The Federal Bureau of Investigation paid commercial data brokers for access to Americans’ precise location data, sidestepping the constitutional warrant requirements that would normally govern such surveillance. That’s not speculation. It’s confirmed by the bureau’s own internal documents and congressional testimony — a practice that continued for years before facing meaningful scrutiny.
According to Futurism, the FBI purchased geolocation data harvested from smartphone apps through commercial data brokers, effectively buying what it could not legally compel without a judge’s approval. The arrangement exploited a gray area in surveillance law: while the Supreme Court’s landmark 2018 Carpenter v. United States decision established that the government generally needs a warrant to access historical cell-site location information, purchasing commercially available data from a willing seller occupies a legally ambiguous space that federal agencies have been eager to exploit.
And the FBI wasn’t alone. Multiple federal agencies — including the Department of Homeland Security, the Internal Revenue Service, and the Defense Intelligence Agency — have purchased similar datasets, creating a shadow surveillance infrastructure that operates almost entirely outside judicial oversight.
How the Data Pipeline Works — And Why It Matters
The mechanics are straightforward, which makes them all the more alarming. Millions of Americans install apps on their phones — weather apps, navigation tools, games, prayer apps, fitness trackers. Many of these apps request location permissions, and users grant them, often without reading the fine print. Once granted, the app developers collect granular GPS coordinates, sometimes pinging a user’s location hundreds of times per day.
That data doesn’t stay with the app developer. It flows downstream to data aggregators and brokers — companies like Venntel (now part of Gravy Analytics), Babel Street, and others that package and resell location intelligence. These companies market their products to corporate clients for advertising, retail analytics, and market research. But they also sell to government agencies.
The FBI’s purchases came through contracts with these commercial vendors. The bureau obtained data that could track individuals’ movements with startling precision — where they slept, where they worshipped, who they visited, when they traveled. No subpoena. No probable cause. No judge.
FBI Director Christopher Wray acknowledged in March 2023 testimony before the Senate Intelligence Committee that the bureau had previously purchased U.S. phone location data from commercial sources. He noted that the FBI had suspended the practice after an internal review but did not rule out future purchases. The admission came only after persistent questioning from Senator Ron Wyden of Oregon, who has been among the most vocal critics of warrantless commercial surveillance.
“The American people are sick and tired of learning about secret government surveillance programs from leaks and court cases,” Wyden said in a statement following Wray’s testimony. He introduced the Fourth Amendment Is Not For Sale Act, legislation that would prohibit government agencies from purchasing data that would otherwise require a warrant to obtain.
The bill has bipartisan support. It hasn’t passed.
This gap between constitutional principle and commercial practice is not accidental. The third-party doctrine — a legal theory dating to the 1970s — holds that individuals have no reasonable expectation of privacy in information they voluntarily share with third parties. When you hand your bank records to a bank or your phone records to a telephone company, the Supreme Court ruled in Smith v. Maryland (1979), you assume the risk that the information may be disclosed to the government.
But Carpenter was supposed to update that doctrine for the digital age. Chief Justice John Roberts, writing for the majority, recognized that cell-site location information provides an “intimate window into a person’s life” and that the sheer volume of data generated by modern technology demands greater privacy protections. The Court held that accessing seven days or more of historical cell-site records constitutes a search under the Fourth Amendment.
Federal agencies found the workaround almost immediately. If the data is available for purchase on the open market, they reasoned, buying it isn’t a “search” — it’s a transaction. The distinction is legally contested but operationally convenient.
A Booming Market With Minimal Oversight
The commercial location data industry generates billions of dollars annually. A January 2025 enforcement action by the Federal Trade Commission against Gravy Analytics and its subsidiary Venntel underscored the scale. The FTC alleged that Gravy Analytics collected and sold location data tied to more than a billion mobile devices daily, tracking visits to sensitive locations including health clinics, places of worship, domestic violence shelters, and military installations. The FTC’s proposed order would ban the company from selling sensitive location data, marking one of the first significant regulatory actions against the industry.
But enforcement remains sporadic. The data broker market is vast, fragmented, and largely unregulated at the federal level. Some states have moved to fill the void — California, Connecticut, Texas, and others have enacted consumer privacy laws with varying degrees of teeth — but there is no comprehensive federal data privacy statute in the United States. That absence creates the conditions for exactly the kind of government procurement that the FBI engaged in.
Recent reporting has only intensified scrutiny. In late 2024 and early 2025, a series of data breaches at major brokers exposed just how much information these companies hold and how poorly they protect it. A massive breach at Gravy Analytics, reported by Wired, compromised location records tied to popular apps including Candy Crush, Tinder, and MyFitnessPal — data that could be used to identify and track specific individuals. The breach demonstrated that the risks aren’t limited to government surveillance; the mere existence of these datasets creates honeypots for hackers, foreign intelligence services, and stalkers.
So where does this leave ordinary Americans? Largely in the dark. Most people have no idea that the free app on their phone is feeding their movements into a commercial data supply chain that terminates, in some cases, at a federal law enforcement agency. The consent mechanisms are buried in privacy policies that almost no one reads. And even those who do read them would find language so broad that virtually any downstream use is theoretically authorized.
Privacy advocates argue that consent obtained under these conditions is meaningless. “People are not meaningfully choosing to have their location tracked by the government when they download a weather app,” said Sean Vitka, senior policy counsel at the advocacy group Demand Progress, in comments to reporters. The Electronic Frontier Foundation has similarly argued that purchasing commercially available data is a constitutional end-run that renders Carpenter a dead letter.
The counterargument from law enforcement is predictable: the data is legally available, it aids investigations, and agents need every tool at their disposal to combat terrorism, drug trafficking, and other serious crimes. Officials have pointed to cases where purchased location data helped identify suspects or corroborate evidence obtained through other means. But these operational benefits come with a structural cost — the normalization of mass surveillance conducted through commercial intermediaries rather than judicial process.
There’s a deeper irony here. The United States has spent decades criticizing authoritarian governments for their surveillance practices. China’s mass tracking of Uyghur Muslims. Russia’s monitoring of dissidents. Yet the American system has built something functionally similar through market mechanisms rather than state mandate. The data exists because companies collect it for profit. The government accesses it because nothing clearly prohibits the purchase. And citizens remain unaware because disclosure requirements are virtually nonexistent.
Congress has the authority to close this gap. The Fourth Amendment Is Not For Sale Act, reintroduced in 2024, would do exactly that. The Government Surveillance Reform Act, another bipartisan proposal, includes similar provisions. Neither has reached the president’s desk. Lobbying from the data broker industry, resistance from intelligence agencies, and the chronic dysfunction of the legislative process have all contributed to inaction.
Meanwhile, the data keeps flowing. Every time someone opens an app with location permissions enabled, another data point enters the pipeline. The FBI may have paused its purchases, but other agencies haven’t made the same commitment. And even a pause is not a prohibition — it’s a policy choice that can be reversed without public notice.
What Comes Next
The legal battles are far from settled. Several cases working through federal courts could force clearer rulings on whether the government’s purchase of commercial data constitutes a Fourth Amendment search. A 2024 Fifth Circuit ruling in United States v. Smith addressed related questions about geofence warrants, and the Supreme Court may eventually take up a case that directly tests the commercial purchase theory. But litigation moves slowly, and technology moves fast.
In the interim, the practical reality is this: if your phone has location services enabled, your movements are almost certainly being collected, aggregated, and sold. Some of those buyers may be advertisers. Some may be hedge funds. And some may be the FBI.
That’s not a conspiracy theory. It’s a business model.


WebProNews is an iEntry Publication