The American Civil Liberties Union published today thousands of pages of previously unreleased records about how Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), and other parts of the Department of Homeland Security (DHS) are sidestepping our Fourth Amendment right against unreasonable government searches and seizures by buying access to, and using, huge volumes of people’s cell phone location information quietly extracted from smartphone apps.
The files, which the ACLU and NYCLU obtained through an ongoing Freedom of Information Act (FOIA) lawsuit, detail the millions of taxpayer dollars DHS used to buy access to cell phone location information, which was aggregated and sold by two shadowy data brokers, Venntel and Babel Street. The documents expose the companies’ — and the government’s — attempts to rationalize this unfettered sale of massive quantities of data in the face of the U.S. Supreme Court precedent protecting similar cell phone location data against warrantless government access.
“These records provide critical insight into the government’s attempts to wash its hands of any accountability in purchasing people’s sensitive location data when it would otherwise need a warrant,” said Shreya Tewari, the Brennan Fellow for ACLU’s Speech, Privacy, and Technology Project. “Legislation like the Fourth Amendment Is Not For Sale Act would end agencies’ warrantless access to this data and head off their flimsy justifications for obtaining it without judicial oversight in the first place.”
In scattered emails, some DHS employees raised concerns, with internal briefing documents even acknowledging that “[l]egal, policy and privacy reviews have not always kept pace with the new and evolving technologies.” Several email threads highlight internal confusion in the agency’s privacy office and potential oversight gaps in the use of this data — to the point where all projects involving Venntel data were temporarily halted because of unanswered privacy and legal questions.
Nonetheless, DHS has pressed on with these bulk location data purchases. And the volume of people’s sensitive location information obtained by the agency is staggering. Among the records released to the ACLU by CBP were seven spreadsheets containing a small subset of the raw location data purchased by the agency from Venntel. For one three-day span in 2018, the records contain around 113,654 location points — more than 26 location points per minute. And that data appears to come from just one area in the Southwestern United States, meaning it is just a small subset of the total volume of people’s location information available to the agency.
“The Supreme Court has made clear that because our cell phone location history reveals so many ‘privacies of life,’ it is deserving of full Fourth Amendment protection,” said Nathan Freed Wessler, deputy director of ACLU’s Speech, Privacy, and Technology Project. “Yet, here we see data brokers and government agencies tying themselves in knots trying to explain how people can lack an expectation of privacy in such obviously personal and sensitive location information. With the potential for abuse so high, Congress must step in to definitively end this practice.”
The ACLU’s release of these records comes ahead of a July 19 House Judiciary Committee hearing, which will address digital dragnets and examine the government’s access to Americans’ personal data.