Millions of smartphone users are affected by the decision of US secret services to buy Locate X, a service that works as an aggregator for location data provided by popular mobile applications.
17 Aug 2020
An increasing number of law enforcement agencies, including the US Secret Service, are simply buying their way into data that would ordinarily require a warrant, a new report has found, and at least one US senator wants to put a stop to it.
Locate X provides location data harvested and collated from a wide variety of other apps, tech site Protocol reported earlier this year. Locate X users can “draw a digital fence around an address or area, pinpoint mobile devices that were within that area, and see where else those devices have traveled” in the past several months, Protocol explained.
Agencies under the Department of Homeland Security—including Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP)—have purchased access to cellphone location activity for investigations, The Wall Street Journal reported in February. In June, the WSJ also reported that the IRS purchased access to location data through commercial databases.
Easier than a warrant
Private companies can gather up, buy, sell, and trade all kinds of sensitive user data more or less however they want, with very few limitations—and they do.
All kinds of mobile apps collect location data, both legitimately and illegitimately, and then sell it to data brokers. The data brokers then pass on is theoretically anonymized—but in practice, it’s easily identifiable.
The New York Times in 2018 demonstrated in a multimedia feature how easy it is to follow an individual around their whole daily life using a snapshot obtained from just one data aggregation firm. “The database reviewed by The Times—a sample of information gathered in 2017 and held by one company—reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day,” the paper wrote at the time.
Law enforcement agencies are required to get a warrant to obtain an individual’s mobile phone location data, the Supreme Court ruled in 2018. Investigators have several times sought warrants to gather information for all phones that travel within a certain boundary during a certain period of time, known as geofencing.
But there are currently no rules on the books preventing law enforcement from simply purchasing whatever information they want from the existing market.
At the bottom line this is a legal gap enabling the violation of the fourth amendment without consequences leaving room to companies handling user data like Babel Street for huge profits at the same time.
