The American Civil Liberties Union (ACLU) has published thousands of pages of previously unreleased documents, which reveal how the Department of Homeland Security (DHS) is buying access to the location data of millions of US citizens’ cell phones.
The warrantless purchase by various parts of the DHS — including Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) — was first reported by The Wall Street Journal in 2020.
In response to the news, ACLU filed a Freedom of Information Act (FOIA) request to DHS, ICE, and CBP, followed by a respective lawsuit.
While the litigation is still ongoing, the union decided to make public the records that CBP, ICE, the US Secret Service, the US Coast Guard, and several offices within DHS Headquarters have provided to date.
The companies providing the DHS with location data
The records show that DHS has used millions of taxpayer dollars to buy access to cell phone location information from two data brokers: Venntel and Babel Street.
According to the documents theACLU received, Venntel collects more than 15 billion location points from over 250 million cell phones and other mobile devices every day.
How the data is being used
As per the company’s marketing brochure, law enforcement can use this data to “identify devices observed at places of interest, repeat visitors, frequented locations, pinpoint known associates” and “discover patterns of life.”
A 2018 DHS internal document also raised concerns over the privacy of people living near the US borders. It proposed using Venntel’s location data to “identify patterns of illegal immigration.”
And another request to the DHS from a local police department in Cincinnati asked for location data analytics related to opioid overdoses in its jurisdiction.
Alarmingly, both proposals are based on the premise that law enforcement can indiscriminately hoover up sensitive information on people simply going about their daily lives.
Downplaying location data usage for tracking purposes
In the face of the obvious privacy implications, the data brokers have sought to downplay their actions.
First off, the documents characterize phone location data as a mere “digital exhaust,” which doesn’t contain personally identifying information (PII), but is attached to a numerical identifier.
This masks the fact that phone numbers are connected to identity information — not to mention how much data is shared just by signing into Google.
Secondly, the data brokers assert that phone users themselves voluntarily disclose their location when they consent to GPS data permissions.
That’s the perfect gray area data agencies and government bodies can exploit.
Users aren’t always aware of how many apps on their phone collect GPS information, or (reasonably) don’t expect that data to be sold to governments for surveillance.
Still, the agencies’ purpose is so explicit that even DHS employees voiced privacy concerns over purchasing software from Venntel and Babel Street.
The imperative for federal privacy laws
The government’s warrantless search and usage of personal location data is a clear violation of the Fourth Amendment.
For this reason, the ACLU is urging the Congress to pass the Fourth Amendment Is Not For Sale Act — a bipartisan proposal put forward last year and cosigned by nearly 20 Democrats and Republicans in the Senate.
The bill would require the US government to get a warrant before obtaining data from companies like Venntel and Babel Street.
It also would prevent law enforcement and intelligence agencies from purchasing US citizens’ cell phone data both in the country and abroad “if the data was obtained from a user’s account or device, or via deception, hacking, violations of a contract, privacy policy, or terms of service.”
Let’s hope that it can help hasten the end to mass-surveillance once and for all — but we’re not holding our breath.
Get the TNW newsletter
Get the most important tech news in your inbox each week.