WASHINGTON—In a new document made public Friday, the nation’s top military intelligence agency acknowledged monitoring the location of U.S.-based mobile devices without a warrant through location data drawn from ordinary smartphone apps.
The Defense Intelligence Agency told congressional investigators that the agency has access to “commercially available geolocation metadata aggregated from smartphones” from both the U.S. and abroad. It said it had queried its database to look at the location information of U.S.-based smartphones five times in the last 2½ years as part of authorized investigations.
Such data is typically drawn from smartphone apps such as weather, games and other apps that get user permission to access a phone’s GPS location. A robust commercial market exists for such data for advertising and other commercial purposes. The Wall Street Journal first revealed last year that numerous U.S. government agencies were also buying access to that data from commercial brokers without a warrant, raising questions about whether those agencies were adequately safeguarding the privacy and civil liberties of Americans.
The ability of U.S. intelligence agencies to access data on Americans for intelligence purposes is typically circumscribed. A warrant from the secretive Foreign Intelligence Surveillance Court is required for most kinds of surveillance. However, the Defense Intelligence Agency told Congress that it didn’t believe it needed any sort of court authorization to acquire commercial data for foreign intelligence or national security purposes.
That echoes a position taken by numerous other U.S. government agencies in recent years as the amount of data on individuals using computers, smartphones and tablets has exploded. The Department of Homeland Security is buying a similar data product and is using it for warrantless tracking as part of its border security and immigration mission. The Internal Revenue Service also purchased access to cellphone data as part of its law enforcement mission. All claim because the data is purchased on the open market, no court order is required.
The disclosure about the DIA’s domestic monitoring efforts was made in a memo to the office of Sen. Ron Wyden, an Oregon Democrat who has been conducting an investigation into the use of commercially available data by government agencies for intelligence and law enforcement purposes. The New York Times first reported the existence of the memo.
A spokesman for the Defense Intelligence Agency declined to comment.
Mr. Wyden raised the issue of the government’s commercial data acquisition this month in a hearing to consider the nomination of Avril Haines, President Biden’s nominee for director of national intelligence.
“The abuses here take your breath away, and it really is a dodge on all the legal protections Americans have,” Mr. Wyden said about U.S. efforts to collect data.
“I’m particularly troubled by the intelligence community’s purchases of Americans’ private data. It’s almost like getting around the whole question of people’s privacy rights. And so transparency is crucial,” Mr. Wyden said.
Ms. Haines committed to releasing a framework to help Americans understand what kinds of data the intelligence community obtains about them and how it is used.
The data drawn from cellphones can be used for more than just tracking. It can be used to create maps of suspects’ real-world social networks—even if they use disposable “burner” phones or take steps to protect their privacy such as using anonymizing technologies. That technology is of interest to both intelligence agencies and law enforcement.
According to documents obtained by The Wall Street Journal under the Freedom of Information Act, IRS officials who conducted a year-long pilot program with phone data explained that if one phone is in repeated physical proximity to another phone, investigators can guess they are associates—even if they take steps to switch phones or other precautions.
According to one email obtained by the Journal, an official with the IRS’s Criminal Investigation unit—also called IRS CI—explained the phone tracking technology to a colleague, saying it would be useful for “tracking targets who keep multiple phones, or who drop their phones frequently, since you can search for phones that are frequently [in] the same location as another phone.”
The IRS had access to such data in 2017 and 2018 before ending its use of the tool. The matter is now being investigated by the Treasury Department’s internal watchdog to see if the agency complied with all the regulations regarding privacy protections of Americans.
A spokesman for the IRS unit previously said the agency “takes the privacy of citizens very seriously and follows all laws and regulations surrounding that privacy while administering the very important law-enforcement mission of protecting our nation’s tax system.”