Adam Kovacevich is the CEO and founder of a center-left tech industry coalition called Chamber of Progress and has worked at the intersection of tech and politics for 20 years, leading public policy at Google and Lime and serving as a Democratic Hill aide.
When the Biden administration proposed new protections earlier this month to prevent law enforcement from demanding reproductive healthcare data from companies, they took a critical first step in protecting our personal data. But there remains a different, serious gap in data privacy that Congress needs to address.
While the Constitution prevents the government from compelling companies to turn over your sensitive data without due process, there are no laws or regulations stopping them from just buying it.
And the U.S. government has been buying private data for years.
Despite Supreme Court rulings that the government can’t acquire sensitive personal data like your location without a warrant, sketchy data brokers can and do sell this information directly to the government. They’re exploiting a loophole in our constitutional protections against surveillance: Because this data is sold on the open market, the government doesn’t need to compel anyone to provide it. They can simply purchase it without any oversight or legal ramifications.
Congress needs to ban the government from buying up sensitive geolocation data entirely — not just preventing its seizure. So long as agencies and law enforcement can legally purchase this sensitive information from data brokers, constitutional limits on the government’s ability to seize this data mean next to nothing.
The FBI, the military, and several other government and regulatory agencies are frequent customers of these data brokers both domestically and abroad. The data they purchase gives them alarming amounts of power to gather sensitive information from large groups of people.
The biggest victims of government surveillance are often marginalized communities. For example, the military purchased sensitive geolocation data gathered from a Muslim prayer app and a Muslim dating app in order to track users. The broker that sold the user geolocation data, Locate X, boasts of being “widely used” by the military, intelligence agencies and several levels of law enforcement. Immigration and Customs Enforcement (ICE) has also drawn criticism for purchasing user data in order to track migrants and skirt sanctuary laws.
Even the National Guard is taking advantage of the surveillance loophole, purchasing data to target and recruit high schoolers. And the FBI buys geolocation data to track millions of phones — all without needing a warrant.
We’ve already seen the potentially damaging consequences of private data and tracking being used by employers and landlords to the detriment of workers or tenants. Putting that information in the hands of government bodies whose decisions hold the weight of law presents an even more serious issue.
Government agencies are often resistant to disclosing how they use privately purchased data for law enforcement operations, but such purchases allow them to skirt surveillance restrictions put in place to protect our civil rights. Police departments have been circumventing facial recognition bans by going to third-party vendors for their facial recognition search results. In 2018, ICE claimed to make an arrest and deportation from a “routine traffic stop,” but had also coincidentally purchased specific cellular phone tower data that could have helped make the arrest.
To make matters worse, the data being sold to these powerful institutions may not even be accurate. In addition to being vulnerable to hacking, information from data brokers often relies on discriminatory algorithms and biases and can still often mistake your age, ethnicity and religion when creating profiles. When the government takes law enforcement action based on inaccurate data, the rights of all Americans are put at risk.
Biden’s proposed protection for reproductive health data is a step in the right direction, but it’s not nearly enough on its own. Congress must ban the government purchase of sensitive location data and address this huge loophole in data privacy — because so long as your information is up for sale, the government will keep buying it.
