Documents Show DHS Tracks Smartphones Across the Country

Recently released documents how HSI has helped local police by using location data harvested from ordinary apps.
HSI
Image: Eduardo Munoz Alvarez/Stringer
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Recently released documents show in new detail how parts of the Department of Homeland Security have been using surveillance tools built on smartphone location data as part of investigations across the United States, including in multiple field offices and for a variety of different crimes.

The documents, obtained by the American Civil Liberties Union (ACLU) as part of a Freedom of Information Act (FOIA) lawsuit, provide the clearest picture yet of where, and why, law enforcement agencies have used tools like Venntel and Locate X, which are based on location data harvested from ordinary smartphone apps installed on peoples’ phones. The documents also show that some parts of Homeland Security Investigations (HSI) have used one of the tools to help state and local law enforcement.

Advertisement

Field offices or locations included in the emails that indicate they have had access to Venntel or Locate X include Knoxville, New York, Detroit, El Paso, Houston, Miami, Phoenix, Seattle, San Antonio, and Washington DC. Another email indicates that HSI’s Office of Intelligence owns all of the licenses and then files them out to the various field offices.

Do you work at Venntel, Babel Street, or Gravy Analytics? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

Venntel is based on data gathered by advertising firm Gravy Analytics. Venntel then repackages that location data and sells access to it to law enforcement agencies. Babel Street, another company, also repackages Venntel’s data and incorporates it into its own product called Locate X, which it also sells to government bodies. By purchasing the data from a private business, law enforcement agencies have used the data without a warrant. This is despite privacy and legal experts, including those at the ACLU, believe that such data falls under protections offered by the Fourth Amendment. 

According to the emails, HSI officials have contacted each other for assistance in having searches run in the Venntel system. In one email, an official writes to a colleague and says “Anyway, if possible, can you please forward the below dates/times/addresses to your Venntel POC [point of contact] to run?”

Advertisement

That collaboration has extended beyond HSI officials contacting one another and also includes local agencies. “SAC DC was one of the major users of the system supporting our state and local partners,” an email written by a chief intelligence officer from HSI reads. The official wrote the email shortly after the Wall Street Journal first reported in February 2020 that the DHS was using Venntel. 

The official goes on to spell out which local agencies requested their help with the Venntel system, including “Prince William County, Fairfax, Richmond PD, Newport News, Northern Virginia Gang Task Force, Chesterfield PD, Henrico County, Norfolk PD, Fauquier County Sheriff Department and some small agencies.”

Various officials have contacted each other across HSI to get more context on the surveillance system. In an August 2019 email, one official writes that they spoke to an Assistant U.S. Attorney in North Carolina who worked with HSI agents who used Venntel. 

The emails include use cases that an HSI official writes that they have location data products on, such as human, narcotics, and weapons and ammunition smuggling. In a February 2020 email, an official wrote that HSI’s Venntel licenses are for criminal investigations and not immigration enforcement (the earlier Wall Street Journal article focused in part on Customs and Border Protections use of the tool for immigration enforcement).

Advertisement

Another document says that “because query results do not produce the name or other contact information of an individual, ICE users must serve the geolocation service provider with a subpoena to obtain the identity of the individual that owns the device.” It is not clear if Venntel or Babel Street would necessarily have this information. Neither company responded to a request for comment.

The tools are not always effective, though. In one email, an official wrote that “feedback on Locate X has been mixed.” Officials from HSI Detroit found the system had significant gaps in its collection and so the investigators “derived little value from the tool.” Officials in HSI Nashville meanwhile used the tool “to provide investigative leads in multiple investigations to include a murder case.”

Nathan Freed Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, said in a statement that “The Supreme Court has made clear that because our cell phone location history reveals so many ‘privacies of life,’ it is deserving of full Fourth Amendment protection.”

“Yet, here we see data brokers and government agencies tying themselves in knots trying to explain how people can lack an expectation of privacy in such obviously personal and sensitive location information. With the potential for abuse so high, Congress must step in to definitively end this practice,” he added.

Senator Ron Wyden has proposed legislation, called the Fourth Amendment is Not For Sale Act, that would require law enforcement and intelligence agencies to seek warrants before souring such data.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.