The FBI Director Refused to Say They'd Stop Buying Your Location

Last week, Senator Ron Wyden sat across from FBI Director Kash Patel and asked him a simple question.

"Can you commit to not buying Americans' location data?"

Simple question. Yes or no.

Patel's answer?

"The FBI uses all tools to do our mission."

That's it. No commitment. No denial. Just a non-answer that tells you everything you need to know.

The FBI's buying your location data. Without a warrant. Without a judge. Without you ever knowing.

And when asked directly if they'd stop, the director wouldn't say yes.

This isn't a new problem and it isn't a partisan one. It's been going on across multiple administrations for years. No party's stopped it. No party's rushing to stop it now. What's changed is that the tools have gotten a lot better, the data's gotten a lot cheaper, and a sitting FBI director just put it on the record for anyone paying attention.

Here's How It Works

Your phone runs apps. Hundreds of them.

Weather apps. News apps. Games. Free flashlight apps. Things you downloaded once and forgot about. A recipe app you used twice in 2023.

Every one of those apps has something called an Advertising ID. It's a unique code baked into your phone by Apple or Google. Apple calls it the IDFA. Google calls it the GAID. The name doesn't matter much. What matters is what it does.

The apps use it to target ads at you. But that same ID gets attached to your GPS coordinates every time the app pings an ad server. Which is constantly. Every time you open the app. Often when it's just running in the background.

Those location pings get collected by ad tech companies and sold to data brokers. The brokers package the data and resell it to anyone willing to pay. Marketers. Hedge funds. Insurance companies. And yes, federal law enforcement agencies.

A federal document recently obtained through a FOIA request confirmed what privacy researchers have suspected for years. Customs and Border Protection ran a pilot program using commercially available advertising location data to track mobile phones. The stated goal was to support targeting and surveillance operations. The program ran for two years before anyone outside CBP knew it existed.

The same system that's serving you ads about running shoes is also feeding a government surveillance program.

The Loophole They're Using

In 2018, the Supreme Court ruled in a case called Carpenter v. United States that law enforcement needs a warrant to get your location history from your phone carrier. It was a landmark decision. Privacy advocates celebrated.

The celebration was premature.

The ruling only covered data obtained directly from carriers. It said nothing about data purchased from third parties. So agencies found a workaround. Instead of asking your carrier, they just buy the same information from a data broker who got it from your apps.

It's the exact same data. The same GPS coordinates. The same timestamps. The same picture of your daily life. But because a private company is sitting in the middle of the transaction, the government argues no warrant's required. They're not collecting it themselves. They're just shopping for it.

Courts haven't fully settled whether that argument holds up. Some judges have pushed back. But in the meantime, agencies have been operating as if the answer is yes.

ICE bought a tool called Penlink that's designed to collect location data from phones across entire city neighborhoods. Not a specific suspect. Not even a specific block. An entire neighborhood, swept up at once. The system can track movement over time, identify home addresses, map out daily routines, and follow devices from one location to another.

No warrant. No probable cause. No judicial oversight at all. Just a contract.

Your phone isn't a communication device. It's a surveillance device that also makes calls.

What 30 Days of Location Data Actually Looks Like

People hear "location data" and picture a dot on a map. It sounds abstract. It sounds harmless.

It isn't.

Researchers at Princeton ran a study where they tracked a single person's phone for just a few weeks using the kind of data that's commercially available. Without any additional information, they were able to identify the person's home address, their employer, their daily commute, their gym, their doctor's office, and the names of several people they were spending time with.

That's from a few weeks of dot-on-a-map data.

Think about what 30 days of your own location history would reveal. Where you sleep every night. That's your home address. Where you go every weekday morning. That's your job. What house of worship you attend. What medical offices you visit. Whether you've been to a mental health clinic, an addiction treatment center, a cancer specialist. What political rallies or town halls you've shown up to. Who you spent last Tuesday night with.

One data broker's own marketing materials described it this way: "What you do and where you do it defines who you are."

They're not wrong. And that's exactly why this data is valuable to anyone who wants to know things about you that you haven't chosen to share.

Who's Selling It

The data broker industry is large, largely unregulated, and almost entirely invisible to the average person.

Companies like Venntel, Babel Street, Gravy Analytics, and dozens of others have built businesses around aggregating location data from mobile apps and reselling it. Most people have never heard of any of them. But these companies likely have years of your location history on file right now.

Customs and Border Protection signed contracts with Venntel worth over two million dollars. The Secret Service paid Babel Street more than $600,000 for a year of access. ICE has since moved on to newer vendors with more powerful tools.

These aren't fringe operations. They're established companies with government sales teams and federal contract vehicles. Selling your location data to law enforcement isn't a side business for them. It's a feature they advertise.

And the apps feeding them? They're on your phone right now. Many of them disclose data sharing somewhere in their privacy policy, buried in language most people don't read. Some don't disclose it at all.

This Applies to Everyone

It doesn't matter what you believe politically. It doesn't matter who you voted for. Federal surveillance infrastructure doesn't check your party registration before it sweeps up your location data.

The tools collect everything. The agencies sort through it later. And the system being built right now will still be running long after the current administration is gone. It'll be available to every future administration, every future director, and every future definition of who qualifies as a person of interest.

That's the part worth sitting with. This isn't really about what's happening today. It's about what becomes possible once the infrastructure is fully in place.

The history of surveillance in this country is full of tools that were built for one specific purpose and then quietly expanded. The FBI's COINTELPRO program started as a counter-intelligence operation and ended up targeting civil rights leaders, journalists, and antiwar protesters. The NSA's post-9/11 bulk collection program was authorized for terrorism investigations and eventually swept up the communications of millions of ordinary Americans.

Every time, the people running these programs said the safeguards were sufficient. Every time, the safeguards weren't.

What Congress Is Doing About It

A bipartisan group of senators recently introduced a bill called the Government Surveillance Reform Act. It's got support on both sides of the aisle. If it passes, federal agencies would need a court-authorized warrant before they could buy Americans' location data from brokers.

That's a meaningful reform. The warrant requirement is exactly what Carpenter was supposed to establish, and closing this loophole legislatively would be a real step forward.

But it hasn't passed yet. It may not pass at all. Bills with bipartisan support stall in Congress all the time, especially when the agencies being restricted have lobbying power and institutional allies.

A similar bill, the Fourth Amendment Is Not For Sale Act, actually passed the full House of Representatives in 2024 with strong bipartisan support. It never got a Senate vote.

So the legislative path exists. It's just not fast, and it's not guaranteed.

What You Can Do Right Now

There are a few things worth doing regardless of how the legislative fights turn out.

First, go through your phone and delete apps you don't use. Every app you remove is one fewer data source. It won't solve the problem, but it reduces your exposure.

Second, on iPhone, go to Settings, Privacy, Tracking, and make sure "Allow Apps to Request to Track" is turned off. This limits third-party ad tracking, though it doesn't eliminate it entirely.

On Android, go to Settings, Privacy, Ads, and opt out of ads personalization. You can also reset your Advertising ID periodically, which breaks continuity in your location history file.

Third, be careful about location permissions. Most apps don't need your precise location to function. A weather app needs to know your city. It doesn't need your GPS coordinates updated every few minutes. Review which apps have "always on" location access and cut it back to "while using" or "never" wherever you can.

These steps help. But they don't fully solve the problem because the Advertising ID system is built into both major mobile operating systems. As long as you're running iOS or Android, you're operating within a framework that was designed, at least in part, to facilitate tracking.

The most complete solution is a phone that doesn't run on either of those operating systems. One where the tracking infrastructure doesn't exist in the first place. That option does exist. It's not mainstream, but it works.

If you want to understand what that looks like in practice, Ghost Phone runs on GrapheneOS, an open-source operating system with no Google or Apple layer underneath it. Worth reading about if this issue concerns you.

Ghost Phone

Ghost Phone runs on a stripped operating system with no Google or Apple tracking built in.

No Advertising ID. No location data leaving your device in the background. If you want to understand how it works and whether it is right for you, start here.

Sources: TechCrunch (March 18, 2026), Electronic Frontier Foundation (March 5, 2026), Gizmodo / 404 Media (March 3, 2026), The Intercept (March 17, 2026), ACLU (January 2026)