The American Civil Liberties Union (ACLU) has published thousands of pages with previously unreleased documentsrevealing how the Department of Homeland Security (DHS) is purchasing access to the location data of the cell phones of millions of American citizens.

The non-warranty purchase by several DHS entities — including Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) — was first reported by The Wall Street Journal in 2020.

In response to the news, ACLU has released a Freedom of Information Act (FOIA) request to DHS, ICE and CBP, followed by a respective lawsuit.

While the trial is still ongoing, the union has decided to make public the documents that CBP, ICE, the US Secret Service, the US Coast Guard and several offices within DHS headquarters have provided so far.

The companies providing DHS with location data

The data shows that DHS has used millions of taxpayers to buy access to mobile phone location information from two data brokers: ventel and Babelstraat.

According to the documents received by the ACLU, Venntel . collects over 15 billion location points from more than 250 million mobile phones and other mobile devices each day.

How the data is used

From the company’s marketing brochurelaw enforcement may use this data to “identify devices sighted in places of interest, return visitors, locations visited, locate known associates” and “discover life patterns”.

a 2018 DHS internal document also raised concerns about the privacy of people living near US borders. It suggested using Venntel’s location data to “identify patterns of illegal immigration”.

And another request requested DHS from a local police department in Cincinnati to analyze location data related to opioid overdoses in his jurisdiction.

Disturbingly, both proposals are based on the assumption that law enforcement officers can indiscriminately imbibe sensitive information about people simply going about their daily lives.

Downplaying the use of location data for tracking purposes

In light of the obvious privacy implications, the data brokers have tried to downplay their actions.

First, the documents characterize phone location data as mere “digital exhaust”, which does not contain any personally identifiable information (PII), but is associated with a numerical identifier.

This masks the fact that phone numbers are tied to identity information — not to mention how much data is shared just by logging into Google.

Second, the data brokers claim that phone users themselves voluntarily disclose their location when giving permission for GPS data.

That’s the perfect gray area for data agencies and government agencies to tap into.

Users are not always aware of how many apps on their phones collect GPS information, or (reasonably) expect that data to be sold to governments for surveillance.

Yet the agencies’ purpose is so clear that even DHS employees expressed concerns about privacy about buying software from Venntel and Babel Street.

The Need for Federal Privacy Laws

The government’s seeking and use of personal location data is a clear violation of the Fourth Amendment.

For this reason, the ACLU urges Congress to Fourth Amendment Is Not For Sale Act — a bipartisan proposal submitted last year and countersigned by nearly 20 Democrats and Republicans in the Senate.

The bill would require the US government to get a warrant before getting data from companies like Venntel and Babel Street.

It would also prevent law enforcement and intelligence agencies from purchasing cell phone data from US citizens, both in the country and abroad. “if the data was obtained from a user’s account or device, or through fraud, hacking, breach of contract, privacy policy, or terms of service.”

Let’s hope it can help expedite the end of mass surveillance once and for all – but we’re not holding our breath.