CONFIRMED — CBP/ICE — MARCH 2026A government document obtained by 404 Media confirmed CBP purchased your precise location data from the online ad ecosystem.
CBP/ICE AD TECH SURVEILLANCE — MARCH 2026

Every App on Your Phone Is Feeding a Government Surveillance Machine.

A government document confirmed CBP purchased your location data from the online advertising ecosystem. ICE has done the same. No warrant. No judge. No notice. This is not theoretical. This is documented.

Source: 404 Media FOIA · CBP contract documents · EFF March 2026 · Updated March 31, 2026
95,000+
location pings CBP purchased from ad data brokers (documented)
$3.75M
Clearview AI contract with ICE — facial recognition
4th Amend.
Carpenter v. US (2018) requires warrant for cell-site location — ad data not yet ruled on
Section 01 — The Mechanism

Real-Time Bidding: The Surveillance System You're Already In

Every time you open an app that serves ads, your phone fires your GPS coordinates, device identifiers, and behavioral data to hundreds of ad exchanges simultaneously — in milliseconds. This is called real-time bidding (RTB). It was designed to let advertisers bid on your eyeballs. It accidentally created a global surveillance infrastructure. Data brokers sit downstream: they buy that stream of location data from ad exchanges, aggregate it, and resell it. Government agencies — including CBP and ICE — buy from data brokers. No search warrant. No court order. No probable cause required. They simply pay for it.

Your Phone
Opens any app with ads. Your GPS + device ID broadcast in milliseconds.
→ real-time bid request →
Ad Exchange
Hundreds receive your coordinates simultaneously. Bidding happens in <100ms.
→ sold in bulk →
Data Broker
Aggregates location history across millions of devices. Resells.
→ purchased commercially →
CBP / ICE
No warrant required. Buys "commercially available" data. Has done so since at least 2020.
Section 02 — The Exposure

Your Location History Is a Confession They Can Buy

What location data reveals about you
  • Where you sleepConsistent nighttime GPS clusters reveal your home address even if you've never shared it with any service.
  • Places of worshipAttendance patterns at mosques, churches, synagogues, and other religious sites — tracked over months or years.
  • Medical facilities visitedClinics, reproductive health centers, addiction treatment facilities, and HIV specialists — all identifiable from location pings.
  • Protest attendanceYour phone at a protest means your location was logged, sold, and potentially purchased. There is no retroactive erasure.
  • Who you live withDevices that regularly co-locate overnight can be inferred as household members or close associates — even across different accounts.
  • Immigration status inferencesLocation patterns near border checkpoints, immigration courts, and consulates can be used to make inferences about immigration status or activity.
Source: EFF analysis of RTB data exposure, March 2026 · 404 Media, CBP FOIA document, 2026
Section 03 — The Law

Why This Doesn't Require a Warrant — Yet

The Fourth Amendment requires the government to obtain a warrant before conducting a search. But buying data commercially is, in the government's view, not a "search" at all.

The government's argument rests on the third-party doctrine: if you voluntarily share information with a third party — an app, a service — you lose your Fourth Amendment protection against the government obtaining that information. You "chose" to use an app that served ads. Therefore you "consented" to the data flow. Therefore the government can buy it without a warrant.

In Carpenter v. United States (2018), the Supreme Court drew a line. It ruled that obtaining 7 or more days of historical cell-site location records from a carrier does require a warrant — because such records are comprehensive, precise, and people don't truly consent in any meaningful sense to sharing them with the government. Carpenter was a significant win for digital privacy.

The gap: Carpenter covered carrier data. Ad tech location data comes not from carriers but from apps and the commercial data-broker ecosystem. Courts have not yet ruled on whether Carpenter's logic extends to broker-purchased ad data. That question is open.

It is an open loophole. Congress has not closed it. Courts haven't ruled on it. Government agencies are exploiting it right now.

What Carpenter v. US (2018) established
Warrants required for 7 or more days of cell-site location records obtained from carriers. Comprehensive location data is categorically different from ordinary business records. The third-party doctrine does not apply to data of this granularity and duration.
What remains unresolved
Ad-tech location data from brokers. No federal court has issued a definitive ruling. The government continues to argue this data is "voluntarily disclosed" and commercially available. Congress has not acted. The loophole is active.
Section 04 — Protect Yourself

Five Specific Actions — With Exact Steps

01
Disable Advertising ID
iPhone:Settings → Privacy & Security → Tracking → Allow Apps to Request to Track: OFF
Android:Settings → Privacy → Ads → Delete advertising ID
Why it matters: Removes the persistent identifier that links your location pings across apps and data brokers. Without an advertising ID, your pings are far harder to aggregate into a coherent profile.
02
Audit Location Permissions
Go through every app individually.
iPhone: Settings → Privacy → Location Services — set to "Never" for any app that doesn't require location to function. Deny "Precise Location" even where you allow location at all.
Android: Settings → Location → App permissions — review each app.
Why it matters: Location is the most valuable data brokers collect. No permission means no data. "Precise Location" is GPS-grade — far more useful to brokers than approximate location.
03
Use Signal Instead of SMS
Download Signal (free, open source) from signal.org or your app store.
Signal Protocol: end-to-end encrypted by default for all messages and calls.
Metadata: Signal does not log who you message, when, or how often on their servers.
Why it matters: SMS is readable by carriers and can be obtained via legal process with minimal threshold. Signal messages are cryptographically inaccessible to third parties, including law enforcement without a device.
04
Use a VPN
Use especially near protests, checkpoints, or immigration courts.
Recommended: ProtonVPN (Swiss-based, no-log policy, open source, free tier available).
A VPN encrypts your traffic from your carrier and masks your IP address.
Why it matters: Adds a layer between you and network-level surveillance. Note: a VPN does not prevent GPS location data from apps — you must also disable location permissions separately.
05
Airplane Mode at Sensitive Locations
Protests. Immigration courts. Clinics. Places of worship.
Airplane mode disables all radio transmission: cell, Wi-Fi, Bluetooth, and GPS simultaneously.
To be safe, also disable Wi-Fi and Bluetooth individually — on some devices airplane mode does not fully disable these.
Why it matters: No transmission means no location ping means no data to sell. This is the most reliable method. It is simple and free.
Section 05 — The Fight

The Law That Would Close This Loophole — and Why It Keeps Dying

Fourth Amendment Is Not For Sale Act
Sponsors (bipartisan): Sen. Ron Wyden (D-OR) · Sen. Rand Paul (R-KY) · Rep. Warren Davidson (R-OH) · Rep. Zoe Lofgren (D-CA)
Would require law enforcement and intelligence agencies to obtain a court order before purchasing personal data from commercial data brokers. Covers location data, web browsing history, and other sensitive information. Closes the "just buy it" loophole that currently lets agencies avoid the warrant requirement by purchasing data rather than subpoenaing it.
Passed the House in 2024. Died in the Senate. Has not been reintroduced in 2026 Congress.
State Action
Montana First
Montana became the first state to pass its own version of the Fourth Amendment Is Not For Sale Act in 2023. The state law prohibits law enforcement from purchasing data that would otherwise require a warrant to obtain through compelled process — closing the commercial-purchase loophole at the state level.
Congressional Oversight
Congressional Letter
On March 3, 2026, seventy lawmakers sent a letter to DHS oversight demanding a formal investigation into ICE's location data purchasing practices. The letter cited specific documented purchases and called for a complete accounting of which agencies are buying location data and from which brokers.
Section 06 — The Tools

What to Use

Signal
Encrypted Messaging
Free, open source, end-to-end encrypted using the Signal Protocol. Minimal metadata — Signal does not retain logs of who you message, when, or how often on their servers. Available on iOS and Android.
Tor Browser
Anonymous Browsing
Routes your traffic through three relays operated by volunteers worldwide. Prevents tracking and hides your IP address. Slower than a standard browser but effective for sensitive research and communications.
DuckDuckGo
Private Search
Does not log searches or build an advertising profile. The DuckDuckGo browser app also actively blocks third-party trackers across apps and websites on both iOS and Android.
ProtonVPN
VPN
Swiss-based, audited no-log policy, open source clients. Free tier available with no data cap. Encrypts your connection and masks your IP from your carrier and network observers.
Apple ATT
iOS Tracking Opt-Out
Built into iPhone. Settings → Privacy & Security → Tracking → turn off "Allow Apps to Request to Track." Prevents apps from accessing your advertising ID and removes the cross-app tracking identifier.
Android Ad ID Deletion
Android Tracking Opt-Out
Settings → Privacy → Ads → Delete advertising ID. Permanently removes the identifier used to link your activity across apps and resell it to data brokers. Available on Android 12+. Free.
Sources & References
  • 404 Media — CBP purchased location data from online advertising ecosystem, FOIA document (2026)
  • EFF — "Data Brokers Are Selling Your Location to the Government" — March 2026
  • Carpenter v. United States, 585 U.S. 296 (2018) — Supreme Court warrant requirement for cell-site location records
  • Fourth Amendment Is Not For Sale Act — S.1265 / H.R.2415 — Wyden, Paul, Davidson, Lofgren (bipartisan)
  • 70 lawmakers letter to DHS oversight on ICE location data purchasing practices — March 3, 2026
  • Montana SB 282 — Consumer Data Privacy, location data purchasing restrictions — enacted 2023