Sidestepping the need to obtain a search warrant, the Department of Homeland Security (DHS) has reportedly been accessing phone location data belonging to millions of Americans by buying it straight from private marketing firms. The data is drawn from seemingly ordinary phone apps, including mobile games and weather apps, the Wall Street Journal reports.
DHS uses the data purchased from private marketing companies to generate law enforcement leads and search for undocumented immigrants, according to the Journal, which first broke news of the arrangements on Friday.
In a landmark 2018 decision, the Supreme Court ruled that the Fourth Amendment protects mobile phone location information. As a result, police are required to obtain a warrant before obtaining location data. But according to the Journal, government lawyers have argued that a warrant is not required because the data is already commercially available.
The government’s procurement of location data from private marketing companies for law enforcement purposes was a secret, until now.
The Journal reports that DHS and agencies under its umbrella, including Immigration and Customs Enforcement, purchased location data as far back as 2017 from a small Virginia-based company called Venntel Inc. According to the Journal, the data was recently used to track the phones of people suspected of smuggling drugs through a tunnel from Mexico to Arizona.
Venntel acknowledges serving government clients on its website, which says its platform “merges, categorizes and interprets disparate location data.” The company says it provides “global coverage” as well as access to “historical data.”
DHS and Venntel did not immediately respond to Gizmodo’s requests for comment.
Neither the names of the marketing firms from which Venntel reportedly purchased the location data nor the phone apps used to collect the data are named in the Journal’s report.
A Customs and Border Protection official told the Journal that the data is not “ingested in bulk” and “doesn’t include cellular phone tower data.” The data reportedly points to devices represented by an “alphanumeric advertising identifier,” but does not include the mobile phone owner’s name.
Claims that location data is anonymised—or pseudonymized—are all but meaningless. Researchers have repeatedly shown the techniques advertising companies employ to anonymize data are faulty and inadequate.
Last year, for example, researchers at the Imperial College of London published a study showing they were able to accurately re-identify 99.98 per cent of Americans in anonymised datasets.
And just this month, students at Harvard University revealed they’d built a tool that links personally identifiable information to anonymised consumer data exposed by data breaches.