No Warrant, No Problem: Report Details Law Enforcement’s Data Purchases

By Ken Silva
Ken Silva
Ken Silva
Ken Silva covers national security issues for The Epoch Times. His reporting background also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us
December 15, 2021 Updated: December 15, 2021

Instead of obtaining warrants to collect geolocation data from companies, U.S. federal law enforcement agencies have turned to simply purchasing such information—a tactic that has privacy advocates calling for Congress to enact reforms.

Law enforcement’s purchases of bulk data have been on the rise since the U.S. Supreme Court’s 2018 decision in Carpenter v. United States, when justices said law enforcement agencies need to obtain warrants before they can request geolocation data.

Dec. 9 report from the Center for Democracy & Technology (CDT) attempts to chronicle this trend, showing that U.S. federal agencies have at least 30 contracts valued at about $86 million with various data broker services.

“The documents suggest that data obtained from brokers are employed for a variety of purposes such as pre-investigative inquiries, intelligence gathering, crime prevention, or criminal investigations,” the report reads. “Indeed, commercially acquired data feeds into the data-driven operation of modern law enforcement and intelligence, a phenomenon which scholars have called ‘big data policing.’”

facebook-data centers
Chuck Goolsbee, site director for Facebook’s Prineville Data Center, shows the computer servers that store users’ photos and other data at the Facebook site in Prineville, Ore., on Oct. 15, 2013. (Andy Tullis/The Bulletin via AP)

Geolocation seems to be the most sought-after data point by law enforcement, according to the report. The FBI and Customs and Border Protection both have contracts with data broker Venntel, which harvests location data from a variety of sources, including ordinary apps.

“In the Venntel system, agencies can access a panel where users view the locations of smartphones over time, with data sourced from many companies and ad firms, as well as apps including weather apps,” the report reads.

The FBI also seeks certain GPS, internet, and social media footprint information from companies such as Thomson Reuters and RELX Group, according to the report.

Epoch Times Photo
A U.S. Drug Enforcement Administration (DEA) logo at the Office of the DEA on May 29, 2019, in New York. (JOHANNES EISELE/AFP via Getty Images)

The Drug Enforcement Administration (DEA), IRS, Immigration and Customs Enforcement, and the Secret Service have all used a company known as Babel Street. This company’s Locate X software provides a history of device location data derived from apps or online adtech services.

“The company has been secretive about the capabilities program. … One DEA contract with Babel Street for $220k merely references ‘data collection,’” the report reads.

The Marine Corps Intelligence Surveillance Reconnaissance Enterprise uses a database from Thomson Reuters that provides a “live gateway” to “cell phone data,” according to the report.

CDT blamed gaps in U.S. legislation for the situation. Government attorneys have interpreted the Fourth Amendment to allow federal agencies to purchase data from companies, while consumer protection laws don’t cover data brokers because they don’t interact directly with consumers.

Epoch Times Photo
Cables linked to a server are seen on Jan. 4 during the International Cybersecurity Forum in Lille, France. (Philippe Huguen/AFP/Getty Images)

“There’s a loophole in ECPA [Electronic Communications Privacy Act] allowing data brokers to obtain ‘non-content’ communications data, and then, because data brokers are not regulated by that law, to turn around and sell that information to government agencies,” CDT Policy Director Samir Jain said in a statement.

“Similarly, although the Supreme Court’s expansive language in Carpenter v. United States suggests that the government must also obtain a warrant in order to access sensitive personal information … government agencies have adopted narrow interpretations under which purchases of sensitive data from brokers are permitted without a warrant or other legal process.”

To close the legal loopholes, the CDT has endorsed the Fourth Amendment is Not for Sale Act, which was introduced in April by Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.). The measure would place warrant requirements on government purchases of bulk data and take away the U.S. attorney general’s ability to give civil immunity to companies that unlawfully sell bulk data to government agencies.

Twitter Login
The login or sign-up screen for a Twitter account is seen on a laptop computer in Orlando, Fla., on April 27, 2021. (John Raoux/AP Photo)

“This legislation seeks to close the ECPA loophole that, as evidenced by this report, has enabled an entire lucrative industry around government contracts for data that the government should not access without appropriate legal process,” the CDT stated.

The Fourth Amendment is Not for Sale Act has the bipartisan support of 20 cosponsors, but the measure has yet to receive a hearing.

Not everyone agrees that the government purchasing of private data is the problem that privacy activists and civil libertarians make it out to be. On the Nov. 22 episode of the Cyberlaw Podcast, former Department of Homeland Security (DHS) official Paul Rosenzweig said federal agencies should be able to make the same data transactions as private entities.

“To say that the federal government may not purchase on the open market the same products that Walmart can purchase—the government is acting as a consumer like anyone else,” said Rosenzweig, former DHS deputy assistant secretary for policy. “For privacy advocates to contend that the government as a consumer should be in a different position from any other commercial purchaser is just senseless.”

Ken Silva
Ken Silva covers national security issues for The Epoch Times. His reporting background also includes cybersecurity, crime and offshore finance – including three years as a reporter in the British Virgin Islands and two years in the Cayman Islands. Contact him at ken.silva@epochtimes.us