Intelligence analysts use location data on U.S. smartphones with no guarantees, the memo says

WASHINGTON – A military branch of the intelligence community that buys commercial databases containing location data from smartphone apps and searches for American past movements without an order, according to an unsorted memo by The New York Times.

Defense Intelligence Agency analysts have searched American movements in trade databases over the past five and a half years investigations, agency officials revealed in a memo. which they wrote to Senator Ron Wyden, Oregon’s Democrat.

The revelation sheds light on the emerging loophole in security law in the digital age: In the landmark 2018 ruling called the Carpenter’s decision, the Supreme Court argues that the Constitution requires the government to There are orders for phone companies to transfer location data to their customers. But instead, the government may buy similar data from a broker – and don’t believe it needs an order to do so.

“The DIA did not elaborate Carpenter’s decision to require a subpoena to confirm the purchase or use of commercially available data for intelligence purposes,” the agency’s memo said.

Mr. Wyden has made it clear that he intends to propose legislation to add protections for Americans to location data available in the marketplace. In a speech in the Senate this week, he denounced cases “in which the government, instead of getting an order, just goes out and buys personal files of Americans from data brokers. Sleazy and unregulated commerce, who is simply on the law. “

He called this unacceptable and an invasion of privacy under the constitution. “The fourth Amendment is not for sale,” he said.

The government’s use of commercial databases of location information has been monitored more and more. Many smartphone apps record the user’s location, and app makers can aggregate the data and sell it to brokers who can then resell – including to themselves. covered.

It is already known that the government sometimes uses such data for law enforcement purposes in the country.

The Wall Street Journal reported last year on the use of such data by law enforcement agencies. In particular, two agencies within the Department of Homeland Security – Immigration and Customs Enforcement, Customs and Border Protection – used data in border patrol and investigation of immigrants who were subsequently catch.

In October, BuzzFeed reported on the existence of a legal memorandum from the Department of Homeland Security arguing that law enforcement would buy and use location data of smartphones without the order is legal. Department Inspector General has opened an internal review.

The military is also known to sometimes use location data for intelligence purposes.

Meanwhile, in November, Vice’s tech blog Motherboard reported that Muslim Pro, a Muslim prayer app and the Quran, sent the user’s location data to a broker named X-Mode, which they later sold to defense contractors and the US military. Muslim Pro then said it would stop sharing data with X-Mode, while Apple and Google said they would ban apps using the company’s tracking software on phones running their mobile operating systems. .

The new memo for Mr. Wyden, written in response to questions from an aide about privacy and cybersecurity in his office, Chris Soghoian, adds to that emerging picture.

The Defense Intelligence Agency seems to primarily buy and use location data to investigate foreigners abroad; one of its primary missions is to detect threats to US forces stationed around the world.

However, the memo said, the broker or unidentified broker from which the government purchases bulk smartphone location data does not separate US and foreign users. Instead, the National Defense Intelligence Agency processes the data as it arrives to filter apparently domestic files and put them in a separate database.

The agency’s analysts can only query a separate database of American data if they get special approval, the memo says, “Right to query device location data US has been granted five times in the past two and a half years for authorized purposes. “

Mr. Wyden asked Avril D. Haines, President Biden’s new director of national intelligence, about what he called “misuse” of location-based information available in the marketplace at her confirmation hearing on week. this. Ms. Haines said she has not caught up with this topic yet but stressed the importance of the government being open about the rules it operates on.

“Basically, I will try to widely publicize a framework that helps people understand the circumstances under which we do that and the legal basis we do that,” she said. “I think that’s part of the key to promoting transparency in general so that people understand the principles on which the intelligence community operates.”

Mr Wyden’s forthcoming law on the subject could seem to be caught up in a larger surveillance debate that flared up in Congress last year before it was temporarily stuck behind the President’s erratic statements. Donald J. Trump, as he expressed dissatisfaction over the Russian investigation, threatened to veto the bill and did not specify what would please him.

With Mr. Biden in office now, lawmakers will continue that unresolved issue. The law has focused on restoring certain provisions of the Patriot Act that have expired and whether new protections will be applied to them, including prohibiting the use of a part known as Section 215 for collection. crawl without a command.