When it became known that the Department of Homeland Security (DHS) was purchasing phone location data from third parties in order to circumvent the Fourth Amendment's requirement for a search warrant, investigators were allegedly alarmed. And now, it is more apparent how extensive those purchases were, according to reports by Engadget and The Verge.
How Many Data Has Been Purchased by These Agencies
Agencies like Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) were able to acquire substantial amounts of location data without being subject to any judicial oversight, according to recently made public documents from the American Civil Liberties Union (ACLU). The Verge reported that they use it to follow the movements of millions of cellphones within the U.S.
Engadget (via TechCrunch) mentioned that the records linked to the acquisition of some 336,000 phone location points from the data broker Venntel by the CBP, ICE, and other DHS agencies have been obtained by the ACLU. The data, which is only a "small subset" of the whole raw data from the U.S. southwest, reveals a spike of 113,654 points collected in a span of just three days in 2018.
Typically, a warrant must be obtained from a judge in order to get information on domestic communications directly from the providers, such as telecom companies, as per The Verge. The same restrictions are not placed on the purchase of data from intermediary organizations, which effectively provides law enforcement authorities free reign to collect personal information that they would not otherwise have access to.
Read More: China Data Leak? Hacker Claims Stealing 1 BILLION Chinese Citizens' Data from the Police
Who Are the Data Brokers From Which the Agencies Bought Data?
A set of spreadsheets comprising a portion of the location data that CBP had obtained from the data broker Venntel was among the documents that were made available to the ACLU. The Verge, citing the report by Politico, in emails exchanged between Venntel and ICE, the data broker asserted that it processed more than 15 billion location data points daily and collected location information from more than 250 million mobile devices.
Babel Street is another data broker mentioned in the documents. Similar to Venntel, Babel Street also pays developers to incorporate small pieces of its code in other mobile apps, which typically go undetected by users and send data back to the company's servers.
One senior director expressed concern over the Office of Science and Technology's acquisition of Venntel data without obtaining the required Privacy Threshold Assessment. It was reported that after finding that important legal and privacy problems had gone unaddressed, the department even once stopped all projects using Venntel data.
What Are the Authorities' Take On the Issue?
Data brokers, according to Nathan Freed Wessler, deputy director of the ACLU's Speech, Privacy, and Technology Project, present a new threat to privacy and should therefore be subject to government regulation. "With the potential for abuse so high, Congress must step in to definitively end this practice," he said.
As DHS is still anticipated to produce additional records in response to the Freedom of Information Act (FOIA) request, more information may be forthcoming.
Related Article: Lapsus$ Group Leaks Alleged Samsung Confidential Data
