Saturday, March 7, 2020

Your Personal Location Data Is Being...



Your Personal Location Data Is Being Sold to the Government, 

and 

It's Worse Than You Thought


If you thought federal law enforcement needs a warrant to track you, think again. According to Protocol, U.S. law-enforcement agencies have "signed millions of dollars worth of contracts" with a Virginia-based company called Babel Street, "after it rolled out a powerful tool that uses data from popular mobile apps to track the movement of people's cell phones."

The tool, called Locate X, "allows investigators to draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled, going back months," according to Protocol's sources. Locate X allegedly tracks the location of devices anonymously by "using data that popular cell phone apps collect to enable features like mapping or targeted ads, or simply to sell it on to data brokers," and is only to be used for  "internal research purposes only," according to the terms of service. Law-enforcement authorities "are forbidden from using the technology as evidence — or mentioning it at all — in legal proceedings."

So, maybe it's not as anonymous as it claims?

Multiple federal agencies have contracts with Babel Street and/or have purchased Locate X, including U.S. Customs and Border Protection, the Secret Service and U.S. Immigration and Customs Enforcement. Publicly available contract information isn't clear on whether various agencies specifically bought Locate X. Some agencies, including the FBI and ATF, actually declined to purchase it after their respective agency lawyers kiboshed the idea.

Here's how Locate X could be used:
A former government official familiar with Locate X provided an example of how it could be used, referring to the aftermath of a car bombing or kidnapping. Investigators could draw what is known as a geo-fence around the site, identify mobile devices that were in the vicinity in the days before the attack, and see where else those devices had traveled in the days, weeks or months leading up to the attack, or where they traveled afterward.
"If you see a device that a month ago was in Saudi Arabia, then you know maybe Saudis were involved," this person said. "It's a lead generator. You get a data point, and from there you use your other resources to figure out if it's valid."
Product X in the hands of federal agencies does raise significant concerns over Fourth Amendment violations. The Supreme Court ruled in June 2018 in Carpenter v. United States that a warrant is required to access cell-tower location data for an individual account. Senator Ron Wyden (D-Ore.) says federal agencies are exploiting a loophole. "[T]he government is using its checkbook to try to get around Carpenter," he said. "Americans won't stand for that kind of loophole when it comes to our Fourth Amendment rights."

Babel Street claims they handle data "carefully to comply with both the law and internet terms of service," and there is no indication, according to Protocol, that they are doing anything illegal. "Although data content is freely available without restriction from thousands of vendors and suppliers, Babel Street employs a variety of measures to ensure appropriate use of the data," said Lacy Talton in a statement. "This is not required by most vendors but stems from Babel Street's ethos of proper data compliance. The company regularly ensures that the data accessed through its software is in compliance with ever-changing global privacy regulations, data use rights, and terms of service."

The big takeaway from this story is that "the sale of personal location data from commercial firms to the government is more widespread and has been going on longer than previously known."
_____
Matt Margolis is the author of Trumping Obama: How President Trump Saved Us From Barack Obama's Legacy and the bestselling book The Worst President in History: The Legacy of Barack Obama. You can follow Matt on Twitter @MattMargolis