back to article ACLU sues US govt, demands to know if agents are buying their way around warrants to track suspects' smartphones

The American Civil Liberties Union (ACLU) has sued the US government, claiming Homeland Security agents trampled over people's constitutional rights – by buying phone location data from commercial brokers rather than getting necessary search warrants. "These practices raise serious concerns that federal immigration authorities …

  1. nematoad Silver badge

    That's correct.

    "As a matter of policy, CBP does not comment on pending litigation,"

    Or it would seem, anything else.

    1. JetSetJim

      Re: That's correct.

      This investigation by a Norwegian journo came up with a CBP comment (whether you believe it or not is another question):

      U.S. Customs and Border Protection may obtain access to commercially available information relevant to its border security mission. Consistent with its border security and law enforcement authorities, CBP has acquired limited access to commercial telemetry data through the procurement of a limited number of licenses to a vendor provided interface.

      While CBP is being provided access to location information, it is important to note that such information does not include cellular phone tower data, is not ingested in bulk, and does not include the individual user’s identity. Rather, CBP officers, agents, and analysts are provided with access to the vendor’s interface on a case-by-case basis, and are only able to view a limited sample of anonymized data consistent with existing border security or law enforcement operations. All CBP operations in which commercially available telemetry data may be used are undertaken in furtherance of CBP’s responsibility to enforce U.S. law at the border and in accordance with relevant legal, policy, and privacy requirements.

      TLDR version: there are probably lots of GDPR violations in the chain of who sells your data to whom.

      1. Anonymous Coward
        Anonymous Coward

        Re: That's correct.

        > there are probably lots of GDPR violations in the chain of who sells your data to whom.

        For values of probably ≫ 1.

      2. Anonymous Coward
        Anonymous Coward

        Re: That's correct.

        > Journalists in the NRK are asked to think twice before taking their phone along when meeting confidential sources for a reason. Authorities may get access to information about our whereabouts, even without court approval.

        Good to hear the NRK are properly clued up.

  2. G R Goslin

    Looks like.........

    ...........a backdoor of incredible width.With a coin-in-the-slot opening mechanism

  3. Mike 16

    Switching roles?

    Used to be that "commercial" (e.g. theft rings) bought various personal info from bent cops.

    Now the sellers are buyers and vice-versa.

  4. Steve Davies 3 Silver badge

    Why bother with a warrant

    when they can simply buy it all from the likes of Google, Facebook etc.

    If you are a crook then you would be wise not to use any social media or google for anything.

    1. John 104

      Re: Why bother with a warrant

      You would be wise not to use social media. Period. But, as the article mentions, even apps do tracking and profiling.

  5. Sparkus

    should also be suing..........

    The location aggregators them selves.....

  6. Anonymous Coward
    Anonymous Coward

    Scott McNealy -- 1999


    "You have zero privacy anyway. Get over it"


    No....some of us haven't got over it.

    1. Julz

      Re: Scott McNealy -- 1999

      He did, rather scarily, indicate at one point that he thought it would be a good thing if his children had RFID trackers implanted in them. He has a great many good ideas and ran a great company for a while, but I wouldn't take his views on privacy as being anything other than misinformed. I do get what he is thinking and saying, I just think he is wrong on this.

  7. Anonymous Coward
    Anonymous Coward

    Is anyone surprised?

    I mean, how many times have people snitched on massive criminal activity at the 3 letter spy rings, and what happened - they shut the snitch (real patriot) down and locked them up (when they could) Then there are those you never hear about.

    I'll bet members of the ACLU get a little visit from strange people in suits, then decide to forget about suing. The proof will be that this vanishes from news quickly.

    Hmm, someone's at the door, just a,,,,, aghhhhhh.

  8. earl grey
    Black Helicopters

    time to get rid of 3 letter agencies


    1. Mike 16

      Re: time to get rid of 3 letter agencies

      So, GCHQ is alright then?

  9. Anonymous Coward
    Anonymous Coward

    One Nation

    Under Surveillance.

  10. Spanners Silver badge
    Big Brother

    This is why

    when I talk about security, I use phrases like "the CIA, NSA and other criminal groups". I see here another indication that my attitude is correct,

  11. big_D Silver badge

    I find it more worrying...

    that private companies are selling this location information.

    Under GDPR, that would fall under PII and could not be sold to third parties.

    1. John Jennings

      Re: I find it more worrying...

      Its why you wont see a US GPDR any time soon.

      this sort of thing, and FISA are diametrically opposite the principles.

      However, don't think that the EU agencies are not doing the same thing - just old-world structures avoid a spotlight targeting them.

      1. Julz

        Re: I find it more worrying...

        If you think that the likes of GCHQ et al, don't have access to all the CDR records from the masts then I think you need to up your paranoia quotient. The difference here is that our country cousins, like always, see things through the lens of money and profit a bit more keenly than our overlords do. Using cash is such a vulgar and tacky business. There are much better and more discrete ways of getting things done that don't leave a nasty trail of transnational evidence.

  12. MachDiamond Silver badge


    If The Man wants a company to hand over information and not leave them with the opportunity to say no or to limit what they will divulge, a warrant is needed. If a company is selling data dumps of the same data commercially, that's a different story. I don't see why a judge's approval would be required to conduct a transaction that any private citizen can do without any such approval.

    It's a bigger and bigger problem as more information is collected on people that don't seem to give a poo because they "have nothing to hide". The same holds if they want somebody to spill the beans through testimony. If the person doesn't want to talk, law enforcement/investigators can get a subpoena that compels them to talk under penalty of confinement/fines. If the person is happy to tell all they know just for the asking or a few non-taxable bank notes ..........

    Politicians need to start catching up with laws regarding the trade of PII harvested without the express consent of the people involved. It can't just be some fine print that gets skipped on the way to the "download app" button. It needs to be a statement up top in the same type size that reads "we will collect your data and sell it to anybody that wants it for less than the cost of a stick of gum. If we are hacked and your PII winds up being given away, not our problem. Maybe some court will spank us and you'll get a year of free credit monitoring (again)".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon