Secret Service and Other Government Agencies Illegally Used Smartphone Location Data
Credit: Studio Monkey / Shutterstock
Toggle Dark Mode
A new government report reveals that the US Customs and Border Enforcement and other US government agencies illegally used location data harvested from iPhone and Android apps.
It was claimed back in 2020 that the United States Immigration and Customs Enforcement agency (ICE) bought data harvested from apps to allow it to get around laws that limited the use of location data from cell phone carriers. The agency used the data to track, capture, and detain immigrants.
As reported by 404 (via AppleInsider), a new report has been released from the Office of Inspector General (OIG) titled “CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data.”
As is usual for government reports, some portions of the report are redacted. However, it does show that the agencies “purchased access to commercial telemetry data (CTD) collected from mobile devices that included, among other things, historical device location.”
The report also includes information about a case of an employee in one government agency using location tracking for their own personal use. The report notes an individual employee with US Customs and Border Protection (CBP) improperly used CTD to track their coworkers.
According to the report, “The individual told the coworkers that they had tracked their location using CTD,” which resulted in a complaint being filed by another employee. The issue was “resolved administratively.”
While it is not illegal for government agencies to buy commercially available data to aid them in investigations, the use of the data is controlled, with agencies “required to conduct a Privacy Impact Assessment (PIA) before developing or procuring IT that collects, maintains, or disseminates information in an identifiable form.”
CBP, ICE, and Secret Service did not adhere to Department privacy policies or develop sufficient policies before procuring and using CTD. Specifically, the components did not adhere to DHS’ privacy policies and the 2002 Act by ensuring they had approved CTD PIAs. This failure to adhere occurred because the components did not have sufficient internal controls to ensure compliance with DHS privacy policies and because DHS Privacy did not follow or enforce its own privacy policies and guidance.US Office of Inspector General
The Office of Inspector General report makes eight recommendations, most of which suggest creating and implementing new procedures. While Homeland Security has agreed to six of the recommendations, it refused a recommendation that the use of such location data stop until the new procedures can be implemented.
The agency said CTD is an important contributor to ICE investigations, and it can fill knowledge gaps, producing productive leads that might otherwise not be apparent.
“Accordingly,” it says, “continued use of CTD enables ICE HSI to successfully accomplish its law enforcement mission.”
Government agencies are not the only parties looking to track iPhone users by using location data. In 2019, despite App Store rules, multiple apps were found to be tracking users’ precise location data, selling it to other parties. As an example, it was discovered the developers of the Weatherbug app were selling data including exact longitude and latitude to 40 companies.
App Store rules require apps to anonymize data that’s shared with advertisers to protect individuals’ privacy rights. However, as a New York Times analysis determined, companies can still use that anonymized data to build profiles and possibly even determine your identity from travel patterns, and there’s little doubt that US government agencies have figured out how to do the same.
Similar data was being gathered and sold by multiple app developers without a user’s permission. Apple then implemented Intelligent Tracking Protection in Safari to foil the process and later debuted App Tracking Transparency, which requires explicit permission before tracking a user.
As you might expect, once presented with prompts to share this information, many iPhone users refused to give permission. The advertising industry took a huge hit because of this. In 2020, Facebook said App Tracking Transparency would cause its revenues to take a $10 billion hit.
