A U.S. intelligence agency is buying phone location data without using warrants, according to a newly released document.
The Supreme Court ruled in 2018 in Carpenter v. United States that the government improperly obtained cell phone location records from wireless carriers serving Timothy Carpenter, a criminal suspect, because it violated his Fourth Amendment rights by not securing a warrant before obtaining the records.
The DIA said it “does not construe the Carpenter decision to require a judicial warrant to purchase or use commercially available data for intelligence purposes.”
Wyden is planning to introduce legislation that would help protect Americans against warrantless searches of cell phone records and other data. On the Senate floor last week, he said it was “important that the American people are told if the government is using legal loopholes in the law and the warrant requirement of the Fourth Amendment.”
There are circumstances, he said, “in which the government, instead of getting an order, just goes out and purchases the private records of Americans from these sleazy and unregulated commercial data brokers who are simply above the law.”
Avril Haines, the new director of national intelligence, told Wyden during her recent confirmation hearing that she wasn’t up to date on data collection. She said that, if confirmed, she would “seek to try to publicize essentially a framework that helps people understand the circumstances under which we do that and the legal basis that we do that under.”
Other agencies may have also used location data in investigations. The Department of Homeland Security’s inspector general last year said it was investigating whether the department used commercial databases to get location data on Americans without a warrant.
The National Security Agency warned Pentagon employees last year that location data “can be extremely valuable and must be protected.”
“It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations,” the agency said in a memo (pdf) it published in August 2020.
Ways to limit tracking risks include disabling location services settings on devices, giving applications as few permissions as possible, and disabling advertising permissions to the greatest extent possible.