DHS is Circumventing Constitution by Buying Data It Would Normally Need a Warrant to Access

Subscribe to the Free Future Newsletter
Free Future home

The Fourth Amendment generally requires the government to get a warrant before searching your private information, but government agencies are circumventing the intent of the Constitution by simply buying sensitive, personal data from private companies. Today, the ACLU published documents obtained from the Department of Homeland Security shedding light on how ICE, Customs and Border Protection, and other parts of DHS have bought access to huge amounts of highly sensitive location data harvested from people’s cell phones that enables government tracking of our movements over time.

We filed a Freedom of Information Act lawsuit against DHS in 2020 for records about its practice of purchasing bulk access to cell phone location information gathered from smartphone apps. In 2022, we posted thousands of pages of previously unreleased documents, but our litigation continued, and today we are publishing the additional records we’ve obtained over the last several years. Although DHS announced in 2024 that it was ending its contracts with data brokers for access to bulk cell phone location data, recent reporting indicates that the agency is getting back in the business of mass tracking of Americans’ phones, giving these records renewed relevance.

In fact, just last week, 404 Media reported that ICE bought access to a social media and phone surveillance system that is “designed to monitor a city neighborhood or block for mobile phones, track the movements of those devices and their owners over time, and follow them from their places of work to home or other locations.”

When we published the first set of records we obtained from DHS, we highlighted some major revelations from the documents, including the huge volumes of location data at issue, how revealing that data can be about individuals’ lives, and the self-serving attempts of government contractors and DHS itself to minimize the quite obvious privacy implications of this surveillance. The new batch of documents further underscores the privacy concerns and legal questions raised by this practice, and reinforces the pressing need for strong legal protection, like the bipartisan Fourth Amendment Is Not For Sale Act, which would end the government’s pattern of circumventing constitutional protections by purchasing the data instead of obtaining a warrant from a judge.

Among the new documents is a two-page legal memo from ICE, providing our most detailed look yet into the agency’s attempt to craft a legal justification for purchasing access to highly sensitive location information without a warrant. The memo claims that the purchased location information is different from the cell phone location data at issue in Carpenter v. United States, an ACLU case in which the Supreme Court ruled that the government needs a warrant to obtain cell phone location history directly from cellular service providers because of the “privacies of life” those records can reveal. The ICE memo, which is heavily redacted, appears to attempt to distinguish the purchased location data from the cell phone location data at issue in Carpenter on a ridiculous technicality: that this newer data is tied to phones’ Mobile Advertising IDs (known as MAIDs or AdIDs) instead of to phone numbers or names. But that is a distinction without a difference.

AdIDs are unique alphanumeric codes assigned to each device. Although some have described these identifiers as a way to target advertisements without identifying individuals, that promise of privacy is illusory. An entire industry now exists to “enrich” the AdID-linked location data with personal and historical information. The combined data reveals highly sensitive information about users’ lifestyles, their routines, and the people they meet. And the companies selling this location data to the government know this—they plainly say so in their marketing materials: “What you do and where you do it defines who you are,” according to a Gravy Analytics solicitation that ICE received. Because our patterns of movement between home, work, school, and other frequently visited locations are unique, government agents can easily identify us by tracking our phones—indeed, that’s the entire point of this surveillance. Substituting AdIDs for phone numbers does little to prevent such tracking.

Similarly, nothing prevents federal agencies from identifying and linking this location information to PII they obtained separately. Indeed, the DHS Privacy Officer raised this exact concern: “CBP should address how AdIDs become linked to an individual during the CBP analysis process, as well as the retention of AdID in the vendor system and within CBP systems with the associated linked PII.” In another document, Secret Service personnel also voiced privacy concerns, pointing out that one of the cell phone location data tools might in fact contain PII.

Government records illustrate how invasive the tracking can be:

• In one document in ICE’s possession, the data broker Venntel explains how its data aided in “tracing one device observed at multiple locations throughout the U.S. and Mexico.”
• In multiple cases, Venntel provided “geofence” capabilities, which enable law enforcement agencies to identify every device in a specified area. CBP tracked phones to “locations of law enforcement interest” and monitored “travel patterns.”
• A Secret Service email exchange explains how the data could be used by investigators to identify “mobile devices carried near popular border crossing points into the U.S. and pull up the historical location data for those devices, viewing where they've been in the preceding months.”

And DHS pays handsomely for all of this with taxpayer money, according to the released records. Customs and Border Protection entered into contracts with one company, Venntel, in 2019 and 2020, totaling over two million dollars. A renewal subscription with another platform, Babel Street, in 2020 came to nearly 3 million dollars. The Secret Service entered into a 12-month contract with Babel Street for over 600,000 dollars in 2019. Recent reporting indicates expenditures have continued, with ICE signing up with yet another surveillance vendor, Penlink, this year.

Nobody expects that by carrying a phone, they are somehow consenting to let the government make a record of their every move. The government’s scrabbling about for legal loopholes should not be allowed to cover for the massive privacy violation that this technology enables. Congress can end this warrantless mass surveillance now, through passage of the Fourth Amendment Is Not For Sale Act, which would require the government to obtain a warrant from a judge before getting access to this invasive data. That commonsense protection is within reach. The legislation passed the House in 2024 with strong bipartisan support, and there’s no good reason it couldn’t advance further this year. State legislatures can also take up the fight, to ensure that state and local police can’t pay their way to pervasive location surveillance. Montana did so last year, and other states are poised to follow.

The government should not be allowed to purchase its way around bedrock constitutional protections against unreasonable searches of our private information. There should be no end run around the Fourth Amendment.