Data is sometimes referred to as today’s most valuable commodity. Given the technologically focused world around us, data is generated with almost everything we do or consume, whether you use Apple Pay to purchase goods from a retail outfit or use a credit card for your Uber Eats order. It is, in other words, largely unavoidable to create a digital footprint. This continuously produced data is often monitored, retained, repackaged, and resold to third parties—including the federal government—by shadowy organizations referred to as data brokers.
A data broker is a business that aggregates information from several sources or enriches, cleanses, or analyzes this information, according to Gartner. As third parties, data brokers do not have the same financial incentives to protect consumer data because consumer data is the product and those consumers are not directly involved in the transaction. These firms have thrived, in part, because the United States does not have comprehensive data privacy rules. The products offered by data brokers and intermediaries have led to a phenomenon called “surveillance capitalism.” This industry has become so robust that several federal government agencies purchase the data brokers’ products and services.
In January 2022, the Senior Advisory Group Panel on Commercially Available Information delivered a report to the Office of the Director of National Intelligence. This report was only released to the public in June 2023. Key language from the report notes:
PAI [publicly available information] is no longer a good proxy for non-sensitive information. Today, in a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI [commercially available information] includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection, and that could be used to cause harm to an individual’s reputation, emotional well-being, or physical safety.
The Senior Advisory Group Panel also acknowledges in the report that commercially available information is “generally less strictly regulated than other forms of information” acquired by the intelligence community because it is publicly available.
In June 2018, the United States Supreme Court delivered its opinion on the federal government’s acquisition of Timothy Carpenter’s cell-site records in Carpenter v. United States. A majority found that the Federal Bureau of Investigation’s acquisition of cell-site records was a Fourth Amendment search. The government argued that, under the third-party doctrine, cell-site records are “business records” for the wireless telephone carriers. Under the third-party doctrine, individuals have “a reduced expectation of privacy in information knowingly shared with one another.” The majority opinion points out that the mobile phone location information collected by wireless carriers is appreciably more precise than it has been historically.
The Supreme Court’s narrow holding in Carpenter v. United States has prompted an ongoing debate about the government’s burden for collecting sensitive information on Americans. Elected officials and journalists have fought specific instances where government agencies seemingly avoid search warrants because the relevant information can be purchased from a data broker.
There have been several significant news stories about the government’s practices. In June 2020, the Wall Street Journal reported that the Internal Revenue Service Criminal Investigation unit purchased a location data tool from Venntel. According to the Wall Street Journal, attorneys at several government agencies concluded that Carpenter v. United States does not apply “because marketing data doesn’t include names and cellphone numbers.” However, while the data collected may be technically anonymized, “the movements of a phone give strong clues to its ownership—for example, where the phone is located during the evenings and overnight is likely where the phone owner lives.”
Other government agencies have been reported to use similar tools. In November 2020, Vice published its investigation into Babel Street’s product, Locate X, as well as another company called X-Mode, which obtains location data from mobile applications and sells the data to contractors. Vice noted that the US Special Operations Command within the military bought access to Locate X for its overseas special forces operations. This product was described to Vice as allowing users of the product to “draw a shape on a map, see all devices Babel Street has data on in that location, and then follow a specific device around to see where else it has been.”
In May 2023, Vice published its investigation into the United States Customs and Border Protection’s (CBP) use of Babel Street’s product, Babel X. According to Vice, Babel X allows a user to input a target’s name, email address, or telephone number and receive results such as “social media posts, linked IP address, employment history, and unique advertising identifiers associated with their mobile phone.” Babel Street, like other data brokers, obtains its location data from other brokers. According to Vice, “Ordinary apps installed on peoples’ smartphones provide data to a company called Gravy Analytics, which repackages that location data and sells it to law enforcement agencies via its related company Venntel. But Babel Street also repackages Venntel’s data for its own Locate X product.” When members of Congress asked CBP what legal authority it relied on to purchase this sensitive location data, CBP refused to provide any comment.
These stories demonstrate that the federal government believes it can use a credit card and pseudo anonymized data to sidestep the Fourth Amendment. Senator Ron Wyden said, “Americans’ privacy shouldn’t depend on whether the government uses a court order or a credit card.” Earlier this year, Republican congressman Kelly Armstrong raised this issue at the House Select Subcommittee on the Weaponization of the Federal Government’s inaugural hearing.
Democrats and Republicans both have reasons to fear the increasing surveillance capabilities of the federal government, especially given that the Fourth Amendment does not apply to the data brokers’ business records, according to law professor Orin Kerr. Fortunately, members from both political parties are becoming increasingly anxious about the federal agencies’ use of legal loopholes to avoid constitutional protections. Civil libertarians should continue to pressure elected representatives to place limits on federal agencies, which remain accountable to taxpayers and, ultimately, the Constitution.