The Wall Street Journal reported that the House's Committee on Oversight and Reform launched an investigation into Venntel to determine whether the data broker and software company collected and sold "sensitive mobile phone location data that reveal[ed] the precise movements of millions of American adults, teens, and even children" to intelligence and law enforcement entities. Venntel is currently contracted by the Department of Homeland Security (DHS), the criminal investigation division of the Internal Revenue Service, FBI, and other government agencies.
Those on the committee are Chairwoman Rep. Carolyn B. Maloney, Committee Member Mark DeSaulnier, and Senators Elizabeth Warren and Ron Wyden.
In its letter to Venntel, the committee stated: "We seek information about your company’s provision of consumer location data to federal government agencies for law enforcement purposes without a warrant and for any other purposes, including in connection with the response to the coronavirus crisis." It added, "The vast majority of Americans carry cell phones with apps capable of collecting precise location information 24 hours a day, 7 days a week. This location-tracking raises serious privacy and security concerns."
Consumers typically give consent to apps on their smartphones allowing location tracking. This allows users to:
This also permits companies to:
However, users are not asked permission or notified of government surveillance, which raised lawmakers' concern in protecting the public's privacy and data. Traditionally, prosecutors needed court approval to obtain data from cell phone carriers. In 2018, the Supreme Court reinforced the need to "show probable cause a crime has been committed before such data could be obtained from carriers." Currently, regulations are unclear when it comes to government agencies purchasing location data from marketers, which seem to make the process easier.
In Venntel's case, DHS used the company to "to detect unlawful border crossings and was used unsuccessfully by the IRS to try to track criminal suspects." Its parent company, Gravy Analytics Inc.'s website says it is a "provider of real-world consumer insights for advertisers and brands" through the millions of phones it tracks. The amount of data it could have provided to the government through Venntel remains unknown for now. Gravy Analytics claims it "complies with all applicable laws and takes its privacy obligations seriously."
The committee's letter to Venntel noted the gravity of the information possibly collected and sold. "In February 2020, the Federal Communications Commission (FCC) fined the four major wireless carriers, Verizon, AT&T, T-Mobile, and Sprint, for selling location data without the knowledge or consent of their subscribers. In issuing the fines, the FCC described the sensitivity of location data and its potential for abuse:
"The precise physical location of a wireless device is an effective proxy for the precise physical location of the person to whom that phone belongs at that moment in time. Exposure of this kind of deeply personal information puts those individuals at significant risk of harm—physical, economic, or psychological. For consumers who have job responsibilities in our country’s military, government, or intelligence services, exposure of this kind of information can have serious national security implications."
CPO Magazine said, "The Federal Trade Commission (FTC), which is in charge of protecting consumers in the United States, has shown some willingness to step in and protect consumers if companies are not divulging the extent to which they are selling and exchanging data. Most people simply don’t know what’s going on, and policies can vary so greatly from company to company, such that some form of governmental protection seems to be in order."
In the meantime, consumers should double-check the apps they allow to track their location and review the default setting for those apps.