A privacy expert called the disclosure “alarming.”
The Defense Intelligence Agency buys commercially available cellphone location data and uses this data to search for device locations in the U.S. without warrants, according to a memo.
DIA officials wrote in a memo to Sen. Ron Wyden, D-Ore., that its analysts were granted permission to search the database containing U.S. device locations five times in the past two and a half years. The memo, dated January 15, was first reported by the New York Times on Friday.
In the memo, DIA says it funds “another agency” to purchase the data, which is not separated by country of origin when DIA receives it. DIA then filters U.S. location data points into a separate database that analysts can query after receiving permission from DIA’s leadership, lawyers and oversight body. DIA confirmed in the memo it does not seek warrants to conduct these searches.
DIA justifies its warrantless searches by interpreting the Supreme Court’s 2018 Carpenter decision, a significant privacy case that determined accessing cellphone location data is a Fourth Amendment violation, as pertaining only to location data for specific individuals. In other words, DIA believes that because it uses commercially available location data bought in bulk rather than the location data of one U.S. person over a period of time, it doesn’t need warrants.
“The Court expressly did not ‘consider...collection techniques involving...national security,” the memo reads. “By extension, the Court did not address the process, if any, associated with commercial acquisition of bulk commercial geolocation data for foreign intelligence/counter-intelligence purposes.”
Commercially available cellphone location data is collected from many smartphone apps. Location data companies aggregate this data and sell it. Lately, buyers have included government agencies.
Mana Azarmi, policy counsel for the Center for Democracy and Technology’s Freedom, Security & Technology Project, told Nextgov in an email DIA’s disclosure is “alarming.” Azarmi said the Supreme Court was explicit in declaring location data as remarkably sensitive in the Carpenter decision.
“It’s clear that the direction of travel for the Supreme Court with respect to location information is toward more privacy, not less,” Azarmi said. “Just because the Court didn’t rule on collection techniques involving national security does not mean they are permitted. It means they were not before the Court. Government agencies should not be permitted to circumvent legal process by purchasing data they would otherwise need a warrant or other order to collect.”
Azarmi added DIA’s disclosure demonstrates the urgent need for legislation to protect the Fourth Amendment. Wyden reportedly plans to introduce legislation related to this issue in the coming weeks. A spokesperson for Wyden could not be reached for comment in time.
In October, Wyden and a group of four other senators sent a letter to the Homeland Security Department Inspector General requesting an investigation into Custom and Border Protection’s subscriptions with a data broker called Venntel after the agency asserted the legal analysis it uses to justify warrantless searches of this data was privileged.
In December, the inspector general said his office would open an investigation to determine whether DHS components “developed, updated, and adhered to policies related to cell-phone surveillance devices.” The OIG is also looking into DHS policies around collecting, managing and protecting open source information, which can include location data gathered from sources like social media—for example, when users post geo-tagged photos.