Buying and selling personal location data isn’t new. We know that when we open Google Maps, order an Uber, or check the weather, someone, somewhere, probably knows about it. Using these apps has become an integral part of operating in the modern age; we take advantage of them because they are widely available, and they make our lives incrementally easier. What’s different, and often shocking, is when our data is actively used against us. In 2018, privacy went to the courts—Carpenter vs. the United States decided that if any of our personal cellular data were to be used against us, a warrant was to first be served. This seems like a win for those of us who value privacy in a country that lacks comprehensive privacy laws (excluding California where extensive state-wide regulations recently went into effect). Last week, however, the Wall Street Journal threw us for a loop with their report describing how the Immigration and Customs Enforcement agency (ICE) is actively “geo-tracking” millions of cellphones’ worth of data they purchased for domestic surveillance.

The Department of Homeland Security (DHS) has spent over one million dollars in contracts to Venntel, a self-described “pioneer in mobile location information.” In their Privacy Impact Assessment Update the DHS clarified: “The goal is to utilize this data to detect the presence of-but not identify-individuals in an area which CBP [Customs and Border Patrol] has identified as an area of interest.” A spokesperson for ICE maintains that the data is not “generally used” in pursuit of deportation but declined to comment further on “specific law-enforcement tactics or techniques.” The DHS stated in the same update that the “commercially available location data” is being used to “detect the presence of individuals in areas between Ports of Entry where such a presence is indicative of potential illicit or illegal activity.” This isn’t the first time ICE has reportedly used similar data in their operations. Although they would not confirm or deny when asked, sources say they began using location data in anti-human trafficking and drug smuggling operations. 

The data being purchased doesn’t directly implicate the agency in pursuing a questionable immigration enforcement policy. In place of names, every user has a randomly assigned Ad ID that anonymizes it. It’s the operative patterns that provide the risk. The data can show where a single cellphone spends its day, the route it takes from there to the place it stays overnight, even the grocery store it visits the second Tuesday of every month. After parsing through those behaviors, it’s easy to identify the person holding the phone, where they go and where they’ve been. The DHS does not have or need, any more than that. This doesn’t, however, mean this data can’t get back to you. Last December the New York Times did an in-depth analysis of how easy it is to connect a person to their patterns–even when anonymized through a 30 digit ID code.

Where do we go from here? The resounding response is uncertain. There’s no legal precedent; although the Carpenter case is related, it pertains only to a specific type of data taken from certain companies within a set timeframe. The Supreme Court remains reluctant to make any technological adaptations to the fourth amendment (unreasonable searches and seizures) any time soon, and while there has been recent discussion about federal privacy law, none have appeared so far, and there doesn’t seem to be any on the horizon. This recent update could be the spark legislators need to reignite the debate and bring privacy to the floor.