Wray’s admission came after Senator Ron Wyden (Oregon-D) questioned the FBI chief on using commercially-available data during a U.S. Senate hearing on global threats. Wray told the senators that the FBI does not purchase U.S. location data at this time, instead relying on a “court authorized process.” However, Wray stated the agency had purchased such data in the past, for a currently inactive national security project. “To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray said. “I understand that we previously—as in the past—purchased some such information for a specific national security pilot project. But that’s not been active for some time,” the FBI director added.
Federal Agencies Can Buy Data In Absence of Privacy Law
The revelation, first reported by Wired, highlights a major gap in U.S. privacy law and raises concerns about a lack of oversight regarding the data-collecting actions of federal agencies. This area is also muddy since the country lacks privacy legislation in this regard on a federal level. However, a 2018 U.S. Supreme Court decision aimed to address the problem of accessing an individual’s data without their consent. In Carpenter vs. United States, the Supreme Court ruled that government agencies who accessed a person’s location data without a warrant violated their Fourth Amendment constitutional guarantee. The decision, though, did not prevent these agencies from buying data from brokers and companies. Agencies have previously purchased large amounts of location data, including the US Customs and Border Protection (CBP), the Defense Intelligence Agency, and the Department of Homeland Security. Agencies sometimes obtain location data from smartphone applications such as gaming or weather apps. U.S. lawmakers have not managed to address this issue through legislation. For example, even the American Data Privacy and Protection Act (ADPPA) grants data collecting, processing, or transferring exceptions for law enforcement agencies.
Keep Your Location Data Safe
Generally, federal agencies can ask companies to hand over their user’s data if they can produce a subpoena or warrant. However, an agency can only produce a subpoena or warrant through a court order. The feds can also issue emergency data request orders to companies, which do not require a court order. Unfortunately, fake emergency data request orders is a growing problem. In fact, even Apple and Meta fell for a scam where they handed over user data to imposters impersonating government officials. If you’re a privacy-conscious individual, you can use a VPN to prevent certain apps and websites from tracking your location data. We also recommend checking out VPNs that do not maintain user activity logs. This means even if a government agency were to reach out to them for your internet activity, the VPN provider will have nothing to hand over.