The Federal Bureau of Investigation has confirmed what privacy advocates long suspected: it purchases Americans’ location data from commercial data brokers, sidestepping the traditional warrant process that the Fourth Amendment was designed to enforce. The admission, buried in a letter to Senator Ron Wyden of Oregon, marks one of the most explicit acknowledgments by a federal law enforcement agency that it treats commercially available geolocation information as fair game for surveillance purposes — no judge required.
The confirmation didn’t arrive with fanfare. It came through the grinding, often invisible machinery of congressional oversight, in response to persistent questioning from Wyden, one of the Senate’s most vocal critics of warrantless surveillance. As reported by Engadget, the FBI’s acknowledgment that it has purchased U.S. phone location data from commercial sources lays bare a practice that effectively renders the Supreme Court’s landmark 2018 ruling in Carpenter v. United States far less protective than many believed.
That case was supposed to be the firewall. In Carpenter, the Court held in a 5-4 decision that the government generally needs a warrant to access historical cell-site location information from wireless carriers. Chief Justice John Roberts wrote that allowing the government to access seven days or more of such data constituted a search under the Fourth Amendment. The opinion was hailed as a major privacy victory. But it left a gap — one the FBI and other agencies have since driven a truck through.
The gap is the commercial data broker market.
Here’s how it works: Thousands of smartphone apps collect granular location data from users, often through permissions granted during installation that most people don’t read or fully understand. That data flows to aggregators and brokers — companies like Venntel, Babel Street, and others — who package and sell it. Federal agencies, including the FBI, the Department of Homeland Security, the Internal Revenue Service, and the Defense Intelligence Agency, have all been documented purchasing this data. Because the information is “commercially available,” agencies have argued that acquiring it doesn’t constitute a search and therefore doesn’t require a warrant.
The legal theory underlying this practice rests on what’s known as the third-party doctrine, a principle established in the 1979 Supreme Court case Smith v. Maryland. Under this doctrine, information voluntarily shared with a third party — a phone company, a bank, an app — carries no reasonable expectation of privacy. The government can therefore obtain it without a warrant. Critics argue that this framework, developed in an era of rotary phones and paper bank statements, is grotesquely outdated in a world where smartphones track every movement a person makes, 24 hours a day.
Carpenter was supposed to update the doctrine for the digital age. And it did — partially. But the Court’s opinion was deliberately narrow. Roberts specifically declined to address whether the ruling applied to “real-time” location tracking, data collected through means other than cell towers, or information obtained from sources other than telecommunications companies. That narrowness is precisely what the FBI exploits when it buys location data from brokers rather than compelling it from carriers.
Senator Wyden has been raising alarms about this practice for years. In a statement accompanying the FBI’s disclosure, he argued that the bureau’s purchases amount to an end run around the Constitution. “The FBI has purchased Americans’ location data rather than getting a court order,” Wyden said. “This practice is dangerous and must stop.” His office has pushed for legislation — specifically the Fourth Amendment Is Not For Sale Act — that would prohibit government agencies from purchasing data that would otherwise require a warrant to obtain.
The bill has bipartisan support but hasn’t become law.
The FBI, for its part, has offered limited defense of its practices. According to reporting from Engadget, the bureau indicated it had implemented a policy requiring FBI personnel to seek court authorization before using commercially obtained location data in criminal investigations. But that policy is internal — it’s not a legal requirement, and it can be changed or waived at the bureau’s discretion. An internal policy is not a constitutional safeguard. And the FBI also acknowledged that it had previously used such data without court approval, though it claimed it no longer does so for criminal matters.
That qualifier — “for criminal matters” — is doing a lot of heavy lifting. It leaves open the possibility that commercially purchased location data is still being used for national security investigations, intelligence gathering, or other purposes that fall outside the criminal investigation framework. The FBI’s letter to Wyden did not foreclose these uses.
The scope of the commercial surveillance data market is staggering. A 2024 report from the Office of the Director of National Intelligence, declassified after pressure from Wyden and other lawmakers, acknowledged that the intelligence community purchases “commercially available information” that includes location data, and that this data can reveal “the detailed movements and associations of Americans.” The report went further, noting that in the hands of the government, such data could be used to “identify every person who attended a protest or a rally,” to “track the pattern of an individual’s movements,” or to “identify every person who visited a particular location.”
Not hypotheticals. Capabilities.
The commercial data broker industry operates in a regulatory vacuum that makes all of this possible. The United States has no comprehensive federal privacy law governing the collection and sale of personal data. The European Union’s General Data Protection Regulation imposes strict consent requirements and limits on data transfers. The U.S. has nothing comparable at the federal level. Some states — California, with its Consumer Privacy Act, being the most prominent — have enacted their own protections. But the patchwork is inconsistent, and none of these state laws specifically bar the federal government from purchasing data that private companies have legally collected.
The technical granularity of the data available for purchase is alarming in its own right. Location data sold by brokers can pinpoint a device’s position to within a few meters. It can reveal when someone visits a doctor’s office, a house of worship, a political meeting, a gun shop, an abortion clinic, or a therapist. Aggregated over time, it produces a comprehensive picture of a person’s life — their habits, relationships, beliefs, and vulnerabilities. As the Supreme Court recognized in Carpenter, location data provides “an intimate window into a person’s life, revealing not only his particular movements, but through them his familial, political, professional, religious, and sexual associations.”
And yet the government’s position is that buying this data on the open market is fundamentally different from compelling a phone company to hand it over.
Privacy and civil liberties organizations have pushed back hard. The American Civil Liberties Union has argued that the government’s purchase of location data is “a Fourth Amendment violation, plain and simple.” The Electronic Frontier Foundation has called the practice a “massive loophole” in constitutional protections. Sean Vitka, senior policy counsel at the advocacy group Demand Progress, told reporters that “when the government buys data that it would need a warrant to get, it is engaging in a form of money laundering for surveillance.”
The FBI is hardly alone in this practice. Customs and Border Protection has used commercially purchased location data to detect undocumented immigrants. The IRS’s Criminal Investigation division purchased data from Venntel to track suspects. The Defense Intelligence Agency confirmed in 2021 that it buys commercially available smartphone location data and has used it in investigations. Secret Service agents have used a product called Locate X, offered by Babel Street, which provides access to billions of location data points collected from mobile devices. Each of these agencies has operated under the same legal theory: if it’s for sale, no warrant is needed.
Some courts are beginning to question this logic. In August 2024, a federal judge in the Eastern District of Virginia ruled in United States v. Hasbajrami that warrantless acquisition of certain types of commercially available data could, under some circumstances, violate the Fourth Amendment. The ruling was narrow, but it signaled that the judiciary may be catching up to the reality that the commercial data market has become a backdoor for government surveillance. Other cases are working through the federal courts, and legal scholars expect the issue to eventually return to the Supreme Court.
But litigation takes years. Legislation could move faster — in theory.
The Fourth Amendment Is Not For Sale Act, reintroduced by Wyden and a bipartisan group of co-sponsors, would bar federal agencies from purchasing data from brokers if that data would otherwise require a court order to obtain. It would also restrict the use of data obtained through deceptive practices and impose new oversight requirements on government data purchases. The bill passed the House Judiciary Committee with bipartisan support in 2023, but it stalled before reaching the full House floor. In the Senate, it has faced resistance from members who argue that restricting data purchases would hamper national security and law enforcement capabilities.
That tension — between security and privacy — is as old as the Republic. But the commercial data broker market has shifted the balance in ways the Founders couldn’t have imagined and that current law has failed to address. The Fourth Amendment was written to prevent the government from rummaging through people’s private papers and effects without judicial oversight. The digital equivalent of those papers and effects now sits on servers operated by data brokers, available to any buyer with the budget. Including the FBI.
The bureau’s confirmation to Wyden is significant not because it reveals a secret — the practice has been documented in bits and pieces for years — but because it removes any remaining ambiguity. The FBI buys Americans’ location data. It has done so without warrants. It says it has since adopted internal guardrails for criminal cases, but those guardrails are voluntary, revocable, and don’t cover all uses. And the broader federal government continues to purchase vast quantities of personal data with virtually no legal constraint.
So where does this leave the average American whose phone is, at this very moment, broadcasting location data to dozens of apps and the brokers behind them? Largely unprotected. The Supreme Court drew a line in Carpenter, but the government found a way around it. Congress has been presented with legislation to close the gap but hasn’t acted. And the data broker industry continues to grow, fueled by an app economy that treats personal information as a commodity to be harvested and sold.
The FBI’s letter to Senator Wyden is a four-page document. But its implications stretch far beyond its length. It confirms that the constitutional protections Americans assume they have — against unreasonable search, against surveillance without judicial approval — can be circumvented with a purchase order and a government credit card. Until Congress or the courts intervene, the market for Americans’ most intimate data remains open for business. The government is buying.


WebProNews is an iEntry Publication