Customs and Border Protection is using commercially available location data from cell phones to conduct warrantless tracking of people inside the U.S. and refused to provide lawmakers with a legal justification for these activities, according to five senators.
In a letter sent Friday to Homeland Security Department Inspector General Joseph Cuffari, five Democratic senators questioned CBP’s use of subscriptions with data broker Venntel, a government contractor based in Virginia, which gives them access to commercial location data.
Sens. Elizabeth Warren, D-Mass., Ron Wyden, D-Ore., Sherrod Brown, D-Ohio, and Brian Schatz, D-Hawaii, asked the inspector general to examine the legal analysis CBP performed—if such analysis exists—before the agency began using the tool.
“CBP outrageously asserted that its legal analysis is privileged and therefore does not have to be shared with Congress,” the letter reads. “We disagree.”
Privacy experts have long warned data brokers like Venntel are able to share detailed information about people’s lives using location data from apps users may not even realize are tracking such information. Many argue the need for more regulation around data privacy is urgent. Even when anonymized, geographic data can contain enough detail to re-identify individual users.
Mana Azarmi, policy counsel at the Center for Democracy and Technology, told Nextgov the Supreme Court case referenced in the letter, Carpenter v. United States, upheld in clear terms the sensitivity of this kind of data and why it demands strong protection before the government can access it.
“If government agencies like CBP can evade the warrant requirements imposed by Carpenter simply by purchasing the data, we render that ruling a nullity, and then we lack sufficient checks to protect our privacy,” Azarmi said.
Azarmi suggested CBP’s use of the Venntel database may also be an example of mission creep, where CBP deploys surveillance technology for use along the border but then applies the technology to a broader range of cases. This latest instance of CBP admitting it uses location data to track people within the U.S. is similar to the agency’s use of drones to surveill protests this summer, she added.
The five senators also asked the inspector general to determine how CBP was able to begin using the Venntel database without first publishing a privacy impact assessment. In a 2018 privacy impact assessment, CBP stated it “may use commercially available location data acquired from a data provider in order to detect the presence of individuals in areas between ports of entry where such a presence is indicative of potential illicit or illegal activity.”