A sprawling data-broker industry gathers huge troves of information from phone apps, web browsers and ad-tech systems, then sells those records not only to advertisers but also to federal and local law enforcement. Privacy advocates warn that agencies are purchasing bulk datasets—especially phone location records—to avoid warrant rules and reconstruct highly intimate details of Americans’ lives.
With Section 702 of the Foreign Intelligence Surveillance Act up for reauthorization, privacy groups see a rare opportunity to close what they call the “data broker loophole.” After a 2015 change to surveillance law aimed at ending bulk collection of Americans’ data, some federal agencies reportedly began buying comparable datasets instead of collecting them directly. A coalition of roughly 130 civil-society organizations urged Congress to address the practice during the FISA 702 debate, warning it enables “unprecedented expansion of warrantless mass surveillance” and could be amplified by AI.
At a recent Senate hearing, Sen. Ron Wyden pressed FBI leadership on whether the bureau would agree not to buy Americans’ location data. The official declined to make that commitment, saying the FBI “uses all tools” and acquires “commercially available information” consistent with law; the bureau would not specify which commercial datasets it purchases. In 2023, then-FBI Director Christopher Wray said the agency had stepped back from using some commercial databases that include location data derived from internet advertising.
Brokers’ location datasets are often sold without names attached, but analysts and linking tools can map device traces to homes, workplaces and daily routines. Bill Budington of the Electronic Frontier Foundation emphasized that such data can reveal where a device sleeps, moves during work hours and other sensitive patterns.
Those risks grow when combined with AI. Anthropic CEO Dario Amodei warned that purchased records could let machine-learning tools assemble “a comprehensive picture of any person’s life—automatically and at massive scale.” That prospect has strained relations between private AI firms and parts of government over acceptable uses of powerful analytics.
Federal agencies reported to have bought or used brokered location information include the FBI, the Department of Defense and Immigration and Customs Enforcement. ICE has contracted for tools that use location data and sought industry input on “commercial Big Data and Ad Tech” for investigations. Reporting indicates ICE signed a contract for Penlink’s Webloc, a system that can trace mobile-phone movements and find devices that visited specified locations. Penlink told NPR that vendors filter out certain “sensitive locations” such as hospitals, schools and religious sites and that the company complies with laws and updates practices as laws change; ICE did not respond to questions about how it uses phone-tracking technology.
Advocates say government purchases of brokered data expand a private-sector surveillance infrastructure and risk creating a dystopian monitoring system. They argue these transactions violate the spirit—and potentially the letter—of the 2015 USA Freedom Act, which sought to end bulk collection of Americans’ data after the Snowden disclosures about NSA phone-record programs.
Legal precedent deepens the concern. In Carpenter v. United States (2018), the Supreme Court held that law enforcement generally needs a warrant to obtain historical cell-site location information from phone companies. Civil-liberties experts contend it is illogical for police to be able to buy equally revealing or more detailed location records from brokers without a warrant, particularly given how often supposedly anonymized broker data can be reidentified.
Lawmakers across the political spectrum have proposed fixes. Rep. Warren Davidson (R-Ohio) and Sen. Mike Lee (R-Utah), working with Democrats Rep. Zoe Lofgren and Sen. Ron Wyden, introduced bipartisan bills aimed at closing the broker loophole and addressing related practices such as “backdoor searches” of Americans’ communications incidentally collected under foreign surveillance authorities. Davidson described the issue as nonpartisan and called the practice “a broad dragnet sweep under normal warrant requirements,” urging lawmakers to act quickly while broader privacy reform proceeds.
Despite bipartisan proposals, efforts to attach surveillance limits to FISA reauthorization face resistance. The White House and House Speaker Mike Johnson have pushed for a “clean” reauthorization without changes, and some Democrats favor that approach to avoid a gap in the law. Johnson delayed a House vote amid internal disagreements.
Courts have not yet decided whether government purchases of bulk brokered data violate the Fourth Amendment, leaving the practice in legal limbo. Civil-rights advocates argue the purchases undermine the USA Freedom Act’s ban on bulk collection and conflict with Carpenter’s warrant requirement. Jake Laperruque of the Center for Democracy and Technology said Congress did not intend to permit bulk collection simply by having agencies pay for it: the law was meant to stop bulk collection, not to allow it by procurement.
With AI rapidly improving pattern-detection at scale, critics warn the stakes are growing. Laperruque said merging massive brokered datasets with advanced analytics permits inferences at levels human investigators cannot match. Jeramie D. Scott of the Electronic Privacy Information Center described ongoing purchases as building “an ever-expanding infrastructure of private sector surveillance” that could enable authoritarian-scale monitoring.
As Section 702 reauthorization approaches, privacy and civil-liberties groups view the process as perhaps the best near-term chance to impose legal limits on government purchases of brokered data and to curb the combination of those records with AI-driven analysis.