DHS buying personal data from govt contractors pushes Congress to pass legislation curtailing 3rd party data brokers

New revelations of federal government agencies buying large troves of personal data, including cell phone location data, from controversial data brokers and government contractors has spurred Congress to try and pass legislation that would severely constrain what data the government can buy from contractors.

The American Civil Liberties Union (ACLU) earlier this week published thousands of pages of previously unreleased records about how Customs and Border Protection, Immigration and Customs Enforcement, and other parts of the Department of Homeland Security bought from government contractors enormous volumes of people’s cell phone location information secretly extracted from smartphone apps.

The ACLU documents show how millions of taxpayer dollars were spent by DHS used to buy access to cell phone location information being aggregated and sold by two controversial and opaque government contracted data brokers, Venntel and Babel Street.

There have been multiple such instances of law enforcement and intelligence agencies purchasing Americans’ personal data which has spurred Congress to take action to try and stop such behavior through bipartisan legislation in the House and Senate.

‘The Fourth Amendment Is Not For Sale Act,’ introduced by Sen. Ron Wyden, D-OR., and Sen. Rand Paul, R-KY., along with 18 other senators in April of 2021, would force the police to obtain a court order before purchasing people’s personal information through third-party data brokers, which often deceptively bundle and sell user photos and other personal data from smartphone apps, social media, and other sources.

The bill focuses on data brokers and government contractors that scrape social media data to sell. It bans the police and government agencies from buying “illegitimately obtained information,” including information that was gathered deceptively through hacking or violations of a platform’s privacy policy or terms of service.

There is a bipartisan momentum in Congress to try and stop the government from having the ability to buy such data, particularly after the ACLU’s data dump.

“The federal government hasn’t always done a very thorough job of vetting how citizen’s data privacy is affected before buying the data and using it,” a Democratic Senate staffer familiar with the bill said.

“It should also be pointed out that several government agencies like the IRS have terminated their 3rd party data contracts because they’re a crap shoot, the data isn’t very good and so it isn’t even effective in many instances” the staffer added.

Consumer privacy advocates are also in favor of the bill introduced by Wyden and Paul that has companion legislation in the House that has been introduced by House Judiciary Chairman Rep. Jerry Nadler, D-NY.

“The information is effectively laundered through a middleman. Many app developers can sell geolocation data directly to the government, although in practice they usually operate through data brokers as well.” said Elizabeth Goitein, senior director focused on national security at the Brennan Center for Justice, a nonpartisan policy institute that supports the Fourth Amendment is Not For Sale Act.

“We’ve seen this already, the Department of Defense purchased access to geolocation information from popular Muslim prayer and dating apps. Police departments used a data broker to track people who attended racial justice protests in Ferguson and Baltimore,” Goitein added during a House Judiciary Committee hearing Tuesday regarding government access to personal data. “It’s time for Congress to step in.”

Federal government contractors who provide IT and data solutions to intelligence agencies are worried, however, about how the legislation could unintentionally hurt the government’s ability to tackle sensitive issues of national security.

“Federal agencies may be affected by this because it could make it harder for them to get certain data sets,” said Alan Thomas, Chief Operating Officer of Intellibridge, an IT services and consulting company with defense, national security and federal law enforcement clients.

“Law enforcement and intelligence agencies sometimes do good work with such data collected. So the question is how do we balance civil liberties and privacy concerns with the government carrying out important sensitive missions,” said Thomas, who has also had multiple stints within the federal government at the GSA, DOD, and the Army.