US Customs and Border Protection Buys Location Tracking Software

• The US CBP has contracted Venntel for one of the firm’s products, although no specific names are included.
• The agency has paid close to half a million USD for the software tool that has to do with location tracking.
• CBP says they will deploy this tool for illegal immigration control, but they have violated this scope before.

The US Customs and Border Protection (CBP) has paid $475,944.49 on August 5 to buy “Venntel Software.” This piece of info comes from Motherboard, who scrutinizes public procurement records in the US and finds gems like this one regularly. Only last week, we reported on another contract totaling over $2 million, between the US Secret Service and Babel Street, the firm that develops “Locate X.”

So, it’s clear that the United States Federal agencies are very keen to track people’s devices, find their location, figure out where they are and where they have been, and possibly with whom they came in contact.

Related: US Secret Service Document Reveals Purchase of “Locate X”

“Venntel Software” is a data broker, which means they have partnerships with app creators who agree to collect device location data and share it with them. Harvesting data from apps like games, flashlight apps, selfie cam apps, weather forecast apps, and battery saver apps isn’t anything new. Still, discovering where this data ends up and for what purposes is usually beyond regular users’ reach.

When an app asks for more permissions than what should be considered adequate, its developer could be one of the many who work with data brokers like Venntel.

Motherboard has actually talked with a former employee of the company, who told them that a Venntel software user could either scan an area to see which devices are there or look up the history of the locations where a device has been by using a randomly generated identifier.

While Venntel creates these random codes to maintain people’s anonymity, if a user tracks devices back to their owner’s homes, finding out the identities behind device IDs should be doable, if not overly easy.

Other sources claim that the CBP wants to use this software not to breach people’s privacy but to identify border crossing events, track individuals as they spread across the United States, and arrest them. These former employees told Motherboard that Venntel wouldn’t sell data to local or state police, and generally takes precautions against the abuse of its tools.

From their standpoint, CBP has stated the following:

“CBP officers, agents, and analysts are provided with access to the vendor’s interface on a case-by-case basis, and are only able to view a limited sample of anonymized data consistent with existing border security or law enforcement operations.”

The problem here is that CBP has been recently “caught” monitoring peaceful rallies by flying drones above Minneapolis, where people were protesting against police brutality. This was obviously far away from the scope of detecting border crossings, so the chances of misusing Venntel’s products are worryingly high.