The WSJ reports law enforcement agencies such as US Immigration and Customs Enforcement (ICE) have used this data to find leads on illegal immigrants and border crossings. In one case, for example, the agency used the data to uncover an underground tunnel that ran between Mexico and a closed KFC in San Luis, Arizona. The discovery eventually led to the arrest of the restaurant's owner on conspiracy charges -- though there's no mention of the role location data played in the case in police records.
The publication says the government bought the data from a company called Venntel, which in turn purchased it from a variety of marketing companies. In 2018, ICE bought $190,000 worth of Venntel licenses. The Department of Homeland Security acknowledged the purchase and others but stressed to The Wall Street Journal the anonymized nature of the data. It also didn't comment on exactly how it uses the data.
The way the government is obtaining this data likely falls into a legal gray area. In the 2017 Carpenter v. United States case, the Supreme Court ruled law enforcement agencies need a warrant to obtain cellphone-tower location data. However, because the data the government is buying is available commercially (and it doesn't include cell-site data), its lawyers say Carpenter v. United States doesn't apply.
"This is a classic situation where creeping commercial surveillance in the private sector is now bleeding directly over into government," Alan Butler, the general counsel of the Electronic Privacy Information Center, told the WSJ.
This report is the latest to underscore just how supposedly anonymized and harmless location data can be used to pinpoint people. In December, The New York Times published a report that shows how, in some circumstances, tieing a specific individual to anonymous location data is actually fairly easy.