The U.S. Department of Homeland Security and its agencies are using a massive repository of mobile location data for immigration enforcement, according to a new report. 

The Wall Street Journal revealed today that the federal government has bought information about the whereabouts of millions of handsets in the U.S. from Venntel Inc., a low-profile company based out of Virginia. The firm’s relationship with the DHS is said to go back to at least 2017.

Venntel reportedly didn’t gather the data independently but rather procured it from marketing agencies that weren’t named by the Journal. Those marketing agencies, in turn, apparently obtained the information from apps such as games, e-commerce services and weather trackers that requested users’ permission to log their location during installation.

The subject of apps selling location data without consumers being necessarily aware of what the information will be used for has already come up once before in recent memory. In December, a New York Times investigation exposed a massive database detailing the movements of more than 12 million Americans. The repository contained 50 billion or so individual data points collected via mobile apps in a number of major U.S. cities.

Such databases can exist because there’s not much regulation governing the use of location information, but when it comes to the DHS’ use of this kind of data, the legal considerations are more complicated. The main factor is a 2018 Supreme Court case known as Carpenter v. United States.

The justices ruled in a 5-4 decision that U.S. government bodies must obtain a warrant in order to access mobile location records. In the case of the data sourced from Venntel, however, DHS lawyers reportedly determined that the ruling doesn’t apply since the information was already commercially available from marketing agencies. A Customs and Border Protection official who spoke to the Journal added that the data is not “ingested in bulk.”

The DHS has avoided publicizing exactly how it uses the information. Documented cited in the report “make oblique references to such data being used to track, among other things, tunnels along the border” as well as to handset location tracking in areas such as remote stretches of desert.

The report is likely to bring further scrutiny to app developers’ collection of user location data without fully clarifying what’s done with the information. The topic is already drawing some attention from European Union regulatory bodies. Ireland’s privacy watchdog this week launched an official probe into Google LLC to determine whether the way it tracks users’ whereabouts is fully legal and sufficiently transparent. 

Photo: Unsplash