The Washington PostDemocracy Dies in Darkness

Senators seek IG probe of border agency’s warrantless use of phone location data

In August, Customs and Border Protection subscribed to a service that reports the location of cellphones to businesses

October 23, 2020 at 6:07 p.m. EDT
Federal Triangle in Washington serves as headquarters for U.S. Customs and Border Protection, the Environmental Protection Agency, the U.S. Agency for International Development and other organizations. (Chip Somodevilla/Getty Images)

U.S. Customs and Border Protection officials who have used cellphone location data to track people inside the country without a warrant are refusing to tell members of Congress what gives them the legal right to do so, a group of Democratic senators said Friday.

When people use any one of a broad assortment of weather, gaming and other apps, their location data is bundled and resold by companies such as Venntel to advertisers, commercial buyers — and, in recent months, federal agencies such as CBP, which have argued the data is a powerful tool for investigating crime.

But the practice has raised alarms among lawmakers and privacy advocates, who argue that many people may not realize they’re giving away potentially sensitive information detailing their personal movements.

They also question whether the surveillance violates Americans’ Fourth Amendment rights against unreasonable searches, as well as a 2018 Supreme Court decision that found law enforcement authorities must obtain a warrant before gathering location data from Americans’ phones.

ICE has run facial-recognition searches on millions of Maryland drivers

Five Democratic senators on Friday asked that the inspector general of the Department of Homeland Security investigate the practice, saying CBP had refused to provide any legal analysis defending the warrantless searches.

“CBP is not above the law and it should not be able to buy its way around the Fourth Amendment,” senators Ron Wyden (Ore.), Elizabeth Warren (Mass.), Sherrod Brown (Ohio), Edward J. Markey (Mass.) and Brian Schatz (Hawaii) wrote to DHS inspector general Joseph V. Cuffari.

In a statement to The Washington Post, CBP asserted without explanation that the agency “may obtain access to commercially available information relevant to its border security mission.” It also said: “All CBP operations in which commercially available telemetry data may be used are undertaken in furtherance of CBP’s responsibility to enforce U.S. law at the border and in accordance with relevant legal, policy, and privacy requirements.”

Representatives of Cuffari’s office and Venntel, a Virginia-based government contractor, did not respond to requests for comment. CBP paid roughly $500,000 in August for a subscription to Venntel’s commercial database, federal contracts show.

Hacked documents reveal sensitive details of expanding border surveillance

Advocates have cautioned, however, against the dangers of “surveillance creep,” in which the data is used for purposes far beyond its original use. CBP officials have said they’ve used the data to track people in areas far beyond the border and have not attempted to distinguish between the data of Americans and foreign nationals, a Wyden aide told The Post.

The geolocation information gathered by data brokers such as Venntel does not traditionally include a person’s name. But privacy advocates argue that the precision of the data makes it easy for a person to be identified.

The Internal Revenue Service has also used Venntel data to investigate potential crimes. The inspector general’s office of that agency has launched its own review.

ICE is tapping into a huge license-plate database, ACLU says, raising new privacy concerns about surveillance

The Trump administration has moved aggressively to track Americans using private databases and nationwide searches without seeking court approval.

Immigration and Customs Enforcement officials have used facial recognition searches of driver’s license photos to identify and pursue potential suspects. They have also gained access to private databases containing billions of car location data points — taken from images captured by cameras on tow trucks, toll booths and stop lights — to map the movement of people who may be in the country illegally.

The growing scale and precision of government surveillance data has left Americans increasingly vulnerable to data breaches or misuse.

Hackers last year stole a large cache of sensitive files — including photos of drivers’ faces and license plates — from Perceptics, a government contractor that made the license-plate scanners used on vehicles crossing the U.S. borders. The hack was not reported to CBP until nearly three weeks after it was first discovered, when many of the stolen files had already been made freely available on the Web.