New Report Confirms Government Agencies Illegally Used Smartphone Location Data

A new government report reveals that the United States Customs and Border Enforcement, as well as other government agencies, illegally used location data harvested from apps on the iPhone and Android smartphone platforms.

In 2020, reports claimed the U.S. government had bought access to a commercial database that allowed them to map the movements of millions of cellphones, using it for immigration and border enforcement.

As first reported by 404, the Department of Homeland Security (DHS) has confirmed the news in a new report from the Office of Inspector General called “CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data.”

While portions of the report are redacted, it says that these agencies “purchased access to commercial telemetry data (CTD) collected from mobile devices that included, among other things, historical device location.”

In addition to misuse by multiple government agencies, the report also includes a case of an employee in one agency using location tracking to track coworkers’ locations using CTD.” A complaint was filed by another agency employee, and the complaint was “resolved administratively.”

It’s not illegal for government agencies to buy commercially available data for use in an investigation. However, use of such data “within the Federal Government is controlled,” and agencies “are required to conduct a Privacy Impact Assessment (PIA) before developing or procuring IT that collects, maintains, or disseminates information in an identifiable form.”

“CBP, ICE, and Secret Service did not adhere to Department privacy policies or develop sufficient policies before procuring and using CTD,” it continues. “Specifically, the components did not adhere to DHS’ privacy policies and the 2002 Act by ensuring they had approved CTD PIAs.”

“This failure to adhere occurred because the components did not have sufficient internal controls to ensure compliance with DHS privacy policies,” says the report, “and because DHS Privacy did not follow or enforce its own privacy policies and guidance.”

While the DHS report makes eight recommendations concerning creating new procedures and implementing them, Homeland Security has agreed to only six of the recommendations. One of the recommendations the DHS refused to agree to was that the use of all location data be discontinued until new procedures can be put in place.

“Non-concur,” says the DHS in a response. “CTD is an important mission contributor to the ICE investigative process as, in combination with other information and investigative methods, it can fill knowledge gaps and produce investigative leads that might otherwise remain hidden.”

“Accordingly,” it says, “continued use of CTD enables ICE HSI to successfully accomplish its law enforcement mission.”

(Via AppleInsider)