A group of over a dozen lawmakers led by Representative Mark Pocan, including Ilhan Omar, Rashida Tlaib, and Alexandria Ocasio-Cortez, are demanding answers from military and intelligence chiefs on how the U.S. military has purchased location data.
The move comes after Motherboard revealed how a company called X-Mode harvested granular location data from multiple Muslim-focused apps, including a Quran app called Muslim Pro with over 98 million downloads. X-Mode sells location data to military contractors, and by extension, U.S. military intelligence.
"This disclosure raises serious concern that such information is advancing systematic, warrantless surveillance of the Muslim-American community contrary to the privacy protections guaranteed in the U.S. Constitution," the letter, addressed to Defense Secretary General Lloyd Austin and Director of National Intelligence Avril Haines, reads.
Do you work at a company selling location data to the government? Or are you a customer of such data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
The lawmakers are seeking answers to a wide range of questions, specifying that they want answers for each military and intelligence community agency. Those questions include: has any warrantless surveillance occurred on any U.S. citizen using purchased location data; how many Muslim Americans were impacted by such surveillance; and whether the U.S. military or intelligence community currently possess location data of American citizens, including Muslim Americans.
"We cannot simply repeat the mistakes and opacity of the previous administration. The Biden administration has an opportunity to prioritize transparency and the civil liberties of Muslim Americans after two decades of surveillance and spying by our federal intelligence community, we urge them to do so," Pocan said in a statement.
"President Biden must ensure that the civil rights of all people, including Muslim Americans are protected," Tlaib said in a statement "We cannot continue to allow our government to intrude on and violate the privacy and rights of people across this country."
Motherboard found apps that provided data to X-Mode by reverse engineering them and intercepting the traffic between the apps and X-Mode's servers. Other apps included "Accupedo," a step counter, and "CPlus for Craigslist," an app for browsing Craigslist. In the wake of Motherboard's report, both Apple and Google banned X-Mode from their respective app stores.
As part of that same report, Motherboard also found that U.S. Special Operations Command, a branch of the military tasked with counterterrorism, counterinsurgency, and special reconnaissance, bought access to a product called Locate X, which also uses data harvested from apps.
In January Motherboard reported that five more Muslim-focused apps also worked with X-Mode, including Qibla Compass, which has over 5 million downloads.
Law enforcement and other government agencies have increasingly purchased commercial location data from a variety of different suppliers. In February last year, The Wall Street Journal reported that Immigration and Customs Enforcement and Customs and Border Protection sourced access to data from a company called Venntel. Motherboard found CBP spent nearly half a million dollars on additional access to the data.
Through a leaked dataset and more app reverse engineering, Motherboard also found that an app called Salaat First (Prayer Times) provided data to a company called Predicio. Predicio is connected to a supply chain of data to Venntel.
At least some agencies argue that they do not need to acquire a warrant or court order before querying such data. In their letter, the lawmakers also asked "Has evidence been used in any court application, trial, hearing or other proceeding that consists of, was obtained from, or was derived from location information purchased from a commercial vendor?"
Senator Ron Wyden plans to introduce legislation that would stop law enforcement agencies from buying such information. A memo obtained by Wyden’s office shows that the Defense Intelligence Agency (DIA) has been granted permission to query a set of U.S. commercial location data without a warrant five times in the past two and a half years, The New York Times reported.
"It is imperative that every American citizen, no matter their ethnicity or religion, is certain their Fourth and First Amendment rights are not only protected, but equally enforced," the new letter concludes.
Beyond Pocan, Omar, Tlaib, and Ocasio-Cortez, the letter was also signed by Representatives Adriano Espaillat, Alan Lowenthal, André Carson, Barbara Lee, Debbie Dingell, Earl Blumenauer, Jamaal Bowman, Ed.D., Jesús G. “Chuy” García, Pramila Jayapal, Raúl Grijalva, Ro Khanna, Suzan DelBene, and Zoe Lofgren.
Subscribe to our cybersecurity podcast CYBER, here.