If there weren’t enough reasons to be concerned about the U.S. government’s recent actions, here’s another: According to a report by 404 Media, Customs and Border Protection (CBP) has been purchasing location data from online ad agencies, which can be used to track people’s movements. An internal document from the Department of Homeland Security (DHS) confirmed that CBP has been using a roundabout method to tap into location data gathered by phone apps, including video games. When combined with location data tools, DHS can use the information to track a device’s movements, potentially revealing where they live or work.
CBP gained at least part of this data through a process called real-time bidding (RTB). RTB is a process used by marketing agencies to determine which users will receive their ads. When a mobile app is about to display an advertisement to a user, this kicks off an automated bidding process between companies to determine which gets the ad space. The robots participating in this auction utilize data associated with a particular user’s phone to determine whether it’s worth surfacing the ad to them. If you’ve ever received a hypertargeted web banner based on something you were just Googling, there’s a chance this was the result of RTB.
One element of user information passed along to marketing agencies is location data. Because of this, surveillance firms can harvest this information and sell it to government agencies. While not specified in the document, it’s obvious how this kind of information could potentially be used by ICE or CBP to track and intercept their targets. An investigation by The Wall Street Journal published last month found that ICE and CBP had bought location data from a vendor called Venntel, which they used to identify and arrest immigrants. The FTC later ruled that the data had been collected illegally and without proper consent.
A particularly insidious detail about the government collecting data through RTB is that the entire process happens without any direct acknowledgement from the apps that are passing along the info.t’s not like the publisher behind Candy Crush (one of the games discovered to be passing along this kind of data) is directly agreeing to send ad information to ICE. In most cases, games and other services use pre-packaged code to surface advertisements, and since the process is automated, the government can collect this data discreetly. Officials have even argued that this process doesn’t require a warrant.
This method of harvesting user information hasn’t been implemented unopposed, and Oregon Senator Ron Wyden has introduced legislation to block the government from buying this data and to stop tech companies from passing it along via RTB. “By refusing to cut off surveillance companies and sleazy data brokers, Big Tech companies are effectively collaborating with ICE’s lawless campaign of violence and terror. As a result, every internet ad on a website or app could be collecting location data that ICE will use for its next operation,” Wyden told 404 Media.
CBP and ICE have seemingly been acquiring location data associated with devices’ advertising IDs for some time, with CBP running a pilot program from 2019 to 2021. Later, the DHS Office of the Inspector General (OIG) found that the CBP, ICE, and the Secret Service had used this data illegally by overstepping imposed limitations. Unfortunately, it doesn’t seem like these kinds of internal reports are doing much to counter ICE’s increasingly invasive attempts to spy on people, whether it’s the agency tapping into Ring doorbell footage or phone advertising data.
Keep scrolling for more great stories.