John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
There’s a loophole in American privacy law big enough to drive a surveillance van through. Under oath in front of the Senate, FBI Director Kash Patel just confirmed the feds are using it.
The FBI is purchasing bulk location data from commercial data brokers. No warrant. No judge. No court order. Completely legal. And here’s the twist: the FBI said it stopped doing this back in 2023. Patel confirmed they started again.
The legal logic is simple and frustrating. The 2018 Carpenter ruling says the government needs a warrant to seize your location data from carriers. That’s a win. But Carpenter covers seizure, not purchase. The data broker market doesn’t care. Apps bleed location data constantly. Brokers package it. Sell it. Resell it. And when the FBI buys it like any other customer, no judge ever sees the transaction.
This isn’t targeted surveillance of a named suspect. It’s bulk. Mass. The kind of scale that would require a court order if it went through any other channel.
Meanwhile, WhatsApp is rolling out username-based connections by mid-2026, meaning you won’t have to hand over your phone number to chat. That’s a small win for 2 billion people, but it doesn’t touch the data broker problem. These are two separate threat surfaces.
What you can actually do right now: tighten your app location permissions to “never” or “only while using,” look into data broker opt-out services, and consider a no-log VPN. None of it is a complete fix, but the data broker market runs on convenience and inattention. Make yourself a harder target.
The FBI buying location data is legal. Whether Congress does anything about it is an open question. What you do in the meantime isn’t.