by Rohan Sinha (’23) | March 31, 2023
In a hearing before the U.S. Senate Intelligence Committee on March 8, director of the Federal Bureau of Investigation (FBI) Christopher Wray admitted to lawmakers that his agency has purchased the location data of US citizens from marketing companies without a warrant. Although Wray pointed out that the FBI only engaged in such conduct in previous “pilot projects” and no longer employs similar tactics, experts have expressed deep concerns about the legal slippery slope that may endanger data privacy.
When authorizing an app to track their location, users implicitly enable it to sell location data. Even apps for purposes as benign as traffic, weather, and gaming apps are involved in the marketplace for location-related advertising data. Data brokers then transfer this collected data from apps into a commercial database on an advertising marketplace, from where Director Wray implied that FBI agents obtained user geolocation data.
As these transactions occur, GroundTruth, a company which runs a location-based advertising network, has noted that they remove personally identifying information to avoid privacy breaches. However, many researchers note that even if companies remove names and phone numbers from commercial databases, user location data can still be compared with other data sources to track a particular individual.
Although the FBI is currently in the spotlight for its purchase of commercial databases, this practice has frequently been employed by other government agencies. The Department of Homeland Security reportedly worked with surveillance companies to obtain mobile location data that would help authorities enforce immigration policies without a warrant. However, the FBI’s actions against U.S. citizens have sparked legal debates about Fourth Amendment protections.
In Carpenter v. United States (2018), the Supreme Court ruled that federal data collection from cell phone carriers is restricted by the Fourth Amendment: the government needs a search warrant to track citizens with cellular location data. However, this ruling does not apply to commercial data that FBI agents bought access to: FBI field offices have obtained data by either seeking the cooperation of data brokers or purchasing the data directly from them, neither of which Carpenter explicitly prohibits. On top of the loophole present in Carpenter, the US lacks major data privacy legislation, enabling agencies to take advantage of advertising data.
Lawmakers have worked to craft legislation that would set restrictions on location data. Some lawmakers have proposed the Fourth Amendment is Not for Sale Act, which would prohibit agencies like the FBI from simply buying data without a warrant. Another group of lawmakers crafted legislation that would restrict transactions of user geolocation data in the private sector. However, these legislative attempts have stalled due to lobbying from data brokers. Nevertheless, only comprehensive data privacy protections embedded in legislation can address concerns raised about the FBI’s conduct.
Leave a Reply