Secret Service buys location data that would otherwise need a warrant

Stock photo of hands using smartphones against white background. — Enlarge / Dozens of apps on your phone know where you are, whether you’re home, at a doctor’s appointment, at the airport, or sitting still in a blank white room to pose artfully for a photo shoot.

An increasing number of law enforcement agencies, including the US Secret Service, are simply buying their way into data that would ordinarily require a warrant, a new report has found, and at least one US senator wants to put a stop to it.

The Secret Service paid about $2 million in 2017-2018 to a firm called Babel Street to use its service Locate X, according to a document (PDF) Vice Motherboard obtained. The contract outlines what kind of content, training, and customer support Babel Street is required to provide to the Secret Service.

Locate X provides location data harvested and collated from a wide variety of other apps, tech site Protocol reported earlier this year. Users can “draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled” in the past several months, Protocol explained.

Agencies under the Department of Homeland Security—including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP)—have purchased access to cellphone location activity for investigations, The Wall Street Journal reported in February. In June, the WSJ also reported that the IRS purchased access to location data through commercial databases.

Easier than a warrant

Private companies can gather up, buy, sell, and trade all kinds of sensitive user data more or less however they want, with very few limitations—and they do.

All kinds of mobile apps collect location data, both legitimately and illegitimately, and then sell it to data brokers. The data brokers then pass on is theoretically anonymized—but in practice, easily identifiable.

The New York Times in 2018 demonstrated in a multimedia feature how easy it is to follow an individual around her whole daily life using a snapshot obtained from just one data aggregation firm. “The database reviewed by The Times—a sample of information gathered in 2017 and held by one company—reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day,” the paper wrote at the time.

Apps are not the only ones collecting and selling that information. All four national mobile carriers—Verizon, AT&T, and the now-combined Sprint and T-Mobile—were caught selling customers’ location data without consent in 2018 and 2019.

Law enforcement agencies are required to get a warrant to obtain an individual’s mobile phone location data, the Supreme Court ruled in 2018. Investigators have several times sought warrants to gather information for all phones that travel within a certain boundary during a certain period of time, known as geofencing.

But there are currently no rules on the books preventing law enforcement from simply purchasing whatever information they want from the existing market. Sen. Ron Wyden (D-Ore.) told Vice that needs to change.

“It is clear that multiple federal agencies have turned to purchasing Americans’ data to buy their way around Americans’ Fourth Amendment Rights,” Wyden told Motherboard. “I’m drafting legislation to close this loophole, and ensure the Fourth Amendment isn’t for sale.”

https://arstechnica.com/?p=1699476