmark 2018 Supreme Court ruling requires court oversight for government access to location data from cellphone providers, the government was still able to purchase the data from private companies. Wessler said that if Citizen location data is ever made available to private entities, it would also effectively become available for purchase by government entities. The government could also try to get Citizen’s user data without paying for it. The company provides guidelines for law enforcement that indicate a search warrant is required to obtain users’ location data, photos, videos, and chat messages, and a court order is required to compel video and chat metadata and IP addresses. Wessler said, based on his reading of the guidelines, that Citizen seems to follow the appropriate legal standard for compelling user data, but the company could better inform the public by issuing transparency reports detailing the number of law enforcement requests for such information, as many large tech companies do regularly. Policing and Technology Since relaunching its app as Citizen, the company has also made headway with police departments, hinting at possible futures for the product. Frame, Citizen’s CEO, told CNN last year he was aware police departments initially “hated” his app, but declared the perception had improved since then. “I don’t know how much they love us, but they at least don’t hate us anymore,” he said. It may be true in New York City, where his company is based. Last year, a Citizen employee organized a chummy basketball game between the NYPD and company employees to help “humanize the app” and “humanize the NYPD.” Citizen has forged connections to the law enforcement community in other ways, such as through hiring. J. Peter Donald, who was Citizen’s head of policy and communications until last summer, confirmed to The Intercept that he issued the NYPD’s anti-Vigilante statement as the department’s director of communications — thus helping pave the way for the app’s removal from Apple’s store. In other words, he was a prominent critic of Citizen’s predecessor app before he joined the company that makes it. In response to questions about his change of heart, Donald pointed to a statement he gave when he joined Citizen in 2018: “I am eager to join Citizen to continue keeping people informed about their safety and using technology to help people when it matters most.” Donald was appointed to his NYPD post by Bill Bratton, a former New York Police commissioner and Los Angeles Police Department chief who joined Citizen’s board of directors last year. Like Donald, Bratton was also initially opposed to the app, telling Forbes he thought it would “scare people and encourage others to interfere with investigations.” Bratton now welcomes the use of other new technologies in policing too, recently voicing his support for NYPD use of facial recognition tools. Bratton did not immediately respond to questions from The Intercept about the app and his role. Among police departments, the embrace of new technologies has increased dramatically in the past few years. Clearview AI, a controversial facial recognition startup that claims to have over three billion indexed photos, is being sold to police departments across the country. A recent data breach exposed the startup’s entire client list, confirming that the majority of them are local and state police departments. Notably, NYPD officers had run more than 11,000 searches using Clearview’s database, the most of any organization using the software. Ring, a doorbell-camera company acquired by Amazon, works with over 400 police departments and gives law enforcement the ability to directly request camera footage from people’s homes. Its social network, Neighbors, lets users anonymously report crimes, share videos, and talk about suspicious happenings. In November, The Intercept reported Ring’s plans to use facial recognition and its network of home doorbell cameras to create AI-enabled neighborhood watchlists. Of companies like Ring that partner with law enforcement, Wessler said, “It becomes this surveillance industrial complex where people are spending their own money to send surveillance data to the police.”

“When you start trying to make money from both police departments and individual users, the blending of that can be toxic.”

Working with law enforcement would present similar risks for Citizen. “Who knows how Citizen might shift their business model over time to make money,” Wessler said. Last year, anonymous company sources told Forbes there was a possibility Citizen could charge “universities, airports, and places with lots of people to allow authorities to send notifications to its users.” The sources also said it was possible users could message officials directly about their safety concerns. “When you start trying to make money from both police departments and individual users, the blending of that can be toxic,” Wessler said. In response to a question about working with authorities, Citizen said it “does not work with law enforcement in any way, shape or form,” but does work with “advisors with backgrounds in public safety.” This does not denote “a formal relationship with any kind of law enforcement,” the statement continued, emphasizing the company’s “independent mission and vision.” In one recent job posting, however, Citizen describes a role dedicated to researching the needs and motivations of its users and “partners in the public sector,” which includes police departments and governments. Racism, Paranoia, and Panic Experts say crime-tracking apps like Citizen — especially in light of the possible reintroduction of its crime reporting feature — can legitimize people’s racist perceptions of who commits crimes and looks suspicious. “The user gets the ability to use their own moral compass to figure out what’s suspicious and what is worthy of being posted and shot out to the world. A lot of times it’s based on pretty insidious racial biases about who belongs and who doesn’t belong, and who’s suspicious and who’s not suspicious,” said Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation.

“The user gets the ability to use their own moral compass to figure out what’s suspicious. A lot of times it’s based on pretty insidious racial biases.”