John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Two WIRED stories dropped this week about Customs and Border Protection. Together, they paint a pretty ugly picture.
Story one: CBP bought commercial advertising data to track where people’s phones go. Not with a warrant. Not with a subpoena. They just bought it from a data broker.
Story two: CBP’s own privacy officers, the people literally hired to catch this kind of thing, were fired after they objected to orders they believed were illegal. Specifically, orders to mislabel government records so they couldn’t be released under FOIA.
Now, WIRED doesn’t directly connect the two. The privacy officers weren’t fired specifically for objecting to the ad tracking program, at least not as reported. But the pattern is hard to ignore. An agency working around privacy rules on one hand, while gutting its internal oversight on the other.
The legal logic behind the ad data purchase is almost elegant in how cynical it is. The Fourth Amendment says the government needs a warrant to compel your carrier to hand over location records. But what if they don’t compel anyone? What if they just buy the data on the open market?
Your phone is constantly reporting its location to ad networks. Weather apps, navigation apps, basically anything with ads. Aggregators buy that data and resell it for targeting and analytics. And apparently, to federal agencies who’d rather not bother with a judge.
The bipartisan Section 702 reform bill currently in Congress would close this loophole. If it passes, buying your way around a warrant becomes just as illegal as compelling your way around one.
As for the privacy officers, the details matter. They weren’t just pushed out quietly. They objected to mislabeling documents to dodge FOIA requests. FOIA is how reporters, researchers, and regular citizens access government records. Sabotaging that process isn’t a paperwork issue. It’s obstruction of public accountability.
They raised the alarm. They got removed.
If you carry a phone with apps that have location permissions (so, everyone), your location data has almost certainly been sold. You don’t know to whom. You weren’t really asked. The privacy policies technically covered it, but nobody reads those.
Want to limit your exposure? Restrict location permissions to apps that actually need it. Know the difference between “deny while not in use” and “deny always.” And pay attention to that reform bill working its way through Congress. It won’t stop the commercial data collection, but it would at least stop the government from being one of the buyers.