The Future Is Here
We may earn a commission from links on this page

U.S. Customs and Border Protection Promises It Will Stop Buying Smartphone Location Data

The CBP told Sen. Ron Wyden it wouldn’t buy commercial location data, except for when there’s a ‘critical mission’ that requires paid-for info

We may earn a commission from links on this page.
A Customs and Border Protection officer keeps watch as immigrants are transported from a makeshift camp between border walls between the U.S. and Mexico on May 13, 2023 in San Diego, California.
The U.S. Customs and Border Protection and Department of Homeland Security has had a long legacy of using commercial data to track people in the U.S. and even outside the country’s borders.
Photo: Mario Tama (Getty Images)

The U.S. Customs and Border Protection has offered a slim olive branch to one U.S. senator and the many rights groups critical of the agency’s use of commercial and seized smartphone data. According to the office of Sen. Ron Wyden, the CBP said it will stop “utilizing Commercial Telemetry Data (CTD)”—AKA users’ location data—by the end of September. Or it will so long as it doesn’t see a “critical mission” that would necessitate buying up commercial data.

The CBP is just one of many federal agencies (especially law enforcement agencies) that use commercial data sold by the massive, shady network of online data brokers. The agency falls under the auspices of the Department of Homeland Security, which past reports show had been buying phone location data of millions of U.S. citizens from the open market. Though it is illegal to obtain data off a cellphone without permission or a warrant, federal lawyers have argued that this kind of data is up for grabs since it’s available on the open market.

Advertisement

The news was first reported by 404 Media, and Wyden’s office shared CBP’s message with Gizmodo. The agency said that:

“CBP will not be utilizing Commercial Telemetry Data (CTD) after the conclusion of FY23 (September 30, 2023).”

Advertisement

However, the CBP did leave itself open to potentially buying up data at a future date, saying:

“If CBP identifies a critical mission need to re-acquire a vendor who provides CTD, we would ensure CBP would engage Oversight, Legal, and Privacy entities at the agency and department level.”

Advertisement

According to a DHS report from August of last year, the department collects identity and imagery data from “commercial data aggregators,” including major subscription services like Lexis-Nexis, which connects directly to the agency’s Analytical Framework for Intelligence, or AFI.

In an email statement, Wyden said:

While it is good news that CBP is ending its purchase of Americans’ location information, it’s troubling that the agency still hasn’t released the Trump-era DHS legal memo that provided CBP with the authority to engage in such warrantless surveillance in the first place.

Advertisement

The senator added that it’s imperative that Congress act on privacy regulations to keep federal agencies from gobbling up citizens’ user data. Last year, despite bipartisan support, Congress failed to pass the American Data Privacy and Protection Act. The law would have created widespread expectations of online data privacy, though there have been no signs anybody has picked up the torch for privacy on the federal level. This has left states to pick up the slack, though that has done nothing to stymie federal law enforcement’s data collection efforts.

Even if the federal agency won’t be using commercial data, the CBP has many other means of obtaining users’ data taken from their electronic devices. Both Immigrations and Customs Enforcement have been found subpoenaing car telematics for modern vehicles, enabling them to access millions of car location data from all over the world (Gizmodo recently reported how modern cars are collecting a massive amount of data on users).

Advertisement

Last September, Wyden’s office also alleged the CBP had been stealing the content off of people’s phones at the border without warrants, and then storing it all in a massive database. The border protection agency has previously been caught searching electronic devices of travelers coming into the country, with internal watchdogs showing the agency failed to delete users’ personal data.