Homeland Security records show 'shocking' use of phone data, ACLU says

grarpamp grarpamp at gmail.com
Tue Jul 19 02:33:22 PDT 2022 

60 per person per day, in the article, its docs may offer other rates,
hardly matters, cellco's have plenty more they give away top-secret,
FISA was never really stopped, just transfigured.

https://www.aclu.org/news/privacy-technology/new-records-detail-dhs-purchase-and-use-of-vast-quantities-of-cell-phone-location-data
https://www.aclu.org/cases/aclu-v-department-homeland-security-commercial-location-data-foia
https://www.politico.com/f/?id=00000182-10fd-d06c-afbb-95fdce930000
https://www.politico.com/f/?id=00000182-10ff-d914-a1af-78ff70810000
https://docs.house.gov/meetings/IF/IF17/20220623/114958/BILLS-117-8152-P000034-Amdt-1.pdf
https://legislation.politicopro.com/bill/US_117_HR_8152
https://legislation.politicopro.com/bill/US_117_S_1265

https://techcrunch.com/2022/07/18/homeland-security-cell-phone-tracking/
https://themarkup.org/privacy/2021/09/30/theres-a-multibillion-dollar-market-for-your-phones-location-data
https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600
https://www.aclu.org/news/immigrants-rights/the-u-s-government-is-secretly-using-cell-phone-location-data-to-track-us-were-suing
https://www.politico.com/story/2018/06/22/supreme-court-warrants-cell-phone-location-664484
https://www.buzzfeednews.com/article/hamedaleaziz/ice-dhs-cell-phone-data-tracking-geolocation


New Records Detail DHS Purchase and Use of Vast Quantities of Cell
Phone Location Data
Thousands of previously unreleased records illustrate how government
agencies sidestep our Fourth Amendment rights.
A photo of three cell phone towers in front of a sunset.	
July 18, 2022
Shreya Tewari, Brennan Fellow, ACLU Speech, Privacy, and Technology Project	
Fikayo Walter-Johnson, Paralegal, ACLU's Speech, Privacy, and
Technology Project

Today, the ACLU published thousands of pages of previously unreleased
records about how Customs and Border Protection, Immigration and
Customs Enforcement, and other parts of the Department of Homeland
Security are sidestepping our Fourth Amendment right against
unreasonable government searches and seizures by buying access to, and
using, huge volumes of people’s cell phone location information
quietly extracted from smartphone apps.

The records, which the ACLU obtained over the course of the last year
through a Freedom of Information Act (FOIA) lawsuit, shed new light on
the government’s ability to obtain our most private information by
simply opening the federal wallet. These documents are further proof
that Congress needs to pass the Fourth Amendment Is Not For Sale Act,
which would end law enforcement agencies’ practice of buying their way
around the Fourth Amendment’s warrant requirement.

ICE’s and CBP’s warrantless purchase of access to people’s sensitive
location information was first reported by The Wall Street Journal in
early 2020. After the news broke, we submitted a FOIA request to DHS,
ICE, and CBP, and we sued to force the agencies to respond to the
request in December 2020. Although the litigation is ongoing, we are
now making public the records that CBP, ICE, the U.S. Secret Service,
the U.S. Coast Guard, and several offices within DHS Headquarters have
provided us to date.

The released records shine a light on the millions of taxpayer dollars
DHS used to buy access to cell phone location information being
aggregated and sold by two shadowy data brokers, Venntel and Babel
Street. The documents expose those companies’ — and the government’s —
attempts to rationalize this unfettered sale of massive quantities of
data in the face of U.S. Supreme Court precedent protecting similar
cell phone location data against warrantless government access.

Four years ago, in Carpenter v. United States, the Supreme Court ruled
that the government needs a warrant to access a person’s cellphone
location history from cellular service providers because of the
“privacies of life” those records can reveal. That case hinged on a
request for one suspect’s historical location information over a
several-month period. In the documents we received over the past year,
we found Venntel marketing materials sent to DHS explaining how the
company collects more than 15 billion location points from over 250
million cell phones and other mobile devices every day.

With this data, law enforcement can “identify devices observed at
places of interest,” and “identify repeat visitors, frequented
locations, pinpoint known associates, and discover pattern of life,”
according to a Venntel marketing brochure. The documents belabor how
precise and illuminating this data is, allowing “pattern of life
analysis to identify persons of interest.” By searching through this
massive trove of location information at their whim, government
investigators can identify and track specific individuals or everyone
in a particular area, learning details of our private activities and
associations.

The government should not be allowed to purchase its way around
bedrock constitutional protections against unreasonable searches of
our private information.

In the face of the obvious privacy implications of warrantless access
to this information, these companies and agencies go to great lengths
to rationalize their actions. Throughout the documents, the cell phone
location information is variously characterized as mere “digital
exhaust” and as containing no “PII” (personally identifying
information) because it is associated with a cell phone’s numerical
identifier rather than a name — even though the entire purpose of this
data is to be able to identify and track people. The records also
assert that this data is “100 percent opt-in,” that cell phone users
“voluntarily” share the location information, and that it is collected
with consent of the app user and “permission of the individual.” Of
course, that consent is a fiction: Many cell phone users don’t realize
how many apps on their phones are collecting GPS information, and
certainly don’t expect that data to be sold to the government in bulk.

In scattered emails, some DHS employees raised concerns, with internal
briefing documents even acknowledging that “[l]egal, policy, and
privacy reviews have not always kept pace with the new and evolving
technologies.” Indeed, in one internal email, a senior director of
privacy compliance flagged that the DHS Office of Science & Technology
appeared to have purchased access to Venntel even though a required
Privacy Threshold Assessment was never approved. Several email threads
highlight internal confusion in the agency’s privacy office and
potential oversight gaps in the use of this data — to the extent that
all projects involving Venntel data were temporarily halted because of
unanswered privacy and legal questions.

Nonetheless, DHS has pressed on with these bulk location data
purchases. And the volume of people’s sensitive location information
obtained by the agency is staggering. Among the records released to us
by CBP were seven spreadsheets containing a small subset of the raw
location data purchased by the agency from Venntel. (Although the
location coordinates for each spreadsheet entry are redacted, the date
and time of each location point are not.) The 6,168 pages of location
records we reviewed contain approximately 336,000 location points
obtained from people’s phones. For one three-day span in 2018, the
records contain around 113,654 location points — more than 26 location
points per minute. And that data appears to come from just one area in
the Southwestern United States, meaning it is just a small subset of
the total volume of people’s location information available to the
agency.

The documents also highlight particular privacy concerns for people
living near our nation’s borders. A 2018 DHS internal document
proposed using the location data to identify patterns of illegal
immigration, threatening to indiscriminately sweep in information
about people going about their daily lives in border communities.
There is also the potential for local law enforcement entities to gain
access to this large mass of data in ways that they would not usually
be able to. This is illustrated by a troubling request to DHS from a
local police department in Cincinnati, seeking location data analytics
pertaining to opioid overdoses in their jurisdiction.

DHS still owes us more documents, but whatever they show, it is
already abundantly clear that law enforcement’s practice of buying its
way around the core protections of the Fourth Amendment must stop.
There is bipartisan legislation in Congress right now that would do
exactly that. The Fourth Amendment Is Not For Sale Act would require
the government to secure a court order before obtaining Americans’
data, such as location information from our smartphones, from data
brokers. The principle here is simple: The government should not be
allowed to purchase its way around bedrock constitutional protections
against unreasonable searches of our private information. There is no
end run around the Fourth Amendment.

Lawmakers must seize the opportunity to end this massive privacy
invasion without delay. Each day without action only allows the
government’s covert trove of our personal information to grow.

More in Privacy & Technology
A close-up of a video surveillance unit set up in front of the U.S.
Capitol building.
Six Questions to Ask Before Accepting a Surveillance Technology
U.S, Department of Homeland Security logo on a federal building.	
New National Security Programs, Same Old Dangerous Patterns
Impending Threat of Abortion Criminalization Brings New Urgency to the
Fight for Digital Privacy
New Trends May Help TikTok Collect Your Personal, Unchangeable
Biometric Identifiers



Court Cases
ACLU v. Department of Homeland Security (commercial location data FOIA)
Updated:
July 18, 2022
Status:
Filed
Related Issues

    Cell Phone Privacy
    Location Tracking
    Privacy & Technology

Constitutional Principle

    Freedom of Information Act

In December 2020, the ACLU and NYCLU filed a Freedom of Information
Act lawsuit seeking records from Customs and Border Protection (CBP),
Immigrations and Customs Enforcement (ICE), and other parts of the
Department of Homeland Security (DHS) about their practice of
purchasing cell phone location data collected from smartphone apps.

Without users realizing it, apps regularly sell users’ location
information to other, third-party companies like Venntel and Babel
Street, who use it for marketing and other purposes. These third-party
companies then compile and market the data to government agencies.

In 2018, the Supreme Court ruled in Carpenter v. United States that
the government needs a warrant to obtain cell phone location
information from people’s cellular service providers due to the “near
perfect surveillance” such information provides. Our FOIA lawsuit
seeks information about how the government justifies its end run
around the Supreme Court’s Fourth Amendment ruling, how it uses the
location records, and what controls are in place to protect Americans’
privacy.

Legal Documents

    District Court (S.D.N.Y.) FOIA litigation documents
    Documents produced by Customs & Border Protection (CBP)
    Documents produced by the Department of Homeland Security (DHS)
    Documents produced by Immigration & Customs Enforcement (ICE)
    Documents produced by the Department of Justice (DOJ) Criminal Division
    Documents produced by the Coast Guard (USCG)
    Documents produced by the Secret Service


https://www.aclu.org/blog/privacy-technology/location-tracking/supreme-courts-most-consequential-ruling-privacy-digital
https://www.aclu.org/cases/aclu-v-department-homeland-security-commercial-location-data-foia
https://www.aclu.org/foia-document/foia-request-dhs-cbp-ice-cell-phone-location-data
https://www.aclu.org/news/immigrants-rights/the-u-s-government-is-secretly-using-cell-phone-location-data-to-track-us-were-suing
https://www.aclu.org/sites/default/files/field_document/1._2021-icli-00013_may_2021_release_redacted.pdf
https://www.aclu.org/sites/default/files/field_document/dhs_hq_21_09_records.pdf
https://www.aclu.org/sites/default/files/field_document/production_1_reprocessed_jan._22.pdf
https://www.aclu.org/sites/default/files/field_document/production_1_reprocessed_jan._22.pdf/
https://www.aclu.org/sites/default/files/field_document/production_3_reprocessed_jan._22.pdf
https://www.aclu.org/sites/default/files/field_document/production_5_reprocessed_jan._22_0.pdf
https://www.aclu.org/sites/default/files/field_document/sci._tech._directorate_21_11_records.pdf
https://www.aclu.org/sites/default/files/field_document/sci._tech._directorate_21_12_records_.pdf
https://www.aclu.org/sites/default/files/field_document/sci._tech._directorate_22_01_records.pdf
https://www.wsj.com/articles/federal-agencies-use-cellphone-location-data-for-immigration-enforcement-11581078600
https://www.wyden.senate.gov/imo/media/doc/The%20Fourth%20Amendment%20Is%20Not%20For%20Sale%20Act%20of%202021%20Bill%20Text.pdf

More information about the cypherpunks mailing list