Enlarge /. Dozens of apps on your phone know where you are, whether you're at home, at a doctor's appointment, at the airport, or sitting quietly in an empty white room to artfully pose for a photo shoot.
An increasing number of law enforcement agencies, including US intelligence, are simply buying their way into data that would normally require an arrest warrant, a new report found, and at least one US Senator wants to put an end to it.
The Secret Service paid about $ 2 million to a company called Babel Street in 2017-2018 to use their Locate X service. This emerges from a document (PDF) that Vice Motherboard received. The contract specifies what kind of content, training and customer care Babel Street must provide to the Secret Service.
Locate X offers location data collected and aggregated by a variety of other apps, the Tech Site Protocol reported earlier this year. For the past few months, users have been able to "draw a digital fence around an address or area, locate mobile devices in that area, and see where else those devices have traveled," the protocol stated.
The Wall Street Journal reported in February that Homeland Security agencies – including Immigration and Customs Control (ICE) and Customs and Border Protection (CBP) – have acquired access to cell phone location activity for investigation. In June, the WSJ also reported that the IRS had acquired access to location data through commercial databases.
Easier than an arrest warrant
Private companies can, and do, collect, buy, sell, and trade all kinds of sensitive user data more or less at will, with very few restrictions.
All kinds of mobile apps collect location data, rightly and wrongly, and then sell it to data brokers. The then forwarded data brokers are theoretically anonymized – but easy to identify in practice.
The New York Times in 2018 demonstrated in a multimedia feature how easy it is to track a person throughout their daily life from a snapshot obtained from just one data aggregation company. "The Times-verified database – a sample of information collected and held by a company in 2017 – shows people's journeys in amazing detail, accurate to within a few feet and, in some cases, updated more than 14,000 times a day," wrote the newspaper back then.
Apps aren't the only ones collecting and selling this information. All four national wireless operators – Verizon, AT&T, and the now combined Sprint and T-Mobile – were caught selling customer location data without consent in 2018 and 2019.
Law enforcement agencies must obtain an arrest warrant to obtain a person's cell phone location data, the Supreme Court ruled in 2018. Investigators have requested an arrest warrant multiple times to collect information for all phones that drive within a certain limit within a certain period of time . known as geofencing.
However, currently there are no rules in the books that prevent law enforcement from simply buying the information they want from the existing market. Senator Ron Wyden (D-Ore.) Told Vice that this had to change.
"It's clear that several federal agencies have turned to buying data from Americans to deal with Americans' rights to the Fourth Amendment," Wyden told Motherboard. "I'm drafting laws to fill that void and make sure the fourth amendment isn't for sale."