Yesterday, Congresswoman Veronica Escobar (TX-16) and over 70 Democrats, led by Senator Ron Wyden (D-OR) and Representative Adriano Espaillat (NY-13), called for a new investigation of Department of Homeland Security (DHS) agencies, including Immigration and Customs Enforcement (ICE), over warrantless purchases of Americans’ location data.
The members called on DHS Inspector General Joseph Cuffari to investigate ICE and other DHS agencies restarting warrantless purchases of Americans’ location data. The DHS Inspector General previously found that ICE’s data purchases were illegal, causing the program to shut down in 2023.
ICE issued a no-bid contract to the surveillance company Penlink in 2025, which included licenses for its location tracking product, Webloc, according to a report by 404 Media. Webloc was developed by the controversial surveillance company Cobwebs Technologies, which combined with Penlink in 2023. Meta banned Cobwebs in 2021, as part of a crackdown on surveillance mercenaries after detecting the company’s customers targeting activists, opposition politicians and government officials in Hong Kong and Mexico.
ICE has stonewalled Congressional oversight of its location data purchases. In December 2025, a briefing was scheduled for February 10, 2026. One day before that briefing was to take place, ICE cancelled it with no explanation and without any offer to reschedule.
The letter can be found in its entirety here or below:
Dear Mr. Cuffari:
We write to request that you conduct a second investigation of the warrantless purchase of cell phone location data by the Department of Homeland Security (DHS). Public contracting documents indicate that Immigration and Customs Enforcement (ICE) recently resumed buying Americans’ location data from a shady data broker that itself may be violating federal law.
ICE ended a previous program to purchase Americans’ cell phone location data in 2023, following an investigation by your office and scrutiny from Congress. In October 2020, Senators Wyden, Warren, Markey and Schatz requested that you investigate Customs and Border Protection (CBP) purchase of Americans’ phone location data. Your subsequent report, published on September 28, 2023, found that CBP, ICE and the Secret Service all violated federal law through their warrantless purchase and use of location data. In addition, your review found serious problems regarding how these agencies were overseeing their employees’ use of this sensitive data, including employees sharing accounts and passwords to phone tracking databases, a complete failure by supervisors to request or review audit logs to detect patterns of abuse, and in one instance, the misuse of data by a DHS employee to track coworkers.
Location data is extremely sensitive, and can reveal someone’s religion, their political views, medical conditions, addictions, and with whom they spend time. It is for that reason that ordinarily, the government must obtain a warrant from a judge in order to demand such data from phone or technology companies.
DHS components' attempts to defend their purchase of Americans’ location data did not stand up to scrutiny. Your report revealed how ICE officials sought to evade federal privacy requirements by claiming that the location data they were purchasing is “anonymized” and therefore does not constitute Personally Identifiable Information. However, the Federal Trade Commission (FTC) has debunked such arguments, stating that so-called anonymized data remains sensitive. Although a retroactive CBP privacy review issued on August 12, 2024, a year after the agency stopped buying location data, claimed that “CBP only contracted with platforms that received data from data providers that verified that the information they provided was gathered from individuals who consented to having their location information sold and used by third parties,” that assertion was false. In fact, on January 14, 2025, the FTC finalized an order against Venntel, one of the data brokers from which CBP and ICE bought location data, after the FTC determined the company was illegally selling location data that was collected without consumer consent.
Consumers must explicitly consent to how their data will be used. It is not enough for an app developer to include fine print that app data will be sold or to obtain general consent to access location data. Through its recent cases against Venntel, Mobilewalla, and X-Mode Social, the FTC has made it clear that it is an unfair business practice in violation of Section 5 of the FTC Act for data brokers to sell location data to the government that was obtained without consumer consent. Data brokers that continue to sell such data to the government are violating federal law.
Public reports indicate that ICE has resumed its location data purchases, even though DHS has yet to adopt all of the recommendations from your prior review. Your 2023 report noted that there was no DHS-wide policy governing component use of commercial location data. DHS created a commercial data working group in 2022, but as of April 2023, the DHS commercial data working group had yet to issue a policy. Your office recently confirmed that this recommendation remains open.
ICE issued a no-bid contract to the surveillance company Penlink in 2025, which included licenses for its location tracking product, Webloc, according to press reports. Webloc was developed by the controversial surveillance company Cobwebs Technologies, which was combined with Nebraska-based Penlink as part of a $200M private equity deal in 2023. Cobwebs gained notoriety when Meta banned the company in 2021, as part of a crackdown on surveillance mercenaries after detecting the company’s customers targeting activists, opposition politicians and government officials in Hong Kong and Mexico.
ICE is now stonewalling congressional oversight into its purchase of location data. Senator Wyden’s office requested a briefing from ICE soon after this contract was revealed in the press, in October, which was scheduled in December, for February 10, 2026. One day before that briefing was to take place, ICE cancelled it with no explanation and without any offer to reschedule.
Given DHS’ failure to adopt a policy for the use of commercial data, coupled with ICE awarding a no-bid contract to a shady data broker that is likely violating federal law, we urge you to open another investigation into the purchase and use of location data by ICE and other DHS components. In particular, we urge you to investigate:
-
Whether ICE and other DHS components are purchasing illegally obtained location data about Americans and if yes, why DHS does not have policies in place to prevent taxpayer dollars from going to contractors that have invaded Americans’ privacy in violation of federal law.
-
How ICE and other DHS components have used location data and whether they have used it to investigate Americans for engaging in constitutionally protected activities, including those protesting ICE actions or monitoring ICE enforcement operations.
-
Whether ICE and other DHS components are auditing employee access to commercial location data to identify likely patterns of abuse. If yes, have such audits discovered abuse?
-
Why has DHS still not adopted a policy for the use of commercial location data, as you
Thank you for your attention to this important matter.
