The FBI Is Buying Your Location Data Instead of Getting a Warrant
The Fourth Amendment says the government needs a warrant to track where you go. The FBI found a workaround: just buy the data from a broker. No judge, no probable cause, no oversight. The same location history that would require a warrant if pulled from your phone carrier can be purchased off the shelf from companies most people have never heard of.
This is not speculative. FBI Director Christopher Wray confirmed it under oath at a Senate Intelligence Committee hearing in January 2023. Multiple other agencies have done the same thing: ICE, CBP, DHS, the Secret Service, the IRS, and the Defense Intelligence Agency. The data comes from apps on your phone. The apps sell to brokers. The brokers sell to the government.
How the pipeline works
You install an app: a game, a weather widget, a fitness tracker, a prayer app. That app includes a software development kit (SDK) from a data broker. The SDK silently records your GPS coordinates and transmits them to the broker. The broker aggregates location data from millions of devices and sells access to anyone willing to pay, including federal law enforcement.
The companies involved are not household names. Venntel, a subsidiary of Gravy Analytics, built one of the largest location databases in the country and sold access to ICE, CBP, and the IRS. Babel Street sells a product called Locate X that lets clients draw a geofence around any location, such as a protest, a clinic, or a mosque, and see every phone that was there. Fog Data Science sold the same capability to dozens of local police departments across the United States.
The legal justification is the third-party doctrine: if you "voluntarily" shared your location with an app, you assumed the risk that someone else would see it. The government argues this means it can buy the data without a warrant, because it is not compelling anyone to hand it over. It is simply making a purchase on the open market.
The legal gray zone
In 2018, the Supreme Court ruled in Carpenter v. United States that accessing cell-site location information from a phone carrier constitutes a Fourth Amendment search and requires a warrant. Chief Justice Roberts wrote that a "comprehensive chronicle" of location data reveals "the privacies of life": where you worship, who you sleep with, where you seek medical care.
That ruling should have closed the door on warrantless location tracking. It did not. The Court wrote Carpenter narrowly, addressing only carrier-held cell-site records. It explicitly declined to rule on commercially purchased data. The government drove straight through the gap.
The argument is circular: the same location data that requires a warrant when obtained from a carrier can be purchased from a broker without any judicial oversight, simply because a different company collected it. The data is functionally identical. Same precision, same full history. The legal treatment is different because Congress has not acted and the Court has not revisited the question.
Who is buying
| Agency | Data Broker | Use Case |
|---|---|---|
| FBI | Undisclosed brokers | Domestic investigations (admitted Jan 2023) |
| ICE | Venntel | Immigration enforcement, border tracking |
| CBP | Venntel | Border surveillance |
| Secret Service | Babel Street (Locate X) | Tracking "places of interest" |
| IRS Criminal Investigation | Venntel | Tax fraud investigations |
| Defense Intelligence Agency | Undisclosed | Admitted purchasing without warrants (Jan 2021) |
| Local police (dozens) | Fog Data Science | General crime investigations |
Multiple agencies across the federal government purchase from these brokers. The practice is routine. Agencies treat broker data as another investigative tool, no different from running a license plate.
What the data reveals
GPS-derived location data from apps is accurate to within 2 to 5 meters. That is not "somewhere in this neighborhood." That is "inside this room." From continuous location history, an analyst can determine:
- Where you live and work (frequent overnight and daytime locations)
- Who you associate with (devices repeatedly co-located)
- Your religious practice (visits to mosques, churches, temples)
- Medical conditions (visits to clinics, treatment centers, abortion providers)
- Political activity (attendance at protests and rallies)
- Sexual orientation (visits to LGBTQ+ venues)
A declassified 2022 report from the Office of the Director of National Intelligence acknowledged that commercially available location data is so detailed it could be used to "identify, expose, and harm" individuals, including federal employees and military personnel. The intelligence community warned about its own tools.
Congress almost acted
The Fourth Amendment Is Not For Sale Act, led by Senator Ron Wyden and Representative Zoe Lofgren, would have required law enforcement to obtain a court order before purchasing location data from brokers. In April 2024, it passed the House by a single vote, 214 to 213, as an amendment to the FISA Section 702 reauthorization. Then it was stripped from the final bill before Senate passage.
The FTC has moved faster than Congress. In 2024, it banned three major data brokers, Outlogic, InMarket, and Gravy Analytics, from selling sensitive location data. These are significant actions, but they address commercial sale, not government purchasing. If a broker collects data before being banned, the data already in government hands does not disappear.
What you can do
The systemic fix requires legislation. Until that happens, you are responsible for your own location hygiene.
- Audit app permissions. Revoke location access for every app that does not strictly need it. Most apps request location for analytics, not functionality.
- Use GrapheneOS. It gives you granular control over location access, blocks background telemetry, and prevents apps from silently phoning home.
- Avoid free apps. If you are not paying, your data is the product. Games, weather apps, and utility apps are the most common data-broker pipelines.
- Use a VPN. It masks your IP-derived location. Not a substitute for disabling GPS, but it closes one data stream.
- Disable Wi-Fi and Bluetooth scanning. Even without a network connection, your phone scans for nearby access points and beacons, which can be used for location fingerprintingA tracking method that identifies a user or device through a distinctive combination of technical attributes rather than traditional cookies or login data.Glossary →.
- Use a surveillance-resistant phone number. Break the link between your real identity and your device.
- For high-threat situations, leave the phone. No software configuration survives a GPS radio that is physically present. A Faraday bag or leaving the device at home is the only reliable countermeasure for targeted surveillance.
For the broader government surveillance picture, see DOGE and Your Financial Data, Treasury AI and Crypto Surveillance, and The Revolving Door Between Intelligence and Surveillance Tech.
Sources
- Senate Intelligence Committee: Worldwide Threats Hearing, January 2023
- Senator Wyden: Investigation into Federal Location Data Purchases, December 2022
- Carpenter v. United States, 585 U.S. ___ (2018)
- FTC: Action Against Gravy Analytics/Venntel, December 2024
- EFF. Fog Revealed: How Law Enforcement Uses Data Brokers, August 2022
- Vice: Secret Service Uses Babel Street Locate X Without Warrants
- ODNI: Declassified Assessment on Commercially Available Information, January 2022
Frequently Asked Questions
Is it legal for the FBI to buy location data without a warrant?
It depends who you ask. The government claims the third-party doctrine, a legal principle from the 1970s, means data voluntarily shared with an app can be purchased by anyone, including federal agencies. Privacy advocates argue that Carpenter v. United States (2018) established that detailed location data requires a warrant, regardless of how it was obtained. Congress has not passed legislation closing the loophole, and no Supreme Court case has directly addressed commercially purchased location data. As of 2026, the practice continues in a legal gray zone.
Which data brokers sell location data to the US government?
The most documented sellers include Venntel (a subsidiary of Gravy Analytics, now banned by the FTC), Babel Street (which sells a product called Locate X), Fog Data Science (which sold to dozens of local police departments), and X-Mode Social (rebranded as Outlogic, also banned by the FTC). These companies collected GPS-accurate location data from smartphone apps and sold access to law enforcement agencies without requiring warrants.
How precise is commercially purchased location data?
GPS-derived location data from smartphone apps, the kind sold by data brokers, is typically accurate to within 2 to 5 meters. That is precise enough to place someone inside a specific building, at a specific protest, inside a specific clinic, or at a house of worship. Babel Street's Locate X product lets law enforcement draw a geofence around any location and identify every phone that was present.
Did Carpenter v. United States close this loophole?
No. Carpenter (2018) ruled that accessing cell-site location information from phone carriers requires a warrant. But the Court explicitly declined to address commercially purchased location data from brokers. The government exploits this gap, arguing that buying data on the open market is different from compelling a carrier to hand it over. The logic of Carpenter strongly suggests purchased data should also require a warrant, but no court has directly ruled on it.
How can I prevent my location data from being sold to law enforcement?
Revoke location permissions for all apps that do not strictly need them. Use GrapheneOS or a privacy-hardened phone that limits background location access. Avoid free apps: games, weather apps, and prayer apps are common data-broker pipelines. Use a VPN to mask your IP-derived location. Disable Wi-Fi and Bluetooth scanning when not in use. For high-threat situations, leave the phone behind or use a Faraday bag.