CBP Tracked Phone Locations Using Online Ad Data

The digital landscape of modern conflict and law enforcement is increasingly defined by the collection and use of personal data, raising profound questions about privacy and surveillance. Recent events highlight a world where internet blackouts, hacked applications, and electronic warfare tactics are becoming standard, while government agencies leverage commercial data streams for intelligence purposes. This convergence of technology and security creates a complex environment where individual movements can be tracked on a massive scale, often without direct warrants or clear public oversight.

The United States Customs and Border Protection (CBP) has officially acknowledged purchasing mobile phone location data derived from the online advertising ecosystem. This admission came to light in a document obtained through a Freedom of Information Act request. The agency ran a trial program between 2019 and 2021, acquiring data harvested from real-time bidding processes. These automated auctions, which determine which ads users see online and in apps, can collect a trove of information from devices, including precise location details. This commercially available data, often repackaged and sold by data brokers, provides a detailed record of daily movements. While CBP has not commented on whether it continues this practice, reports indicate another agency, Immigration and Customs Enforcement (ICE), has planned to access a separate system designed to monitor phone movements across entire neighborhoods.

Beyond border enforcement, international legal cooperation is also piercing digital privacy. The FBI successfully identified an Atlanta protester after obtaining information from the encrypted email service Proton Mail. According to court documents, Swiss authorities complied with a U.S. request under a Mutual Legal Assistance Treaty. They used Swiss law to request payment information tied to a specific Proton email address associated with the protests. That data was then shared with U.S. officials, leading to the identification of an individual. This case demonstrates how international treaties can be used to access information from services marketed on strong privacy protections.

These developments occur against a backdrop of escalating global tensions. A conflict involving the U.S. and Israel in Iran has resulted in significant casualties and a near-total internet shutdown within Iran, severely hindering communication and aid efforts. Cyber tactics have become integrated into warfare, with hacked prayer apps sending threatening messages and security camera systems being compromised. Meanwhile, critical infrastructure like missile-defense systems faces direct attacks, and maritime chokepoints experience increased electronic GPS jamming.

Domestically, these events coincide with political shifts, including the dismissal of the Homeland Security secretary. The security tools themselves are also proliferating; a sophisticated iPhone hacking toolkit, believed to be of U.S. government origin, is now in the hands of other nations and criminal groups. In response to these multifaceted threats, some lawmakers are pushing for investigations into longstanding cyber vulnerabilities, while private individuals are contributing tools like open-source global threat maps. The ongoing integration of commercial surveillance data into government operations marks a significant evolution in how movement is monitored and individuals are identified.

(Source: Wired)