Since Edward Snowden shocked the world revealing how the U.S. National Intelligence Agency (NSA) carried out surveillance on Americans and foreigners, people have been more concerned about their privacy.
While NSA still needed a court order to do that, now the U.S. Department of Homeland Security (DHS) is carrying out similar surveillance and doesn't even need a court's permission. As per a report, the DHS purchases cellphone location data from private companies to help Immigration and Customs Enforcement (ICE) track immigrants at the southern border.
Using the purchased cellphone location data, ICE officials can track a person's activity and alert the law and enforcement of any suspicions. However, the officials do not even need a warrant and they neither violate the Fourth Amendment that protects Americans from unreasonable search and seizures to track an individual. This legal yet immoral activity came to light when an internal memo was leaked to BuzzFeed News. In the memo, Chad Mizelle, one of the top attorneys of the DHS, explained how the agency could use the data to track all Americans.
This, of course, raises privacy concerns. Cellphone location is highly private data and the tech giants including Google and Facebook have been getting flacks for tracking the activity. While the DHS is mainly targeting immigrants, for now, the same legal loophole can be exploited to track American citizens.
ACLU attorney Nathan Freed Wessler, a specialist in privacy issues, told BuzzFeed News that the memo raised several red flags. "This raises concerns about dragnet collection of Americans' highly private location information that reveal where we sleep at night, where we go to the doctor, who we spend time with, and every other aspect of our lives. Police should be going to judges to get location information from these commercial entities," he said.
Geolocation tracking is already a controversial topic but doing this without a warrant is alarming. Adam Schwartz, Electronic Frontier Foundation's senior staff attorney said that the practice was deeply disturbing as it could have far-reaching consequences on people's lives. "It's deeply disturbing. It's essentially a secret effort by members of the government to justify the construction of this terrible surveillance partnership between the government and these corporations," he said.
CBP Refuses to Disclose Legal Framework
The leak of the internal memo comes a week after the U.S. Customs and Border Protection (CBP) refused to tell Congress the legal framework behind buying location data from a private company called Venntel. The database did not only include location data from border areas but from all over the U.S. A few members of Congress have demanded an inquiry into the legality of the practice.
In the leaked memo, Mizelle said that there were ways in which CBP and ICE could mitigate the risks of violating the constitution, especially the Fourth Amendment. He added that officials could get around the legal framework by limiting searches, getting permission from the supervisor, and only use the geolocation data when other traditional techniques failed.
However, a CBP spokesperson claimed that the data didn't include any individual identity and neither cellular tower data. "CBP officers, agents, and analysts are provided with access to the vendor's interface on a case-by-case basis, and are only able to view a limited sample of anonymized data consistent with existing border security or law enforcement operations," the statement from CBP read.
The database CBP purchased from the vendor included Advertising IDs that index a user's geolocation, device information, online activity, languages used and websites the user purchase things from. All these data are included in a randomized AdID without the user's name.
However, there have been cases where apps have bridged device ID (Android ID) with AdID, meaning the data is not anonymized anymore. Furthermore, the CBP says that the anonymized data included only time-stamped geolocations but could be combined with other information to identify a user.
Many privacy experts have claimed that AdID data is not really anonymized as it can be cross-referenced to reveal the identity of the user. "This description puts the lie to the assertion of some of these companies that all they are gathering is anonymized information about phone users. This agency is contemplating using this data to track and identify and locate particular people," Wessler said.