An internal U.S. Customs and Border Protection document reveals that the agency bought online advertising data that could allow it to track mobile phone locations over time.
404 Media obtained what is known as a Privacy Threshold Analysis (PTA), a document the Department of Homeland Security (DHS) is required to submit when using or testing new tech, through a Freedom of Information Act request. The PTA is tied to a CBP pilot program that ran from 2019 to 2021.
According to the document, CBP was testing the use of commercially available marketing location data tied to mobile Advertising IDs (AdIDs) for its operations. The stated goal was to use that data to support the agency’s “targeting, vetting, analysis, and illicit network discovery processes.”
This is the first document to confirm that CBP has sourced mobile phone location data from online advertising systems, according to 404 Media.
While it was previously known that DHS agencies have purchased commercial cellphone location data from brokers, the document provides more details about how some of that data is generated.
When an ad loads inside a mobile app, an automated auction known as real-time bidding takes place to determine which ad a user sees. During that process, advertising companies can collect data from mobile phones, including their location.
The system relies on AdIDs, digital IDs assigned to a mobile device that function similarly to cookies on the web. While they don’t contain a person’s name or phone number, they provide a way for advertisers to track devices.
None of this should be too surprising to anyone who has been paying attention. In 2020, The Wall Street Journal reported that U.S. Immigration and Customs Enforcement (ICE) bought access to a commercial database of cellphone location data to help identify immigrants who were later arrested. The Journal also reported that CBP used the information to look for cellphone activity in unusual areas, like remote desert regions near the border.
The ACLU has also released documents in recent years, obtained through FOIA litigation, showing that DHS agencies have purchased large quantities of cellphone location data from data brokers, information they would otherwise need a warrant to obtain directly from phone companies.
More recently, 404 Media reported in January that ICE purchased access to surveillance products that allowed it to conduct searches for mobile devices within a specific geographic area over a period of time. That reporting prompted 70 lawmakers on Tuesday to call on the DHS Inspector General to investigate ICE’s purchase of location data.
In practice, the system described in the CBP document means that advertising data collected from everyday mobile apps, from games and dating platforms to weather and news apps, could potentially be used for surveillance purposes by government and law enforcement agencies.
CBP did not immediately respond to a request for comment from Gizmodo.
Read the full article here
