DHS Agencies Exploit Commercial Advertising Data for Civilian Tracking
Washington, Tuesday, 3 March 2026.
Internal documents confirm Customs and Border Protection utilizes location data harvested from the online advertising ecosystem to monitor individuals without warrants. This integration of commercial “Ad Tech”—sourced from common mobile apps—into federal operations has triggered a congressional inquiry into the legality of bypassing Fourth Amendment protections via government procurement.
Congressional Scrutiny and Legal Challenges
On Monday, March 2, 2026, approximately 70 lawmakers, including Senator Ron Wyden and Representative Adriano Espaillat, formally requested that the Department of Homeland Security’s (DHS) oversight body investigate Immigration and Customs Enforcement’s (ICE) acquisition of location data [1]. This bipartisan [alert! ‘Implied but not explicitly stated in the source.’] effort underscores growing concerns about the potential for abuse and the erosion of privacy rights [1]. Senator Wyden has been particularly vocal, accusing Big Tech companies of effectively collaborating with ICE by refusing to cut off surveillance companies and data brokers [1]. He argues that this collaboration turns every internet ad into a potential source of location data for ICE operations [1].
Real-Time Bidding and Data Sourcing
CBP sources location data through real-time bidding (RTB), a process where surveillance firms can extract mobile phone information, including location, from various apps [1]. This RTB-based surveillance is linked to popular apps such as Candy Crush, Subway Surfers, Tinder, Grindr, Tumblr, and MyFitnessPal [1]. App developers are often unaware that their platforms are conduits for government surveillance, highlighting a significant gap in transparency and user consent [1]. These tools can potentially track hundreds of millions of phones, often without the need for a warrant, raising serious constitutional questions [1].
Past Abuses and Policy Gaps
From 2019 to 2021, CBP conducted a pilot program using AdIDs associated with cross-border criminal activity [1]. However, a DHS Office of the Inspector General (OIG) report revealed that CBP, ICE, and the Secret Service had illegally used smartphone location data [1]. Despite the creation of a commercial data working group within DHS in 2022, as of April 2023, no DHS-wide policy governed the use of commercial location data [1]. A 2023 report further emphasized the absence of a comprehensive policy, indicating a persistent lack of oversight and accountability [1].
Broader Surveillance Context and Countermeasures
The use of commercial data is just one facet of a broader surveillance landscape. Geofence warrants, which request data from providers like Google to identify devices within a specific area, have also come under scrutiny [2]. While the Fifth Circuit ruled in August 2024 that geofence warrants are “categorically prohibited” by the Fourth Amendment in United States v. Smith, other methods, such as cell-site simulators and SS7 vulnerabilities, continue to pose risks [2]. Senator Wyden has recommended that the public protect themselves by installing ad blockers, disabling their phone’s advertising ID, and enabling the Global Privacy Control in their browser [1]. These measures are particularly relevant as Part 6 of an investigative series, scheduled for publication on March 7, 2026, will cover countermeasures to protect oneself from surveillance [2].