New Records Detail DHS Purchase and Use of Vast Quantities of Cell Phone Location Data
Today, the 勛圖眻畦 published thousands of pages of previously unreleased records about how Customs and Border Protection, Immigration and Customs Enforcement, and other parts of the Department of Homeland Security are sidestepping our Fourth Amendment right against unreasonable government searches and seizures by buying access to, and using, huge volumes of peoples cell phone location information quietly extracted from smartphone apps.
The records, which the 勛圖眻畦 obtained over the course of the last year through a Freedom of Information Act (FOIA) lawsuit, shed new light on the governments ability to obtain our most private information by simply opening the federal wallet. These documents are further proof that Congress needs to pass the Fourth Amendment Is Not For Sale Act, which would end law enforcement agencies practice of buying their way around the Fourth Amendments warrant requirement.
ICEs and CBPs warrantless purchase of access to peoples sensitive location information was by The Wall Street Journal in early 2020. After the news broke, we submitted a FOIA request to DHS, ICE, and CBP, and we sued to force the agencies to respond to the request in December 2020. Although the litigation is ongoing, we are now making public the records that CBP, ICE, the U.S. Secret Service, the U.S. Coast Guard, and several offices within DHS Headquarters have provided us to date.
The released records shine a light on the millions of taxpayer dollars DHS used to buy access to cell phone location information being aggregated and sold by two shadowy data brokers, Venntel and Babel Street. The documents expose those companies and the governments attempts to rationalize this unfettered sale of massive quantities of data in the face of U.S. Supreme Court precedent protecting similar cell phone location data against warrantless government access.
Four years ago, in Carpenter v. United States, the Supreme Court ruled that the government needs a warrant to access a persons cellphone location history from cellular service providers because of the privacies of life those records can reveal. That case hinged on a request for one suspects historical location information over a several-month period. In the documents we received over the past year, we found Venntel marketing materials sent to DHS explaining how the company collects more than 15 billion location points from over 250 million cell phones and other mobile devices every day.
With this data, law enforcement can identify devices observed at places of interest, and identify repeat visitors, frequented locations, pinpoint known associates, and discover pattern of life, according to a Venntel marketing brochure. The documents belabor how precise and illuminating this data is, allowing pattern of life analysis to identify persons of interest. By searching through this massive trove of location information at their whim, government investigators can identify and track specific individuals or everyone in a particular area, learning details of our private activities and associations.
The government should not be allowed to purchase its way around bedrock constitutional protections against unreasonable searches of our private information.
In the face of the obvious privacy implications of warrantless access to this information, these companies and agencies go to great lengths to rationalize their actions. Throughout the documents, the cell phone location information is variously characterized as mere digital exhaust and as containing no PII (personally identifying information) because it is associated with a cell phones numerical identifier rather than a name even though the entire purpose of this data is to be able to identify and track people. The records also assert that this data is 100 percent opt-in, that cell phone users v棗梭喝紳喧硃娶勳梭聆 share the location information, and that it is collected with consent of the app user and permission of the individual. Of course, that consent is a fiction: Many cell phone users dont realize how many apps on their phones are collecting GPS information, and certainly dont expect that data to be sold to the government in bulk.
In scattered emails, some DHS employees raised concerns, with internal briefing documents even acknowledging that [l]egal, policy, and privacy reviews have not always kept pace with the new and evolving technologies. Indeed, in one internal email, a senior director of privacy compliance flagged that the DHS Office of Science & Technology appeared to have purchased access to Venntel even though a required Privacy Threshold Assessment was never approved. Several email threads highlight internal confusion in the agencys privacy office and potential oversight gaps in the use of this data to the extent that all projects involving Venntel data were temporarily halted because of unanswered privacy and legal questions.
Nonetheless, DHS has pressed on with these bulk location data purchases. And the volume of peoples sensitive location information obtained by the agency is staggering. Among the records released to us by CBP were seven spreadsheets containing a small subset of the raw location data purchased by the agency from Venntel. (Although the location coordinates for each spreadsheet entry are redacted, the date and time of each location point are not.) The 6,168 pages of location records we reviewed contain approximately 336,000 location points obtained from peoples phones. For one three-day span in 2018, the records contain around 113,654 location points more than 26 location points per minute. And that data appears to come from just one area in the Southwestern United States, meaning it is just a small subset of the total volume of peoples location information available to the agency.
The documents also highlight particular privacy concerns for people living near our nations borders. A 2018 DHS internal document proposed using the location data to identify patterns of illegal immigration, threatening to indiscriminately sweep in information about people going about their daily lives in border communities. There is also the potential for local law enforcement entities to gain access to this large mass of data in ways that they would not usually be able to. This is illustrated by a troubling request to DHS from a local police department in Cincinnati, seeking location data analytics pertaining to opioid overdoses in their jurisdiction.
DHS still owes us more documents, but whatever they show, it is already abundantly clear that law enforcements practice of buying its way around the core protections of the Fourth Amendment must stop. There is bipartisan legislation in Congress right now that would do exactly that. The would require the government to secure a court order before obtaining Americans data, such as location information from our smartphones, from data brokers. The principle here is simple: The government should not be allowed to purchase its way around bedrock constitutional protections against unreasonable searches of our private information. There is no end run around the Fourth Amendment.
Lawmakers must seize the opportunity to end this massive privacy invasion without delay. Each day without action only allows the governments covert trove of our personal information to grow.
Learn More 勛圖眻畦 the Issues on This Page
-
Press ReleaseMay 2025
Disability Rights
Privacy & Technology
Disability Rights And Privacy Advocates Raise Concerns With Proposed Autism registry. Explore Press Release.Disability Rights and Privacy Advocates Raise Concerns with Proposed Autism Registry
WASHINGTON The 勛圖眻畦, the Autistic Self Advocacy Network (ASAN), and 80 other disability rights, civil rights, and public health organizations sent a letter to Secretary of Health and Human Services Robert F. Kennedy, Jr. today raising significant concerns with the National Institutes of Healths (NIH) proposal to create a national autism registry. The registry was detailed during an April 21 presentation by NIH Director Jay Bhattacharya, which he described as a real-world data platform for developing national disease registries, including a new one for autism. The Department of Health and Human Services (HHS) has since claimed it is not creating an autism registry, but the department has failed to engage with autistic people and advocates, exacerbating the lack of clarity. Instead of engaging with the communities this proposal would impact most, federal health agencies have taken every opportunity to shut disabled and autistic people out of the conversation, leaving unanswered questions, a sense of alarm, and deepening mistrust, said Vania Leveille, 勛圖眻畦 senior legislative counsel. Trust in federal health data requires affirmative, good faith engagement with autistic people, appropriate safeguards for privacy, and ensuring any proposal helps not hurts the communities impacted. The letter outlines the many unanswered questions left by NIHs data platform proposal, including what data it will collect, what sources it will rely on, how it will anonymize and secure the data. It also highlights the increased risk of surveillance, stigmatization, and marginalization from data collection, particularly for disabled people who have a long and troubled history with government efforts to find and track disability for the purpose of eliminating it. Its no secret that this proposal has created a lot of fear and confusion in the autistic community. said Colin Killick, executive director of the Autistic Self Advocacy Network. We continue to advocate and support research into autism that autistic people want conducted, but it is critical that autistic peoples private data not be shared without our consent. We hope the administration answers our questions to shine light on how autistic people and our rights will be protected. The letter also establishes three key steps NIH and HHS must take to establish trust in its proposed data platform: Meaningful communication with autistic people and advocates; fundamental privacy safeguards to prevent misuse and abuse; and ensuring the data platform advances the well-being of autistic people, people with disabilities, and the public health while minimizing potential harms. The letter is here: /documents/letter-to-hhs-secretary-robert-f-kennedy-jr-on-concerns-with-proposed-autism-registry -
Press ReleaseMay 2025
Privacy & Technology
Aclu Demands Social Security Administration Turn Over Docs On Doges Access To Americans Data. Explore Press Release.勛圖眻畦 Demands Social Security Administration Turn Over Docs on DOGEs Access to Americans Data
WASHINGTON The 勛圖眻畦 today urged the U.S. District Court for the District of Columbia to grant a preliminary injunction and order expedited processing of a Freedom of Information Act (FOIA) request sent to the Social Security Administration (SSA). The FOIA request, originally filed in February, seeks urgent transparency about the so-called Department of Government Efficiencys (DOGE) secretive efforts to access and analyze Americans sensitive personal information controlled by the Social Security Administration. In its FOIA request, the 勛圖眻畦 asked for any records that reveal whether DOGE or its representatives have sought or obtained access to databases containing personally identifiable information, financial records, health care data, or other sensitive government-held records of Americans. The request also sought information on DOGEs use of artificial intelligence (AI) to analyze government data. Despite the urgency of the situation, the SSA declined 勛圖眻畦s request for expedited processing and has so far failed to respond to the 勛圖眻畦s appeal. Also concerning is the recent news that DOGE has already started removing some protections around personal data, such as Social Security numbers, birth dates, employment history, disability records, and medical documentation. Todays filing marks a critical step in uncovering the full extent of DOGEs access to the U.S. Social Security Administrations database, said Michelle Fraling, Skadden Fellow with the 勛圖眻畦s Center for Liberty. Recent reports that DOGE intends to consolidate federal data into a centralized system only heighten the need to obtain this information. The public has a right to know, now, who is accessing their Social Security numbers, financial records, and medical history. This comes amidst DOGEs obsessive race to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that seriously implicates individuals privacy rights. One major concern is that the data consolidated by DOGE could be used against political foes or for targeted decisions about funding or basic government services. There is also concern about the risk of exposing data to hackers and other adversaries. A new report from the 勛圖眻畦 analyzes the vast array of surveillance, privacy, and cybersecurity risks of data consolidation, and the technical issues and legal implications those efforts pose. As DOGE embarks on unprecedented efforts to consolidate federal data, the American people have a right to understand exactly what it is they are doing, said Cody Venzke, senior policy counsel at 勛圖眻畦. For decades, agencies have been required by federal law to give access to our data only if it was necessary for federal employees to carry out their duties. Failure to meet those requirements increases the risk that our data will be mishandled, misused, or exfiltrated in a data breach. -
Press ReleaseApr 2025
Privacy & Technology
+2 Issues
Human Rights First Joins Aclu And Nyclu In Amicus Brief To Protect First Amendment Rights And Interests Of Ngos Advocating For U.s. Sanctions. Explore Press Release.Human Rights First Joins 勛圖眻畦 and NYCLU in Amicus Brief to Protect First Amendment Rights and Interests of NGOs Advocating for U.S. Sanctions
Today, Human Rights First, the 勛圖眻畦 (勛圖眻畦), and the New York Civil Liberties Union (NYCLU) filed an amicus brief with the U.S. District Court for the Eastern District of New York, in support of Democracy for the Arab World Nows (DAWN) efforts to block an individual sanctioned for violence in the Israeli occupied West Bank from accessing information about DAWNs advocacy for sanctions against him. The brief argues that various protections, including the First Amendment and reporters privilege, bar the court from granting the discovery requested in this case. The brief also emphasizes how such discovery requests, if granted, would put civil society groups at serious risk of irreparable harm and chill their vital advocacy work on human rights and corruption issues. In August 2024, Isaac Levi Pilant was sanctioned by the U.S. government under the West Bank sanctions program, for attacking and forcefully expelling Palestinians from a West Bank settlement. At the time, human rights groups, media outlets, and witnesses had documented Pilants alleged role in violent attacks against Palestinians, and DAWN had publicly recommended that the U.S. government impose sanctions on him and others for such violence. The sanctions against Pilant were lifted in January 2025, after President Trump effectively terminated the West Bank sanctions program. Pilant then filed an application against DAWN and its executive director, Sarah Leah Whitson, pursuant to a U.S. law that provides a mechanism for foreign litigants to obtain discovery from people and entities in the United States.The application seeks a court order for information related to DAWNs investigation of Pilant and its sanctions advocacy efforts. Pilant says he seeks the information for use in a possible future defamation case in Israel against an Israeli human rights organization. The brief explains how the U.S. government has established frameworks and processes to encourage nongovernmental organizations (NGOs) to share sensitive information that can assist it in more effectively implementing various human rights and corruption sanctions and visa restriction programs. Undermining the protections for NGOs to securely and confidentially share this information would not only impact the ability of the U.S. government to use such tools to hold human rights abusers and corrupt actors accountable, but it would also put NGOs, victims of abuse, and others in civil society in jeopardy by opening them up to retaliation and harassment from people they accuse of human rights violations. Human rights and corruption sanctions are impactful tools of accountability because they threaten the reputations and financial interests of abusers. Forcing NGOs to share information about their sanctions advocacy would put them at grave risk of violence and retaliation from repressive governments and powerful private individuals, said Amanda Strayer, Senior Counsel for Accountability at Human Rights First. U.S. courts should not become a forum for sanctioned actors to harass and seek retribution against civil society groups that advocate for measures to hold them accountable. The brief also argues that Pilants broad discovery request implicates information protected under the First Amendment and the reporters privilege, which provide grounds to reject his request under the Section 1782 statute. Supreme Court precedent requires the Court to give weight to the serious First Amendment and policy considerations before granting such a request. In this case, these considerations should result in the Court denying Pilants discovery request. It is the nature of human rights reporting that it often draws the ire of accused human rights violators. But the law is clear that such individuals cannot coopt U.S. courts in an attempt to harass and endanger human rights organizations and the victims of abuses whose stories they safeguard. Thats why this is an easy case, and we hope the court has no trouble concluding that the First Amendment protects DAWNs rights to free speech and association, and bars enforcement of the meritless request for intrusive discovery, said Nathan Freed Wessler, Deputy Director of the 勛圖眻畦 Speech, Privacy, and Technology Project. NGOs can play a critical role in providing accountability for human rights abuses, and the Constitution protects them from being forced to reveal certain confidential aspects of that work, said Bobby Hodgson, assistant legal director at the New York Civil Liberties Union. DAWN is being targeted by a foreign litigant implicated in serious human rights violations in an effort to weaponize our court system to silence critics. We urge the court to reject these requests and recognize that the discovery process does not create an end run around the First Amendment. -
PodcastMay 2025
Free Speech
+2 Issues
Know Your Digital Privacy Rights With Esha Bhandari And Daniel Kahn Gillmor. Explore Podcast.Know Your Digital Privacy Rights with Esha Bhandari and Daniel Kahn Gillmor