Big Brother Never Sleeps: ACLU Dubs DHS’s Phone Location Data Use ‘Massive Privacy Disaster’
13:04 GMT 20.07.2022 (Updated: 13:10 GMT 20.07.2022)
Subscribe
The American Civil Liberties Union (ACLU) released a vast trove of documents on Monday detailing how domestic law enforcement agencies used commercially harvested data from hundreds of millions of phones across the United States, Canada and Mexico, enabling them to bypass Fourth Amendment constitutional protections against warrantless searches.
Revelations that Department of Homeland Security agencies paid millions of dollars to shadowy data brokers to buy access to the cellphone location data of both Americans and foreigners are astonishing in their scale, and a blatant violation of Americans’ privacy rights, Shreya Tewari of the ACLU Speech, Privacy and Technology Project has said.
“It was definitely a shocking amount [of data],” Tewari said in an interview with Politico published Monday. “It was a really detailed picture of how they can zero in on not only a specific geographic area, but also a time period, and how much they’re collecting and how quickly,” she said.
Commenting on a brochure put out by Venntel, one of the aggregators engaged in the sale of bulk location info on hundreds of millions of phones to law enforcement, and which assures publicly that “all users opt-in to location data collection,” Tewari said the wording of that language is blatantly dishonest.
“The way that they use the phrase ‘opt-in’, they’re talking about the fact that you have to give permission on your phone for an app to access location, but it’s very clear that when people are doing that, they’re not expecting that that’s going to be potentially creating this massive database of their entire location history that’s available to the government at any time,” Tewari stressed.
Venntel has been able to use loopholes in federal privacy legislation by assuring that no personal data is collected. However, the documents released by the ACLU showed that in reality, data on individuals’ cellphones can easily be gathered using “derived means by which identifiers and pertinent location [information] can be assembled.”
18 July 2022, 20:06 GMT
In a February 2017 email to Immigration and Customs Enforcement, Venntel, which has its headquarters in the state of Virginia about a 20 minute drive east of the Central Intelligence Agency, boasted that it had gathered location data from over 250 million mobile devices and processed over 15 billion location data points over a 24 hour period. In another email, the company showed off its capabilities to track individual phones and their location over time.
The ACLU’s data dump, based on a review of over 6,000 pages of documents, contains some 336,000 location points obtained from individuals’ phones gathered. The group found that across just three days in 2018, for example, more than 113,650 location points were gathered from the southwestern United States alone.
The data also revealed that the operation is continental in scale, with the Department of Homeland Security collecting location information from phones not just in major US urban areas, but in neighboring Canada and Mexico as well.
The ACLU was able to get its hands on the records via an ongoing lawsuit against the DHS launched in 2020, and accusing Immigration and Customs Enforcement, Customs and Border Patrol, the US Secret Service, and the US Coast Guard of using location information collected by data brokers.
Oregon Senator Ron Wyden blasted the data merchants on Monday, tweeting that “no one who downloads an app thinks they are giving permission to waive their 4th Amendment rights and let the government follow their every move.”
No one who downloads an app thinks they are giving permission to waive their 4th Amendment rights and let the government follow their every move. My Fourth Amendment is Not for Sale Act is must-pass legislation to protect Americans’ private data from the government. https://t.co/BJgEZf8xC2
— Ron Wyden (@RonWyden) July 18, 2022
The US currently has no national legislation in place to regulate cellphone location data, which was estimated last year to constitute a $12 billion market, and to be made up of collectors, aggregators, marketplaces, and private intelligence firms willing to use the information for both private and state clients.
ACLU Speech, Privacy and Technology Project deputy director Nathan Freed Wessler told Politico that companies have been able to take advantage of the lack of federal privacy protections.
“These agencies seem fully aware that they are exploiting a massive privacy disaster in this country. These agencies understand that the same data dumps that they are able to buy access to for whatever they want can also be bought by anyone else to try to target their agents,” he said.
Senator Wyden introduced legislation in April 2021 aimed at addressing the cellphone data leak issue, dubbing it the ‘Fourth Amendment is Not For Sale Act’. The legislation would require law enforcement and intelligence services to acquire a warrant before being able to buy location information from online data merchants. The legislation has 20 cosponsors, including Republican Senator Rand Paul of Kentucky, independent Vermont Senator Bernie Sanders, and New York Democrat Senator Jerrold Nadler, but remains in gridlock.
The collection of cellphone data for use by corporations and governments has been an underreported problem since the advent of the mobile phone, but its extent in the smartphone age was first revealed by documents leaked by NSA whistleblower Edward Snowden in 2014, revealing that the National Security Agency was using a wide range of tools to track people, including so-called ‘leaky apps’ and games like Angry Birds.
18 July 2022, 12:22 GMT
