Reps. Nadler, Thompson Send Letter to FBI, DHS on Personal Data

Two top Democrats in the House of Representatives have issued requests to a host of federal law enforcement agencies, including the FBI and Department of Homeland Security, demanding details of alleged purchases of Americans’ personal data. The lawmakers accuse the seven federal agencies of using commercial dealings with data brokers and so-called location aggregators to sidestep warrant requirements in obtaining Americans’ private data.

In a letter addressed to Attorney General Merrick Garland and six other agency heads on Tuesday, Reps. Jerrold Nadler and Bennie Thompson said that recent reports had found many law enforcement agencies — “including yours” — had purchased data or direct access to it “instead of obtaining it through statutory authorities, court order, or legal process.”

The lawmakers said companies trading in data have been known to package and sell a range of personal information, including, among others, records of internet browsing activity and precise locations.

“While law enforcement investigations necessitate some searches, improper government acquisition of this data can thwart statutory and constitutional protections designed to protect Americans’ due process rights,” the congressmen said.

“While comprehensive information on the widespread use of this practice is unavailable, the evidence indicates it is pervasive and that your agencies have contracts with numerous data brokers, who provide detailed information on millions of Americans,” wrote Nadler and Thompson, demanding the release of documents and communications between the agencies and data brokers with whom they may have deals or contracts.

The letter’s full list of recipients include: the Department of Justice; the Federal Bureau of Investigation; the Department of Homeland Security; U.S. Customs and Border Protection; U.S. Immigration and Customs Enforcement; the Drug Enforcement Agency; and the Bureau of Alcohol, Tobacco, Firearms, and Explosives.

A response to the inquiry was requested by month’s end.

Nadler and Thompson specifically named LexisNexis, a leading data analytics firm, which is reportedly in use by immigration enforcement agents attempting to track undocumented immigrants.

“For example, just one data broker, LexisNexis, contracts with over 1,300 local and state law enforcement agencies across the country,” the letter said.

Little is known about the how and how often the government buys private data, and there are few, if any rules, to prevent agencies like the FBI from simply buying information which it might not otherwise have legal authority to demand. Details of such arrangements have slowly trickled out through the press in recent years, such the Department of Homeland Security’s purchase of phone location data from marketing companies in 2020, first reported by the Wall Street Journal.

The New York Times first reported in 2018 that a company called Securus Technologies had helped its law enforcement partners track the locations of cellphones without a warrant. The data originated with major telecom companies like AT&T and Sprint, which later vowed to more tightly controlled the sharing of locational data. The promises came after a journalist at Motherboard wrote that he paid a bounty hunter $300 to produce the GPS coordinates of his phone.

Federal prosecutors this summer charged a deputy US marshal with abusing the Securus service, allegedly to target people he knew and their spouses, according to CyberScoop.

Sen. Ron Wyden, a leading privacy hawk on Capitol Hill, introduced the The Fourth Amendment Is Not For Sale Act with other lawmakers last year in response to the mounting evidence, attempting to ban law enforcement from buying geolocation and other data normally subject to evidentiary standards such as probable cause.

Correction: A previous version of this story identified the bill introduced by Wyden as the Geolocation Privacy and Surveillance Act, an older bill aimed at tackling the same issue, but which is more narrowly focused on locational data abuse. The Fourth Amendment Is Not For Sale Act, introduced in 2021, is broader in scope and applies to any data for which law enforcement would traditionally need a warrant.