Immigration and Customs Enforcement has stopped using commercial telemetry data, including phone data that reveals a person’s location, an agency spokesperson confirmed to FedScoop.
“Like other law enforcement agencies, Homeland Security Investigations (HSI) employs various forms of technology to investigate violations of the law, with appropriate respect for civil liberties and privacy interests.” said the spokesperson.
The move comes amid continued bipartisan concerns about law enforcement purchasing people’s location data without obtaining a warrant. Sens. Rand Paul, Republican of Kentucky, and Sen. Ron Wyden, Democrat of Oregon, proposed the Fourth Amendment Not for Sale Act, which would require law enforcement agencies to seek court permission before paying for location data. did. The Federal Trade Commission also recently took action against the sale of location data by data brokers. Civil liberties experts continue to warn against this practice.
Adam Schwartz, director of privacy litigation at the Electronic Frontier Foundation, said the digital rights nonprofit’s opinion is that the Fourth Amendment should not be interpreted by courts to prohibit the government from purchasing this type of data. That means it should be done.” To obtain this data directly from an individual or their service provider, a warrant must be obtained. ”
“This is kind of an exception to the warrant requirement for government credit cards,” he added. “Partly because the government is so secretive about what it’s doing, this is an issue that the courts have not yet decided.”
ICE’s decision to stop purchasing this data is a notable change from late September, when the Department of Homeland Security’s inspector general released a partially redacted report that showed three components of the agency’s ICE, Customer and Border Protection, and the U.S. Secret Intelligence Service pointed out that: — did not comply with the department’s privacy policy regarding commercial telemetry data (CTD). ICE specifically did not have his CTD Privacy Impact Assessment approved. This is a type of disclosure intended to provide an overview of how personal information may be used by digital technologies deployed by the government and is consistent with DHS internal privacy policies and e-government laws. is in violation.
(The OIG’s report also highlights the risks of misuse and irresponsible use of CTDs by employees. For example, one CBP employee reported using a CTD to track a co-worker without any investigative purpose. states).
At the time, ICE said it would continue to use CTD, was committed to completing its geolocation service PIA in the first quarter of this year, and had privacy risk mitigation strategies in place. This response did not satisfy DHS, which stated that its recommendations “remain open and unresolved until ICE completes its PIA requirements or ceases noncompliant use of the CTD.” Specifically, the DHS OIG Office discovered that ICE had nine contracts with him. During 2019 and 2020, we accessed two CTD databases and performed over 16,000 searches.
Two other DHS components mentioned in the report also provided comments to FedScoop. According to a spokesperson, CBP has “terminated contracts utilizing CTD technology” at the end of fiscal year 2023.
“DHS, including CBP, uses many forms of technology to further its mission, including tools to assist in investigations related to dark web illicit trade, transnational crime, and terrorism, among other things. “We are using it,” the spokesperson added. “DHS is leveraging this technology in a manner consistent with the authorities and the law.”
In an email, U.S. Secret Service spokeswoman Alexandria Walley referenced the company’s privacy compliance policy in discussing PIA requirements, but added, “As a matter of operational security, the Secret Service “I’m not commenting on the methodology.”
“As part of this policy, the Secret Service will work with the DHS Office of Privacy to determine if and when additional privacy compliance documentation is required. We believe that the issue is resolved.”
A post on Oversight.gov states that eight recommendations from the OIG report remain outstanding, including a plan for DHS’ chief information officer to create a formal department-wide policy on CTDs. The ministry’s initial response estimated that policy development recommendations would be completed by June 2024.
DHS CIO Eric Hysen did not respond to a request for comment on the policy. The department’s Office of Inspector General said DHS has yet to provide an update on its progress on the recommendations, past its normal 90-day response time.
“Typically, within 90 days of publication of a report, the Department will submit a recommendation update letter to DHS OIG,” an OIG spokesperson said. “I look forward to receiving the Department’s 90-day update on OIG-23-16.”