WASHINGTON – A military wing of the intelligence community buys commercially available databases of location data from smartphone apps and searches them without a warrant for Americans’ past movements, according to an unclassified note obtained by the New York Times.
Defense Intelligence Agency analysts have searched a commercial database for movements of Americans in five investigations over the past two and a half years, agency officials revealed in a note they wrote for the. Senator Ron Wyden, Democrat of Oregon.
The disclosure highlights an emerging loophole in privacy law in the digital age: In a landmark 2018 decision known as the Carpenter ruling, the Supreme Court ruled that the Constitution requires the government to obtain a warrant to require telephone companies to provide location data. on their customers. But the government can buy similar data from a broker instead – and don’t think it needs a warrant to do so.
“The DIA does not interpret Carpenter’s decision as requiring a judicial warrant approving the purchase or use of commercially available data for intelligence purposes,” the agency’s note said.
Mr Wyden has made it clear that he intends to propose legislation to add safeguards for Americans to commercially available location data. In a Senate speech this week, he denounced the circumstances “in which the government, instead of getting an order, simply goes out and buys the private records of Americans from those shady, unregulated business data brokers who are just plain wrong. above the law.
He called this practice unacceptable and an intrusion on constitutional rights to privacy. “The Fourth Amendment is not for sale,” he said.
The government‘s use of commercial location information databases is under increasing scrutiny. Many smartphone apps log their users’ locations, and app makers can aggregate the data and sell it to brokers, who can then resell it, including to the government.
We know that the government sometimes uses this data for law enforcement purposes on national soil.
The Wall Street Journal reported last year that enforcement was using this data. In particular, he found that two agencies of the Department of Homeland Security – Immigration and Customs Enforcement, and Customs and Border Protection – used the data to patrol the border and investigate immigrants who were subsequently arrested.
In October, BuzzFeed reported the existence of a legal notice from the Department of Homeland Security stating that it was legal for law enforcement to purchase and use smartphone location data without a warrant. The inspector general of the ministry opened an internal examination.
The military is also notorious for sometimes using location data for intelligence purposes.
In November, the technology blog of Vice’s Motherboard reported that Muslim Pro, a Muslim prayer and Quran app, sent the location data of its users to a broker called X-Mode who then sold it to entrepreneurs in the defense and the US military. Muslim Pro then said it would stop sharing data with X-Mode, and Apple and Google said they would ban apps that use the company’s tracking software on phones running their mobile operating systems. .
Mr Wyden’s new memo, written in response to inquiries from privacy and cybersecurity assistant in his office, Chris Soghoian, adds to this emerging mosaic.
The Defense Intelligence Agency appears to primarily purchase and use location data for investigations of foreigners abroad; one of its main missions is to detect threats to US forces stationed around the world.
But, the memo says, the unidentified broker (s) the government buys smartphone location data from in bulk does not separate US and foreign users. Rather, the Defense Intelligence Agency processes the data as it arrives to filter out records that appear to be on national soil and place them in a separate database.
Agency analysts can only query this separate database of American data if they receive special approval, the memo said, adding: “Permission to query the location data of American devices has been granted.” five times in the past two and a half years for authorized purposes. “
Mr Wyden questioned Avril D. Haines, President Biden’s new director of national intelligence, about what he called “abuse” of commercially available location information during his confirmation hearing this week. Ms Haines said she was not yet aware of the matter, but stressed the importance of the government being open about the rules under which it operates.
“I would like to try to spread, essentially, a framework that helps people understand the circumstances in which we do this and the legal basis on which we do it,” she said. “I think this is part of what is essential to promote transparency in general so that people understand the guidelines under which the intelligence community operates.”
Mr Wyden’s upcoming legislation on the matter seems likely to be drawn into a larger oversight debate that erupted in Congress last year before temporarily grounding after erratic statements by President Donald J. Trump, as he fueled his grievances over the Russia investigation, threatening to veto the bill and fail to specify what would satisfy him.
With Mr Biden now in office, lawmakers are expected to pick up on this unresolved issue. The legislation has focused on reactivating several provisions of the Patriot Act that have expired and whether to put new safeguards on them, including a ban on using a part known as Section 215 for collect web browsing information without warrant.