The FBI Is Buying Your Location Data

On March 18, 2026, FBI Director Kash Patel confirmed under oath what privacy advocates have warned about for years: the FBI is purchasing Americans’ data directly from commercial data brokers, bypassing the warrant process entirely.

The admission, made during a Senate Intelligence Committee hearing, has reignited a national debate about the Fourth Amendment, data broker regulation, and the loopholes that allow federal agencies to surveil ordinary citizens without judicial oversight.

This is not a hypothetical concern. The data being purchased could potentially reveal information about your location, where you work, where you worship, who you spend time with, and when you visit a doctor. It is sourced from the apps on your phone, and it reaches the government’s hands without your knowledge or consent.

Kash Patel’s Confirmation Before the Senate

During the March 18 hearing, Senator Ron Wyden of Oregon asked Patel directly whether the FBI would commit to not buying Americans’ location data. Patel did not give a direct answer. Instead, he stated that the FBI “uses all tools to do our mission” and confirmed that the agency “purchases commercially available information that is consistent with the Constitution and the laws under the Electronic Communications Privacy Act.”

Wyden responded sharply, calling the practice an “outrageous end-run around the Fourth Amendment.” The constitutional protection he referenced prohibits unreasonable government searches and seizures, and traditionally requires law enforcement to obtain a warrant from a judge before accessing private data.

This is the first time since 2023 that the FBI has publicly confirmed it is actively purchasing this type of data. In 2023, then-FBI Director Christopher Wray acknowledged the agency had bought location data in the past but said it was not doing so at that time. Patel’s testimony this week makes clear that practice has resumed. A spokesperson for the FBI did not respond to questions about how often the data is obtained or from which brokers it is purchased, according to TechCrunch.

The FBI was not the only agency in the spotlight. The Director of the Defense Intelligence Agency also confirmed during the same hearing that his agency purchases commercially available information, though he declined to specify whether it currently includes Americans’ location data.

How the FBI Accesses Your Location Data Without a Warrant

To understand why this matters, it helps to understand how location data flows from your phone to a government database.

It begins with your apps. According to the Electronic Frontier Foundation, weather apps, navigation apps, coupon apps, and so-called “family safety” apps routinely request location access to enable their features. Once granted, that access is typically shared freely. Some apps partner directly with data brokers through embedded software development kits (SDKs). Others share location data through the real-time bidding (RTB) process that powers online advertising.

Once that data enters the broker ecosystem, data brokers package it into detailed profiles that can be sold to marketers, financial institutions, and yes, government agencies. The profiles can include your precise movements over time, your routines, the locations you visit regularly, and who you are near.

Normally, if the government wanted this type of data from a phone carrier or tech company, it would need a warrant. The 2018 Supreme Court decision in Carpenter v. United States established that law enforcement must obtain a warrant to access location records from telecom providers. But that ruling applied specifically to data held by service providers. It said nothing about data purchased from third-party brokers who gathered it through apps. That gap is the loophole the FBI is now openly using.

The FBI’s legal position is that it does not need a warrant because it is purchasing information that is commercially available. That theory has not been tested in court. Critics argue it is constitutionally indefensible. As Proton has noted, data brokers collect information on large populations, not specific suspects, meaning the government can access the daily routines of ordinary people without any suspicion of wrongdoing.

The Data Broker Ecosystem

The location data market is not a niche industry. It is a sprawling commercial infrastructure built on top of the advertising economy. Companies like Venntel, Babel Street, and X-Mode (now known as Outlogic) have supplied location data to federal agencies for years.

The FTC took action against X-Mode, finding it had collected precise location data through thousands of partner apps and sold it to hundreds of clients, including private government contractors, without consumers’ informed consent. According to the FTC, the company ingested over 10 billion location data points per day from across the world.

The issue extends beyond dedicated location brokers. As Redact has previously reported, major U.S. airlines have sold passenger travel data to DHS and ICE through a co-owned data broker called the Airlines Reporting Corporation. And Customs and Border Protection has used data sourced directly from the real-time bidding advertising system to track phone movements, a practice confirmed in a document obtained by 404 Media.

The EFF has also documented the role of companies like Fog Data Science and Babel Street’s “Locate X” service, which allow law enforcement to perform broad geofence-style queries on location data covering hundreds of millions of devices at once. Put simply, mass data collection is made available to investigators at the click of a mouse.

The Legal and Constitutional Debate

The central legal question is whether the government’s purchase of commercially available data constitutes a “search” under the Fourth Amendment. The traditional doctrine known as the “third-party doctrine” holds that people have no reasonable expectation of privacy in information they voluntarily share with third parties. Applying that logic here, the government argues that location data shared with apps and brokers is fair game.

Privacy advocates reject this reasoning. The data is not voluntarily shared in any meaningful sense. Most people do not read privacy policies, do not know their data is being sold to brokers, and certainly do not expect it to end up in federal databases. The Supreme Court’s Carpenter ruling acknowledged that the scale and precision of modern location data is categorically different from earlier cases involving third-party records, and that the old doctrine does not map cleanly onto it.

Senator Ron Wyden has introduced legislation that would close this loophole. Alongside Senator Mike Lee, and Representatives Warren Davidson and Zoe Lofgren, Wyden introduced the Government Surveillance Reform Act, a bipartisan, bicameral bill that would require a court-authorized warrant before federal agencies can purchase sensitive personal data, including location information, from data brokers. Whether that bill advances through Congress remains to be seen.

The broader privacy law landscape has begun to shift at the state level. As Redact’s state-by-state privacy law guide outlines, many states now restrict how sensitive location data near clinics and places of worship can be used, and several require companies to honor universal opt-out signals. But none of those protections directly prevent the federal government from purchasing data that brokers have already collected.

Why This Is Not a New Problem

Federal agencies have been exploiting the data broker loophole for well over a decade. The CBP, ICE, the Secret Service, and the DHS have all been documented using purchased location data for investigations. A DHS inspector general report confirmed that multiple component agencies violated internal policy and in some cases federal law in their use of commercially purchased surveillance data.

What is new about this week’s revelation is the directness of the admission. A sitting FBI director, asked whether the agency would stop buying Americans’ location data, responded not with denial but with confirmation.

The practice has also grown more powerful over time. As Proton notes, these datasets are increasingly analyzed using AI, which makes it easier to cross-reference information and uncover deeper patterns about individuals. What once required significant manual analysis can now be processed at scale. As Redact has explored in the context of AI-powered geolocation tools, the combination of AI with large location datasets creates surveillance capabilities that were unimaginable even a few years ago.

Government surveillance through social media channels is also expanding in parallel. Tools like SocialNet, used by agencies including ICE’s Homeland Security Investigations division, can aggregate public activity from over 200 online platforms to build relationship maps and behavioral profiles of individuals. Location data and social surveillance increasingly work together.

What This Means for Ordinary Americans

The implications of this story go beyond policy debates. If the FBI is purchasing location data from commercial brokers, that data almost certainly includes information about you, regardless of whether you have done anything wrong.

Location data reveals patterns that are deeply personal. Where you go for medical care. Whether you attend a place of worship. Who you meet with, and how often. Whether you participated in a protest. The granularity of modern smartphone location data means the government, through a simple commercial transaction, can reconstruct a detailed picture of your daily life.

This is not a concern limited to people with something to hide. It is a structural issue with how personal data is collected, sold, and used. Every post, check-in, and piece of digital activity you leave behind contributes to a profile that can be accessed, purchased, and analyzed without your knowledge.

How to Reduce Your Exposure

You cannot opt out of data broker surveillance entirely, but you can reduce how much data enters those systems in the first place. Limiting app location permissions, resetting your mobile advertising ID, and regularly auditing and deleting your social media history all reduce the information available for brokers to collect and sell.

Redact helps you take control of your digital footprint by allowing you to bulk delete old posts, messages, comments, and other content across dozens of platforms. The less public data that exists about you, the less there is for brokers to aggregate and sell. It is one of the most direct steps you can take to limit your exposure to the kind of surveillance described in this article.

The FBI’s confirmation this week is a reminder that data privacy is not an abstract concern. It is a practical one, and the decisions you make about your digital presence have real consequences.