Activist Leaks Files From a Data Broker for Demoing its Software With ICE

To protest a data broker giving trial accounts of their product to U.S. Immigrations and Customs Enforcement, a source has provided Motherboard with internal files of Sayari, a company that collects and resells access to data on citizens from more than a hundred different countries. Sayari's data banks include physical addresses, email addresses, and bank account information. Sayari sells its tool to government agencies, private companies, and journalistic outlets, which can use it to search through all of the company's data.

The leak comes as lawyers and scholars criticise established data brokers such as LexisNexis over their own work with ICE.

"I saw tech workers at Microsoft (GitHub), Google, and others start taking stands and achieve incremental gains and I thought why not me," the source told Motherboard. Motherboard granted the source anonymity to discuss internal Sayari issues.

On its website, Sayari markets its tool to companies that want to research customers, partners, competitors, and "third parties" in the U.S. and elsewhere in the world. Although the data Sayari offers access to is scraped from public sources, Sayari's tool provides all of that information in one, easy-to-use interface that can search across multiple different datasets at once.

The source provided several sets of alleged data on celebrities and high profile people, as well as information about Sayari's clients.

"Unparalleled coverage of the hardest-target countries in the world," Sayari's website reads. Sayari sells access to data from dozens of countries, including Mexico, China, the United Kingdom, Russia, and the United States, according to a list obtained by Motherboard.

"I am terrified of what ICE can and will do with that data," the source said. The source provided Motherboard with photos of internal Sayari administration panels, including a list of organizations that have had access to the system, and what sort of privileges to the data Sayari had granted them.

One of the organizations that has had access is ICE, according to the administration panels. A section of ICE is Homeland Security Investigations (HSI).

"We demoed the tool and gave trial accounts to HSI agents from the Export Enforcement Coordination Center […] within HSI’s National Security Investigations Division. The specific use case was around counter-proliferation, which squarely aligns with our mission," Farley Mesko, CEO and co-founder of Sayari told Motherboard in an email.

Mesko said the company has no contract with ICE, and added, "we would absolutely support HSI in their mission set." Mesko sent Motherboard a passage from the company's handbook, a part of which says, "we will not support the detention and processing of undocumented workers or refugees."

According to public contracting information, U.S. Customs and Border Protection (CBP) purchased Sayari licenses from a reseller for over $430,000 in August.

A CBP spokesperson wrote in an email, "CBP uses a broad range of government and commercial data to support and enhance our border security and facilitation missions. Sayari is but one example of commercially available data used by CBP to better understand and assess the flows of people and goods entering and exiting the United States."

"Sayari's clients are vetted to make sure they have a valid public interest for accessing our open source data products, such as prevention of financial crime and illicit trade, conducting investigative journalism, enhancing national security, and many others. We make sure to understand these client needs before, during, and after onboarding, and we have a team dedicated to working with clients to ensure success," Mesko added.

The move is the latest in a continuously growing push back against ICE from tech workers. Last week, five GitHub employees resigned over the company's contract with ICE, and several speakers dropped out of GitHub's own conference. In September, tech company Chef said it would not renew its own contract with ICE after a former employee deleted open-source code he wrote in protest. Last week, The Intercept reported that a group of 300 lawyers and scholars signed a letter asking brokers LexisNexis and Thomson Reuters to end their own contracts with ICE. Both of those companies sell similar products to Sayari.

Update: This piece has been updated to include comment from CBP.

Subscribe to our cybersecurity podcast, CYBER.