FBI Resumes Purchasing Americans' Location Data Without Warrants, Director Patel Confirms

FBI Resumes Purchasing Americans' Location Data Without Warrants, Director Patel Confirms

What Happened

FBI Director Kash Patel has confirmed that the bureau has resumed the practice of purchasing Americans' location data from commercial data brokers, bypassing the need for traditional warrants or court orders. The revelation came during a Senate hearing where Senator Tom Cotton of Arkansas expressed support for the practice, controversially comparing the purchase of commercially available location data to law enforcement searching through a person's trash left on the curb — implying that data voluntarily shared with apps and services carries a reduced expectation of privacy.

The confirmation reverses a brief pause in the practice that followed public backlash and congressional scrutiny in 2023 and 2024. At that time, revelations about the scope of government data purchases — including location data precise enough to track individuals to specific buildings, rooms, and even floors — prompted bipartisan calls for reform. The FBI temporarily curtailed its bulk data purchasing while internal policy reviews were conducted.

Office 2024 Pro Plus

Word, Excel, PowerPoint + more. 3 Devices.

$29

Buy Now →

Windows 11 Pro

Professional Edition. 3 Devices.

$29

Buy Now →

Office 365 Lifetime

5 Devices. Lifetime Account.

$29

Buy Now →

Visio 2024 Pro

Professional Diagramming. 3 Devices.

$29

Buy Now →

Project 2024 Pro

Project Management. 3 Devices.

$29

Buy Now →

Win 11 + Office Bundle

Win 11 Pro + Office + Visio + Project

$49.99

Buy Now →

Patel's testimony indicates that those internal reviews have concluded, and the bureau has determined that purchasing commercially available data does not constitute a search under the Fourth Amendment, a legal interpretation that privacy advocates have vigorously contested for years.

Background and Context

The commercial data broker industry has evolved into one of the most significant — and least regulated — surveillance infrastructure components in the modern era. Companies like Babel Street, Venntel (now owned by Gravy Analytics), and numerous others aggregate location data from thousands of smartphone applications, creating detailed movement profiles on hundreds of millions of Americans. This data is collected through the mundane act of granting location permissions to weather apps, navigation tools, games, and social media platforms.

The legal framework surrounding government purchase of this data remains deeply contested. The Supreme Court's landmark 2018 decision in Carpenter v. United States established that accessing historical cell-site location information constitutes a search requiring a warrant. However, the government has argued that commercially purchased data is fundamentally different because it has already been collected and aggregated by private companies, and individuals have ostensibly consented to its collection through app permissions.

Privacy advocates counter that this reasoning creates a massive constitutional loophole: the government can simply purchase what it would otherwise need a warrant to collect directly. The data available through brokers is often more precise and comprehensive than what could be obtained through traditional surveillance methods, making the warrant bypass even more problematic.

In an era where digital privacy intersects with every aspect of business operations, organizations need to be mindful of their own data practices — from the enterprise productivity software they deploy to the permissions they grant across their technology stack.

Why This Matters

The resumption of warrantless location data purchases by the FBI represents a watershed moment in the evolving relationship between government surveillance, commercial data collection, and individual privacy rights. The practice essentially creates a parallel surveillance infrastructure that exists entirely outside the traditional legal checks and balances designed to protect citizens from government overreach.

Senator Cotton's trash analogy is legally convenient but deeply misleading. When someone places trash on the curb, the physical act of abandonment is visible and understood. When a person grants location permission to a weather app, they are not making an informed decision to share their precise movements with federal law enforcement. The layers of data aggregation, resale, and government procurement that connect a simple app permission to an FBI analyst's screen are opaque by design.

The implications extend beyond individual privacy to business confidentiality. Corporate executives, journalists, lawyers, and anyone whose physical movements could reveal sensitive information are vulnerable. Location data can reveal visits to competitors, medical facilities, places of worship, political events, and legal counsel — all without the knowledge or consent of the tracked individual and without any judicial oversight. For businesses that take security seriously — investing in properly licensed software like an affordable Microsoft Office licence — the digital surveillance landscape adds another dimension of risk that requires attention.

Industry Impact

The tech industry finds itself in an uncomfortable position. The same data collection practices that power targeted advertising and app personalization are now explicitly acknowledged as a surveillance pipeline for federal law enforcement. This creates potential reputational risk for app developers and data aggregators, particularly as public awareness of these practices grows.

Apple and Google, which control the two dominant mobile operating systems, have made incremental improvements to location permission transparency and control over the past several years. Apple's App Tracking Transparency framework and Android's granular permission system have given users more visibility into which apps access their location. However, these controls remain insufficient when the underlying business model — free apps monetized through data collection — incentivizes maximum data harvesting.

The data broker industry itself faces uncertain regulatory prospects. The Fourth Amendment Is Not For Sale Act, which would prohibit government agencies from purchasing data that would otherwise require a warrant, has been introduced in multiple congressional sessions but has never passed. The current political environment, with the FBI director actively defending the practice and key senators supporting it, suggests the legislation faces even steeper odds.

For enterprise technology vendors, this dynamic creates both risk and opportunity. Companies that can demonstrate genuine commitment to data minimization and privacy-by-design may gain competitive advantage as businesses become more conscious of the data they generate and the third parties who may access it.

Expert Perspective

Constitutional law scholars and privacy researchers have characterized the FBI's position as a fundamental misreading of Fourth Amendment protections. The third-party doctrine — the legal principle that information voluntarily shared with third parties carries reduced privacy expectations — was developed in an era of telephone records and bank statements. Applying it to the comprehensive movement surveillance enabled by modern location data stretches the doctrine far beyond its original scope and intent.

The comparison to searching trash is particularly problematic because it ignores the scale, precision, and persistence of digital location tracking. Trash reveals discrete, time-limited information. Location data creates a comprehensive, continuous record of a person's life that can be queried retroactively across months or years. These are fundamentally different capabilities, and applying the same legal framework to both represents a category error with serious civil liberties implications.

Security professionals also note the counterintelligence risks: if American location data is available for purchase by the FBI, it is equally available for purchase by foreign intelligence services, corporate espionage operations, and criminal organizations.

What This Means for Businesses

Businesses should understand that the location data generated by their employees' devices — including company-issued smartphones and personal devices used for work — may be accessible to government agencies without any notification or judicial process. This has implications for trade secret protection, executive security, legal privilege, and competitive intelligence.

Organizations should review their mobile device management policies, assess which applications have location permissions on corporate devices, and consider whether VPN and privacy-focused configurations are appropriate for sensitive roles. Ensuring that core business infrastructure runs on secure, properly licensed platforms — from a genuine Windows 11 key to current security patches — is one component of a broader security posture that must now account for commercial surveillance pipelines.

Key Takeaways

• FBI Director Kash Patel confirmed the bureau has resumed purchasing Americans' location data from commercial data brokers
• Senator Tom Cotton defended the practice by comparing it to searching through a person's trash
• The practice bypasses traditional warrant requirements by purchasing commercially aggregated data
• Privacy advocates argue this creates a constitutional loophole around Fourth Amendment protections
• Location data can reveal visits to medical facilities, legal counsel, competitors, and political events
• Businesses should review mobile device policies and app permissions on corporate devices

Looking Ahead

The legal battle over warrantless data purchases is far from settled. Multiple federal courts are considering challenges to the practice, and the issue may eventually reach the Supreme Court for clarification of how the third-party doctrine applies to commercial location data. In the meantime, expect privacy-focused legislation to continue stalling at the federal level while individual states explore their own restrictions. Businesses and individuals who take privacy seriously should not wait for legal resolution — proactive measures to minimize location data exposure are prudent regardless of how courts eventually rule.