The Uses and Abuses of Government-Purchased Private Data Surveillance
In recent years, police departments and federal agencies have begun to purchase location and other data from specialized brokers in order to track individuals' activities over time. Much of this data is constitutionally protected. But government attorneys have generally concluded that purchasing data is a valid way of bypassing the Constitution's restrictions.
I push back on this conclusion in a new article, forthcoming in the Wake Forest Law Review. I first explored the idea years ago on this very blog. But today, I want to share some of the most interesting tales of government acquisitions of private data, from scary-but-successful uses of surveillance to wholly illegitimate applications of government power.
First, the successful. In 2018, U.S. Immigrations and Customs Enforcement (ICE) began purchasing access to cellphone users' digital location data through a data brokerage company called Venntel. The data had been collected from popular cellphone apps, including weather, shopping, and video game apps. ICE used Venntel's service to track the movements of cellphone users in areas near the United States' southern border. At one point, ICE discovered that cellphones were moving back and forth across a closed portion of the border in a straight line. They eventually determined that the phones were traveling through what was likely an underground smuggling tunnel that ran from a private home in Mexico to a closed Kentucky Fried Chicken restaurant in San Luis, Arizona. ICE passed this information to the local police department, which made an apparently pretextual traffic stop of Ivan Lopez, the KFC's owner, finding large quantities of drugs. ICE officers then obtained a search warrant for the KFC and found the tunnel they already knew was there. The San Luis police kept any mention of the cellphone tracking out of their records, and initially attributed their traffic stop of Lopez to an "equipment violation." Indeed, government agents often obscure their purchases of constitutionally protected information by recreating the purchased information though more traditional and lawful means (like traffic stops). This process, known as "parallel construction," allows the government to shield its constitutionally questionable practices from judicial review.
Second, the less successful. In 2018, the Missouri State Highway Patrol (MSHP) began purchasing a location tracking service known as Fog Reveal, which enabled them to track cellphone users via app-collected location data. They used it while investigating the murder of Ben Renick, an exotic snake breeder found lying in a pool of his own blood at his breeding facility. The MSHP used Fog Reveal to search for cellphones at the facility and Renick's home. They eventually zeroed in on a particular mobile device. Working closely with a Fog Reveal employee, they tracked this cellphone user, obtaining a "pattern of life" analysis by tracking everywhere the person went for the previous month, likely capturing hundreds of location data points every day. The person whose life was patterned in such detail turned out to be the Renicks' babysitter, who wasn't involved in the murder. Renick's wife Lynlee and her boyfriend eventually admitted to the killing, although each claimed that the other had shot Renick. Police were tipped off after another of Lynlee's boyfriends told police that she'd admitted murdering her former husband. Meanwhile, the babysitter's life was scrutinized by the government in great detail. Extended location tracking can be deeply revealing of the private details of people's lives. Cellphones are especially prone to disclosing such information because they rarely leave their owner's side, tracking their movements almost exactly. As the Supreme Court itself has recognized, through cellphone-based location tracking, the government can achieve “near perfect surveillance.”
Finally, the abusive. What we know of government abuses is generally less detailed than what we know about more legitimate activities. But reports of abuses involving sensitive digital data, much of it available for purchase, keep rolling in. In a forthcoming article, Yan Fang reports that tech companies have received warrantless requests for location data from police officers seeking to track their own family members. The New York Times has written about the ease of tracking protesters via location information sold by data brokers, and on purchases by political parties and candidates of personal location data for the purpose of tracking and influencing voters. Similarly, the Trump Administration previously sought data on visitors to an anti-Trump protest-related website. Government entities have increasingly sought menstrual data and other health data for the purpose of monitoring abortions and gender affirming care. With the remarkable power of government collection of commercial digital data comes the potential for widespread abuse. Certainly, the history of surveillance in the 20th Century is one of expanding surveillance powers leading to severe abuses, followed by Supreme Court and eventually Congressional curtailment of the surveillance. One hopes that we won't have to repeat this cycle in the 21st century. As I contend, recognizing that government purchases of sensitive private data are governed by the Fourth Amendment could prevent substantial harms before they occur--instead of decades after.