March 4, 2021

DEA Ditches Location Data Vendor Currently Being Investigated By Congress

By Tim Cushing
The Supreme Court ruled that law enforcement agencies needed a warrant to obtain cell site location info. The ability to turn third parties (like telcos) into proxy long-term tracking devices concerned the court, which decided this wasn’t permissible under the Fourth Amendment. Every American carries a cellphone. But just because they do doesn’t mean they agree the government should be able to track their movements with them.

No problem, said federal law enforcement agencies. We’ll just get the same data from new sources — ones not specifically mentioned in the Carpenter decision. Data brokers harvesting location data from phone apps sell access to government agencies, allowing them to bypass the warrant requirement.

This new source of data location has become a concern for some legislators, which have demanded answers from agencies like the IRS and CBP about their acquisition and use of this data. One company — Venntel — is currently facing a Congressional investigation of its data selling practices. This hasn’t stopped CBP from buying data to track immigrants. But it has perhaps led to one agency — one with a long history of bulk collection violations — to ditch its contract with Venntell. Joseph Cox fills in the details at Motherboard.

The Drug Enforcement Administration abruptly cancelled its contract with Venntel, a U.S. contractor that sells location data harvested from ordinary apps installed on people’s phones around the world.

The news signals that although Venntel’s smartphone location data may be popular with some federal agencies, including Customs and Border Protection (CBP) which Motherboard found spent nearly half a million dollars to access the data, other law enforcement bodies may have less use for such technology.

As Cox’s report suggests, this may not be an indicator of reluctance to engage with a vendor currently under investigation. Instead, it may indicate some agencies find the harvested data less useful than others. The data CBP accesses allows it to track people’s movements on both sides of the border, which is far more useful than scattershot data that may not deliver anything of value to DEA agents seeking to make a drug bust.

The DEA’s cancellation was rather abrupt, suggesting it didn’t feel like paying for something it didn’t see itself using.

Keith Chu, communications director for the office of Senator Ron Wyden, described to Motherboard a conversation that his office had with the DEA.

“On DEA, they told our office: ‘[The Venntel contract was] terminated on our end before the first 30 days of the one year period of performance after determining it would not fit our needs,'” Chu said.

Then again, the DEA may have just cancelled this contract temporarily. The company is being investigated by Wyden and the senator has asked a lot of questions agencies may not feel like answering. Perhaps the DEA may re-engage when the heat dies down. Or it may seek to obtain this data from a different broker — one not currently targeted by a Congressional investigation. Given the restraints on collecting location data from service providers, any parallel source of data is still preferable to seeking a warrant.

If it’s not useful now, there’s a chance it will be in the future. That’s why Congress needs to act. And if it doesn’t, the courts need to examine this data collection under the constraints of the Carpenter decision and decide whether it’s ok for law enforcement to dodge warrant requirements that would seem to apply to ANY tracking of individuals, even if the data is sourced from third party data brokers.

Source:: https://www.techdirt.com/articles/20201215/12333545892/dea-ditches-location-data-vendor-currently-being-investigated-congress.shtml