US government agencies are facing renewed scrutiny over their use of commercially available data—including data derived from the online advertising ecosystem—to track people without a warrant. Reporting cited in one account says Customs and Border Protection (CBP) used “commercially available marketing location data” tied to the same ad-tech systems that power targeted advertising, reinforcing long-standing concerns that surveillance advertising infrastructure can be repurposed for government monitoring. The reporting frames the issue as direct evidence that location data harvested for ad targeting can also support state surveillance.
At the same time, FBI Director Kash Patel told the Senate Intelligence Committee that the bureau purchases commercially available information, after being pressed on whether the FBI buys data that could be used to track Americans. Sen. Ron Wyden argued that purchasing such data without a warrant is a workaround to Fourth Amendment protections and renewed calls for legislative limits, including the Government Surveillance Reform Act. Together, the reports show that both border and federal law enforcement agencies are relying on the commercial data broker and ad-tech ecosystem for intelligence and location-tracking purposes, intensifying the policy debate over privacy, warrant requirements, and the broader security implications of pervasive data collection.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
FBI Director Kash Patel testified under oath before the Senate Intelligence Committee that the FBI purchases commercially available data, acknowledging a practice that could be used to track Americans. Sen. Ron Wyden challenged the practice as a warrantless workaround to constitutional protections.
Sens. Ron Wyden and Mike Lee introduced the Government Surveillance Reform Act to require federal law enforcement and intelligence agencies to obtain a warrant before buying Americans' personal information from data brokers. A House companion bill was also introduced by Reps. Zoe Lofgren and Warren Davidson.
404 Media reported that an internal DHS document showed CBP tapped the online advertising ecosystem to track people's movements. The report described this as the first public evidence of CBP using ad-tech-derived location data in this way.
Reporting states that U.S. Immigration and Customs Enforcement also bought access to comparable commercially sourced mobile location intelligence tools. This placed ICE among the agencies using brokered location data for tracking purposes.
In 2023 testimony cited in later reporting, former FBI Director Christopher Wray said that, to his knowledge, the FBI was not then purchasing commercial location data from internet advertising. That statement became a point of contrast for later Senate testimony.
An internal Department of Homeland Security document shows U.S. Customs and Border Protection used location data sourced from the online advertising ecosystem during a pilot program. The reporting says the pilot ran from 2019 to 2021 and used real-time bidding-derived marketing data to track phone movements.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
5 references tracked. Mallory keeps watching after this page renders.
boingboing.net
Open sourcetechdirt.com
Open sourcecnet.com
Open sourcepolitico.com
Open source404media.co
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.