The Washington PostDemocracy Dies in Darkness

Opinion Apps are selling your location data. The U.S. government is buying.

(Stephen Lam/For The Washington Post)

AMERICANS HAVE lately been learning that the apps they use to check whether they need an umbrella, or follow their favorite sports team, or hurl one animated animal at another for points are sucking up their location data and selling it. Now it turns out that it’s not only advertising companies and other private entities who end up buying this information en masse from brokers. The U.S. government is doing it, too.

The Wall Street Journal wrote last week that federal agencies have purchased access to a virtual trove that charts the movements of millions of citizens’ cellphones from a company called Venntel. The Department of Homeland Security (DHS) and its components are reportedly harnessing this data for immigration enforcement: searching for activity in unexpected places to pin down smuggling rings, or detecting individuals who may have entered the country illegally. (Spending records indicate the Drug Enforcement Administration paid $25,000 to Venntel in 2018. The Justice Department told us the DEA does not “comment on contracting matters.”)

Customs and Border Protection says it accesses only small quantities of the data on a case-by-case basis rather than examining the entire cache in bulk, and that the data is anonymized. But anonymity is a laughable concept when every individual’s day can be turned into a traveling dot that follows a path only they take. A New York Times investigation in 2018 revealed how simple it is to connect a dot to the person it represents — whether that person is a scientist at NASA’s Jet Propulsion Laboratory or an undocumented mother recently arrived from Mexico.

Authorities may hope to preempt some concerns about civil liberties by alleging they’re training their eyes only on suspected non-citizens, but it’s impossible to avoid roping in citizens, too, when information is requisitioned at so massive a volume. It’s also impossible not to imagine what else, and who else, officials might seek to track, once they’ve come up with the legal rationale for doing so. Americans shouldn’t have to rely on the good graces of the bureaucracy to protect them from overreach.

The rationale for warrantless surveillance in this case sidesteps Fourth Amendment law — or tries to. The Supreme Court ruled in Carpenter v. United States that the government couldn’t subpoena geographic data directly from cellphone companies without going through the courts, precisely because of that data’s “depth, breadth, and comprehensive reach.” So the government started buying the exact same data from brokers on the open market instead, arguing that the purchases were fair game because any old company could make them.

This strategy is awfully cynical. Congress has failed to pass a comprehensive privacy statute that shields people from having their every move logged in a database such as the one in question today. Now, this lack of privacy from corporate actors has become an excuse for government to bypass the right to privacy from the state that the Constitution is supposed to enshrine. DHS insists this is legal. But should it be?

Read more:

The Post’s View: An alarming report about Americans’ location data shows why we need a comprehensive privacy framework

The Post’s View: Our privacy doomsday could come sooner than we think

The Post’s View: Location data shows where we go — and who we are. And it’s being sold.

The Post’s View: Google can see where you’ve been. So can law enforcement.

Woodrow Hartzog and Neil Richards: It’s time to try something different on Internet privacy