Instead of obtaining warrants to collect geolocation data from companies, U.S. federal law enforcers have turned to simply purchasing such information—a state of affairs that has privacy advocates calling for Congress to enact reforms.
Law enforcement’s purchases of bulk data has been on the rise since the U.S. Supreme Court’s decision in Carpenter v US, when justices said in 2018 that law enforcement agencies need warrants before they can request geolocation data.
A Dec. 9 report from the Center for Democracy & Technology (CDT) attempts to chronicle this trend, showing that U.S. federal agencies have at least 30 contracts valued at some $86 million with data broker services.
“ documents suggest that data obtained from brokers are employed for a variety of purposes such as pre-investigative inquiries, intelligence gathering, crime prevention, or criminal investigations,” the report said. “Indeed, commercially acquired data feeds into the data-driven operation of modern law enforcement and intelligence, a phenomenon which scholars have called ‘big data policing.’”
Chuck Goolsbee, site director for Facebook’s Prineville data centers, shows the computer servers that store users’ photos and other data at the Facebook site in Prineville, Ore., on Oct. 15, 2013. (Andy Tullis/ Bulletin via AP)Geolocation seems to be the most sought-after data point by law enforcers, according to the report. FBI and Customs and Border Protection both have contracts with the data broker Venntel, which harvests location data from a variety of sources including ordinary apps.
“In the Venntel system, agencies can access a panel where users view the locations of smartphones over time, with data sourced from many companies and ad firms, as well as apps including weather apps,” the CDT report said.
FBI also seeks certain GPS internet and social media footprint information from companies such as Thomson Reuters and RELX Group, according to the report.
A DEA logo at the Office of the US Drug Enforcement Administration (DEA) on May 29, 2019 in New York City. (JOHANNES EISELE/AFP via Getty Images)Drug Enforcement Administration (DEA), Internal Revenue Service (IRS), Immigration and Customs Enforcement (ICE) and the Secret Service, meanwhile, have all used a company called Babel Street. This company’s Locate X software provides historical device location data derived from apps or online adtech services.
“ company has been secretive about the capabilities program … One DEA contract with Babel Street for $220k merely references ‘data collection,’” the report said.
Marine Corps Intelligence Surveillance Reconnaissance Enterprise, meanwhile, uses a database from Thomson Reuters that provides a “live gateway” to “cell phone data,” according to the report.
CDT blamed gaps in U.S. legislation for the situation. Government attorneys have interpreted the Fourth Amendment to allow agencies to purchase data from companies, while consumer-protection laws don’t cover data brokers because they don’t interact directly with consumers.
Cables linked to a server is seen Jan. 4 during the International Cybersecurity Forum in Lille, France. (Philippe Huguen/AFP/Getty Images)“re’s a loophole in ECPA [Electronic Communications Privacy Act] allowing data brokers to obtain ‘non-content’ communications data, and then, because data brokers are not regulated by that law, to turn around and sell that information to government agencies,” explained CDT Policy Director Samir Jain in a press release.
“Similarly, although the Supreme Court’s expansive language in Carpenter v. United States suggests that the government must also obtain a warrant in order to access sensitive personal information … government agencies have adopted narrow interpretations under which purchases of sensitive data from brokers are permitted without a warrant or other legal process.”
To close the legal loopholes, the CDT endorsed the Fourth Amendment is Not for Sale Act, which was introduced in April by Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.).
bill would place warrant requirements on government purchases of bulk data, and would take away the U.S. attorney general’s ability to give civil immunity to companies that unlawfully sell bulk data to government agencies.
login/sign up screen for a Twitter account is seen on a laptop computer in Orlando, Fla., on April 27, 2021. (John Raoux/AP Photo)“This legislation seeks to close the ECPA loophole that, as evidenced by this report, has enabled an entire lucrative industry around government contracts for data that the government should not access without appropriate legal process,” the CDT said.
Fourth Amendment is Not for Sale Act has the bipartisan support of 20 cosponsors, but the measure has yet to receive a hearing.
Not everyone agrees that government purchasing private data is the problem that privacy activists and civil libertarians make it out to be. On the Nov. 22 episode of the Cyberlaw Podcast, former Department of Homeland Security (DHS) official Paul Rosensweig said federal agencies should be able to make the same data transactions as private entities.
“To say that the federal government may not purchase on the open market the same products that Walmart can purchase—the government is acting as a consumer like anyone else,” said Rosensweig, the former DHS deputy assistant secretary for policy.
“For privacy advocates to contend that the government as a consumer should be in a different position from any other commercial purchaser is just senseless.”
Pezou : No Warrant, No Problem: Report Details Law Enforcement’s Data Purchases