Homeland Security purchased ‘large amounts’ of location data from private individuals’ apps

The American Civil Liberties Union (ACLU) released a report on Monday showing how the U.S. Department of Homeland Security (DHS) is “bypassing our Fourth Amendment right” by accessing “massive information about the location of people’s mobile phones.”

Records show that DHS collected data from more than 336,000 location data points across North America that were collected from millions of people’s smartphone apps.

Data points allow DHS, Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE) to “identify and track specific individuals or everyone in a specific area.”

The report also shows that the data allows “local law enforcement to access this massive amount of data in ways that they normally cannot,” the ACLU shared. statement.

The ACLU notes that DHS is using tax revenue from millions of people to buy cell phone location access, which was sold to the agency by “two shady data brokers, Venntel and Babel Street.”

Scroll down for video

Data points allow DHS, Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE) to “identify and track specific individuals or everyone in a specific area.”

The problem started in February 2020 when Wall Street Magazine showed that the Trump administration has acquired access to databases that display the movements of “maps of the movements of millions of smartphones in America, and uses them for immigration and border control,” people familiar with the matter told the WSJ.

However, the practice was carried over to the Biden administration.

Shortly after this news broke, the ACLU filed a Freedom of Information Act (FOIA) lawsuit with DHS, ICE and CBP that ordered federal agencies to release documents demonstrating their data collection.

While these groups were known to pay for access to location data, the full extent of the data collected was not previously known.

Over 6,000 records show that DHS has collected data from more than 336,000 location data points across North America that have been collected from millions of people's smartphone apps.

Over 6,000 records show that DHS has collected data from more than 336,000 location data points across North America that have been collected from millions of people’s smartphone apps.

The documents show that in just three days in 2018, CBP collected data from 113,654 locations across the US Southwest—more than 26 locations per minute.

“And this data appears to be coming from just one area in the southwestern United States, which means it’s just a small fraction of the total location information available to the agency,” the ACLU said in a statement.

According to the documents, CBP used the location of the data for immigration control and investigations of human and drug trafficking. POLITICS reports.

Venntel, based in Washington DC, describes itself as a government contractor that “supports our common interests through technological innovation, data reliability and proven results.”

However, the firm is in the business of selling smartphone location data to law enforcement and government agencies.

Venntel first approached DHS, ICE and CBP back in 2017 when the company’s broker told ICE via email that it collects location data from over 250 million mobile devices and processes over 15 billion location data points per day.

And documents released by the ACLU show that the agencies knew the data collected was “a boon to surveillance and a concern for privacy,” according to POLITICO.

The records obtained by the ACLU show how these agencies knew that location data collection in the advertising tech industry was both a boon for surveillance and a privacy issue.

Venntel initially told CBP in a marketing brochure that “all users consent to the collection of location data” and that no personal data was ever collected.

However, in a separate correspondence between the company and ICE, the bank stated that “derivative means exist by which identifiers and the corresponding location can be collected.”

This means that the data can be used to identify a person, even if no personal information is associated with the data point.

Nathan Fried Wessler, ACLU Project Associate Director for Speech, Privacy and Technology, told POLITICO: “These agencies seem to be fully aware that they are exploiting the massive privacy disaster in this country.

Because agencies buy location data from a database, it was considered commercially available and did not require a warrant to use it (file photo)

Because agencies buy location data from a database, it was considered commercially available and did not require a warrant to use it (file photo)

“These agencies understand that the same data dumps they can buy access to for anything can also be bought by anyone else to try and target their agents.”

In 2019, the acting DHS privacy officer ordered the agency to “halt all projects involving Venntel data” due to privacy concerns surrounding the use of people’s location data, but CBP and ICE continued to use the Venntel database.

Because agencies buy location data from a database, it was considered commercially available and did not require a warrant to use it.

However, four years ago in Carpenter v. In the United States, the Supreme Court has ruled that the government needs a warrant to access a person’s mobile phone location history from cell phone operators because of the “privacy” these records can reveal.

“This case was based on a request for information on the historical whereabouts of one suspect over a period of several months,” the civil liberties group said.

“In documents we received over the past year, we found Venntel marketing materials sent to DHS explaining how the company collects more than 15 billion location points daily from more than 250 million mobile phones and other mobile devices.”