Feds are tracking phone locations with data bought from brokers

The Department of Homeland Security (DHS) has been buying location data from third parties to sidestep the traditional warrant process, according to new documents released by the American Civil Liberties Union (ACLU).

The documents show that agencies like Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) were able to purchase vast amounts of this location data without any judicial oversight and use it to track the movements of millions of cellphones within the US.

Generally, obtaining data about domestic communications directly from the providers (i.e., telecom companies) requires a warrant, which must be approved by a judge. But purchasing data from intermediary organizations is not subject to the same constraints and effectively gives law enforcement agencies carte blanche to gather personal data that they would not otherwise be able to access.

The volume of location data disclosed in the newly released documents is huge and points toward an even greater level of data acquisition being carried out by the agencies concerned. The documents were obtained by the ACLU under freedom of information laws after a lawsuit was filed in 2020, following reporting by The Wall Street Journal that uncovered the purchase of commercial location data by government agencies.

Some of the records released to the ACLU included a set of spreadsheets containing a subset of location data purchased by CBP from the data broker Venntel. Per the ACLU’s analysis, for one three-day span in 2018, the records contain around 113,654 location points — equalling more than 26 location points recorded per minute. But even this data is confined to one geographic area in the Southwest, suggesting it’s only a fraction of the total volume of location data that federal agencies obtained.

As reported by Politico, in emails between Venntel and ICE, the data broker claimed to collect location data from more than 250 million mobile devices and process over 15 billion location data points per day.

Another data broker identified in the documents is Babel Street. Like Venntel, Babel Street obtains location data by paying developers to include snippets of its code in other mobile apps, which — largely unknown to users — transmit data back to the company’s servers. In 2021, Motherboard reported that Venntel had a contract with the Florida Department of Corrections to provide information on any cellphones that were near state-owned prisons.

In a statement, Nathan Freed Wessler, deputy director of ACLU’s Speech, Privacy, and Technology Project, said that data brokers brought a new threat to privacy and, as such, should be regulated by the government.

“The Supreme Court has made clear that because our cell phone location history reveals so many ‘privacies of life,’ it is deserving of full Fourth Amendment protection,” Wessler said. “Yet, here we see data brokers and government agencies tying themselves in knots trying to explain how people can lack an expectation of privacy in such obviously personal and sensitive location information. With the potential for abuse so high, Congress must step in to definitively end this practice.”

In fact, Congress will have a chance to step in shortly. On Tuesday, the House Judiciary Committee will hold a hearing on “digital dragnets” and the government’s access to sensitive data. Sen. Elizabeth Warren (D-MA) had previously proposed a bill that would bar data brokers from selling location or health data entirely.