You are here

You are here

Secret Service dodges location-data warrants … there’s an app for that

Richi Jennings Your humble blogwatcher, dba RJA

Law enforcement continues to buy private data from brokers. And investigative journalists continue to uncover these shocking truths.

Location data seems to be law enforcers’ favorite retail therapy target. And the latest agency to be found using it is the US Secret Service. Fourth Amendment be damned.

And, in the end, the love you take is equal to the love you make. In this week’s Security Blogwatch, we cross over, between Belishas.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: ykcul teg.

He’d let us in—knows where we’ve been

Here come old Joseph Cox. He come groovin’ up slowly—Secret Service Bought Phone Location Data from Apps, Contract Confirms:

The sale highlights the issue of law enforcement agencies buying information … that they would ordinarily need a warrant or court order to obtain. This … relates to the sale of Locate X, a [service] from a company called Babel Street. [We] obtained the document through a … FOIA request.

A myriad of smartphone apps … collect location data. Sometimes this may provide some benefit to the app's operation itself, such as being able to route directions from a users' current location, but many of these apps often sell that information … to data brokers or other companies.

Government agencies are increasingly at the end of that location data chain [for example] Immigration and Customs Enforcement … the Internal Revenue Service. … An agency does not need to seek a warrant when it simply buys the data [and] some law enforcement agencies are paying for access to data from hacked websites.

Babel Street did not respond to a request for comment. The Secret Service did not respond either.

Something in the way Christine Fisher knows—Normally, law enforcement would need a warrant or court order:

A Freedom of Information Act (FOIA) request show that … the Secret Service paid a private company … $35,844 for a one-year subscription. … This isn’t a new issue: Federal agents have reportedly been buying commercially-available cell phone location data to track immigrants for years.

With Locate X, an agency like the Secret Service could, for instance, create a geo-fence around a crime scene. It could then identify mobile devices that were in that area … and see where those devices traveled before or after the incident.

It’s unclear how federal agencies get away with obtaining this info without a warrant. In 2018, the US Supreme Court ruled that law enforcement need a warrant to perform cell phone tower searches.

Bang bang, Rhett Jones’ silver hammer came down—Secret Service Paid to Get Americans' Location Data Without a Warrant:

In all the talk about TikTok collecting the data of Americans and sending it to the Chinese government, we’ve often overlooked the broader issue of data brokers collecting the data of Americans and sending it god-knows-where. … Babel Street is a shadowy organization that offers a product called Locate X that is reportedly used to gather anonymized location data from a host of popular apps that users have unwittingly installed.

Based on Fourth Amendment protections, law enforcement typically has to get a warrant or court order to seek to obtain Americans’ location data. In 2018, the Supreme Court ruled that cops still need a warrant to gather cellphone location data from network providers. … The Locate X system saves government agencies the time of going through judicial review.

The data brokerage industry benefits from the confusion … about what information is collected and shared by various private companies that are perfectly within their legal rights. You can debate whether it’s acceptable for private companies to sell this data to each other. … But when this kind of sale is made to the U.S. government, it’s hard to argue that these practices aren’t, at least, violating the spirit of our constitutional rights.

Neither the Secret Service nor Babel Street immediately responded to [my] request for comment.

Well, you know I nearly broke down and cried. Here’s what Immerman wants to know:

What I want to know is, why was no warrant necessary? The requirement for a warrant is a limitation on police activity to limit abuse.

There's no technical reason cops have to get a warrant before installing a GPS tracker on your car, or a surveillance feed into your living room. They need a warrant because they're not legally allowed to conduct that surveillance without it.

What difference does it make if it's a third party doing the spying? Either they get a warrant first, or they should be brought up on charges for illegal surveillance.

But I feel that ice is slowly meltingcoryseaman is unclear why people keep banging on about warrants:

What's not clear? What's being purchased is anonymous device data … available commercially … and its purchase doesn't require a warrant.

Users have consented to the sharing of the underlying data … whether knowingly or not, and it doesn't include the identities of the device owners. [Police] would need to obtain a warrant to discover its owner, obtain call records, or get its identifiable device ID and attempt to trace its location in real time.

This is a fair bit different than offering the fourth amendment up for sale.

And neither is TimothyHollins, because the sky is blue:

It's not illegal to use a snitch.

If you have a problem with this development in law enforcement I suggest you go to the root, the gathering and collation of information on private citizens in general.

You’re gonna carry that weight. So run, DMCVegas:

The more scary aspect? … Detective work in the future becoming far too reliant upon technology … and law enforcement officials failing to do their job without it.

What happens when you … have a suspect [who] learns how to game the system to skew the data … that applications like this run off of? What happens when common sense is rejected entirely, and instead we rely upon data streams and algorithms? … What happens when [individuals] send false location information, and LEOs fail to stop criminals?

Surely everyone knows that apps can record your location? DogDude barks in the middle of negotiations:

C'mon. [Smart] phones have been popular for a decade, and all apps do this.

I really doubt that anybody doesn't know they're spying devices by now. That seems really far-fetched.

iOS 14 is going to blur the location accuracy given to apps. But Omnom Bacon tanta mucho que canite carousel:

Kinda pointless to have a 1 mile radius of where you could possibly be, when the app knows you're connected to the Starbucks wifi at First and Main.

Meanwhile, NoNonAlphaCharsHere sleeps in a hole in the road: [You’re fired—Ed.]

Frankly, most users don't give a ****. [It’s] kind of like how error dialog boxes … saying "Something Really Bad™ is about to happen, is that OK? [Yes] [No]" may as well just have a single [Whatever] button.

The moral of the story?

If your apps gather location data, think carefully about what you do with it, in case a PR firestorm blows up in your face. (And if you’re buying it, quit the police department and get yourself a steady job.)

And finally

Ykcul teg

Warning: Do not turn on subtitles if easily offended or don’t mind wetting yourself in laughter (smiles await you when you rise).

Previously in “And finally”

You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or Ask your doctor before reading. Your mileage may vary. E&OE. 30

This week’s zomgsauce: Claudio Toledo (cc:by). Someday I'm going to make her mine.

Keep learning

Read more articles about: SecurityData Security