The seemingly innocuous data collected for targeted advertising is now being leveraged for government surveillance, raising serious privacy concerns. A recent Department of Homeland Security (DHS) document obtained through a Freedom of Information Act (FOIA) request reveals that Customs and Border Protection (CBP) purchased data from the online advertising ecosystem to track individuals’ movements, often sourced from everyday apps like video games, dating services, and fitness trackers. This practice highlights a growing trend of law enforcement agencies circumventing traditional warrant requirements by tapping into the vast data streams generated by the ad tech industry.
This new method of tracking differs from previous concerns about location data, which often involved purchasing data obtained via installed apps with location tracking features. The current practice involves acquiring information gathered and tracked by ad brokers, utilizing advertising identification (AdID) to monitor device movements. Even as this data doesn’t directly identify individuals, it allows investigators to build detailed location histories and potentially link devices to their owners, raising questions about the scope of government surveillance and the protection of personal privacy. The increasing leverage of this type of data underscores the need for greater transparency and regulation surrounding the collection and sale of location information.
CBP’s Data Purchases and Congressional Concerns
The DHS document details how CBP acquired location data through the online advertising ecosystem. This data, generated as part of the real-time bidding (RTB) process used for targeted advertising, allows the agency to track devices and build profiles of movement patterns. According to the document, this information can be used to create geofences – virtual boundaries that trigger alerts when a device enters a specific area – and track devices over time, potentially revealing where individuals live, work, or frequent other sensitive locations. This practice came to light after CBP initially told Senator Ron Wyden in 2023 that it would cease purchasing location data from data brokers, a promise that now appears to be broken.
A letter signed by 58 members of Congress, including Senator Wyden and Representative Adriano Espaillat, expresses deep concern over CBP’s continued use of data brokers and its refusal to provide transparency regarding its location tracking efforts. The letter highlights a pattern of stonewalling congressional oversight, with ICE recently cancelling a scheduled briefing with Senator Wyden’s office just one day before it was set to take place on February 10, 2026. This cancellation, without explanation or offer to reschedule, further fuels concerns about the agency’s commitment to accountability and adherence to constitutional protections.
Beyond Pilots: Illegal Data Usage Confirmed
While CBP initially characterized its data purchases as a “pilot program” with no operational use, investigations by the DHS Office of the Inspector General (OIG) revealed a different story. The OIG found that both CBP and ICE did not limit themselves to non-operational use of the data, and that the Secret Service also illegally used the smartphone location data. A CBP official was even found to have used the data to track coworkers without any investigative purpose. Despite these findings, CBP and ICE continued to purchase access to location data, demonstrating a disregard for legal and ethical boundaries.
This isn’t the first instance of federal agencies utilizing data brokers to obtain location information. Immigration and Customs Enforcement (ICE) has also purchased similar tools to monitor the movements of phones in entire neighborhoods and expressed interest in sourcing more “Ad Tech” data for its investigations, as revealed in public procurement documents. This broader trend raises concerns about the potential for abuse and the erosion of privacy rights.
How Ad Data Enables Tracking
The key to this new surveillance method lies in the AdID, a unique identifier assigned to each device. This identifier acts as a link between a device and its location data, allowing marketers – and now, government agencies – to attribute movements to a specific device. The data is generated through the RTB process, where advertisers bid on the opportunity to display ads to users based on their location and other demographic information. While the data itself doesn’t directly identify individuals, it can be combined with other information to create detailed profiles and track movements over time. Companies like Palantir are reportedly involved in assisting with this process, further blurring the lines between data collection and government surveillance.
Despite the concerns, CBP has yet to produce a Privacy Impact Assessment (PIA) for this program, a document required before rolling out initiatives that collect and use personal data. The agency produced a Privacy Threshold Analysis (PTA) after the “pilot program” closed in 2021, but the lack of a PIA raises questions about whether the agency adequately considered the privacy implications of its data collection practices.
The situation underscores a troubling pattern: government agencies claiming to be testing new technologies, only to then use them for actual surveillance, and then refusing to be transparent about their actions when questioned by Congress. As technology continues to evolve, the need for robust privacy protections and effective oversight becomes increasingly critical.
The future of location data privacy remains uncertain. Continued congressional scrutiny and potential legal challenges will likely shape how law enforcement agencies can access and use this type of information. The debate over the balance between security and privacy is far from over, and the implications of these practices will continue to be felt for years to come.
What are your thoughts on the government’s use of location data? Share your comments below and let us know what you feel should be done to protect privacy in the digital age.
