Mediaboss Marketing

from the we-can-remember-where-you-were-wholesale dept

The Supreme Court may have extended constitutional protection to historical cell site location info, but thats not going to stop our public servants and the private companies that serve them from finding ways to elude the ramifications of the Carpenter decision.

Over the past couple of years, court documents and public records have exposed this law enforcement-adjacent business. (These brokers also sell data to private companies, but seem to prefer their government contracts.) Bypassing even questionable geofence warrants (ones that perform searches of areas for devices of interest, rather than targeting any specific suspect), government agencies are buying direct access to location data pulled from dozens of apps that collect this information while in use.

The EFF has obtained several documents detailing the offerings of Fog Data Science, yet another entrant in the data broker sweepstakes. Pulling information gleaned from over 100 public records requests, the EFF notes the company has (or has had) contracts with at least 18 law enforcement agencies, including some at the federal level.

Heres what the company does:

The company, Fog Data Science, has claimed inmarketing materialsthat it has billions of data points about over 250 million devices and that its data can be used to learn about where its subjects work, live, and associate. Fog sells access to this data via a web application, calledFog Reveal, that lets customers point and click to accessdetailed historiesof regular peoples lives. This panoptic surveillance apparatus is offered tostate highway patrols,local police departments, andcounty sheriffsacross the country forless than $10,000 per year.

And it appears the company (and some of its law enforcement customers) believe obtaining location data through Fog (which the company advertises as being capable of long-term tracking) does not implicate the Fourth Amendment. One of its communications with the California Highway Patrol contains this statement from a Fog representative one which states it has spoken to other law enforcement customers who believe the Carpenter decision has nothing to do with this particular location data source.

We havent done any work on Carpenter. We have had several clients view our solution through the lens of Carpenter, most recently was from a meeting I had with NJ State Police and NJ AGs Office. The attorneys in the meeting felt that since we are providing non PII [personally identifying info] data, held by third parties, Carpenter doesnt apply. As you know, in the Carpenter case, the FBI had his cell number and requested specific records pertaining to him. With our data, we have no way of linking signals back to a specific device or owner.

That legal theory can be described most charitably as untested. Maybe courts will find that layering third parties (the app sources and the data broker hawking the data) makes it too far removed from the source to make Carpenter applicable. Or maybe some courts will find its ultimately close enough to the CSLI-enabled tracking in the Carpenter case (since investigators will use this data to identify suspects and then can go back to the brokers to gather more data on the targeted device/device owner) that warrants are required.

Either way, it shows law enforcement is looking for solutions that dont require judicial oversight, and Fog Data Science is more than willing to be that solution.

And the company may claim in its Carpenter discussion it doesnt provide PII and therefore cannot perform location tracking, but it claims otherwise in its marketing for its Fog Reveal product.

Law enforcement can specify one or more devices theyve identified and a time range, and Fog Reveal will return a list of location signals associated with each device. Fogs materials describe this capability as providing a persons pattern of life, which allows authorities to identify bed downs, presumably meaning where people sleep, and other locations of interest.In other words, Fogs service allows police to track peoples movements over long periods of time.

Despite all the options the company offers (allegedly up to 15 billion location signals each day from 250 million devices a month), Fog Data seems to be having trouble holding onto its law enforcement customers.

Additionally,the records EFF reviewedshow that several of the agencies that worked with Fog have sincecanceled their subscriptions,andat least one saidthey were not sure if they ever used Fog to successfully solve a case.

Thats not to say that if Fog sucks at its job, that makes it ok. It doesnt. App users may opt into sharing data with apps, but theyre rarely aware app developers are sending this information on to data brokers, who are now basically forcing app users one step removed from the data broker to share their location data with government agencies.

The first breakdown in responsibility comes from app developers who sell this information to data brokers. The second breakdown comes from Fogs government customers, who havent been exactly open or honest about their frequent use of third-party brokers to obtain bulk data they cant legally acquire from cell service providers without a warrant.

Theres much, much more in the EFFs discussion of its findings from its public records haul, including suspected links to Venntel, another data broker with plenty of powerful government clients. And it shows packaging and analyzing app data to track people is still a growth business, one that wont see any slowdown until its either reined in by privacy legislation or courtroom precedent.

Filed Under: 4th amendment, data brokers, data sharing, law enforcementCompanies: fog data science

Original post:
Yet Another Data Broker Found To Give Massive Amounts Of Location Info To Law Enforcement - Techdirt