Pentagon conducting warrantless surveillance of Americans, senator says

The Pentagon is conducting warrantless surveillance of Americans, according to a U.S. senator. A letter written by Sen. Ron Wyden (D-Ore.) demands the Department of Defense release information about any government agencies buying location data from "shady" app companies to spy on U.S. citizens.

"I write to urge you to release to the public information about the Department of Defense's (DoD) warrantless surveillance of Americans," stated the letter addressed to Secretary of Defense Lloyd J. Austin III.

The letter refers to media reports from February 2020 asserting that "U.S. government agencies are buying location data obtained from apps on Americans' phones and are doing so without any kind of legal process, such as a court order." Wyden writes that he has "spent the last year investigating the shady, unregulated data brokers that are selling this data and the government agencies that are buying it."

Last year, the Wall Street Journal reported that law enforcement agencies were using cellphone GPS data taken from mobile apps without obtaining a warrant first. The article referenced a Treasury Department watchdog report claimed that the Internal Revenue Service was utilizing commercial platforms to track cellphones.

A Vox report from the same time said it wasn't only the IRS that used cellphone data from apps to track Americans, "The military, the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), and the Department of Homeland Security (DHS) do it, too."

"The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone's location," the WSJ reported in February 2020. "U.S. Immigration and Customs Enforcement, a division of DHS, has used the data to help identify immigrants who were later arrested, these people said. U.S. Customs and Border Protection, another agency under DHS, uses the information to look for cellphone activity in unusual places, such as remote stretches of desert that straddle the Mexican border."

Apps downloaded to a mobile phone send location data to third-party companies that then sell that data to "advertisers, marketers, and data brokers — even other location data providers," and the information could be passed through "several companies before it reaches its end user," which could be government agencies willing to pay for the data.

Sean O'Brien, principal researcher of ExpressVPN's Digital Security Lab, said the practice is akin to "data laundering." O'Brien told Recode. "There are so many actors sharing and selling data that it's incredibly difficult to chase the trail."

One of the companies selling app information to the government was X-Mode Social Inc. Upon the release of the reports of the data broker selling location information of cellphone users to U.S. military contractors, X-Mode's software development kits and location trackers were banned from the Apple Store and Google Play Store, the two biggest app stores in the world. X-Mode's software development kit was used in hundreds of apps with millions of users.

It is illegal for the U.S. government to directly surveil Americans without a warrant under the Fourth Amendment. In 2018, the U.S. Supreme Court ruled 5-4 to impose limits on the ability of law enforcement "to obtain cellphone data pinpointing the past location of criminal suspects in a major victory for digital privacy advocates," according to Reuters.

But government agencies contend they aren't doing anything illegal since they're "simply buying commercially available data supplied by users who consented for that data to be collected," Vox added.

In January, the New York Times reported on an unclassified memo from the Defense Intelligence Agency that allegedly revealed that DIA analysts "have searched for the movements of Americans within a commercial database in five investigations over the past two and a half years."

"DIA. does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes," the DIA memo purportedly said.

Wyden demands that the Pentagon reveal if any other DoD components besides the DIA are "buying and using without a court order location data collected from phones located in the United States."

Vice's Motherboard tech blog reported that one of the answers was classified:

Some of the answers the DoD provided were given in a form that means Wyden's office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public. A Wyden aide told Motherboard that the Senator is unable to make the information public at this time, but believes it would meaningfully inform the debate around how the DoD is interpreting the law and its purchases of data. Wyden and his staff with appropriate security clearances are able to review classified responses, a Wyden aide told Motherboard. Wyden's office declined to provide Motherboard with specifics about the classified answer. But a Wyden aide said that the question related to the DoD buying internet metadata.

This allegation of the government spying on people arrives a month after the bombshell report revealing the United States Postal Service has been secretly collecting data regarding social media posts by Americans.