> DIA currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones. The data DIA receives is global in scope and is not identified as “U.S. location data” or “foreign location data” by the vendor at the time it is provisioned to DIA. DIA processes the location data as it arrives to identify U.S. location data points that it segregates in a separate database. DIA personnel can only query the U.S. location database when authorized through a specific process requiring approval from the Office of General Counsel (OGC), Office of Oversight and Compliance (OOC), and DIA senior leadership. Permission to query the U.S. device location data has been granted five times in the past two-and-a-half years for authorized purposes.
It's worth noting that they do collect the data up front, and only querying it is restricted. But I suppose having to follow due process for that part is better than nothing.
How do they handle the Fourth Amendment rights of US citizens abroad, like me? My understanding is that those rights must be respected even abroad by US governmental entities when they know or reasonably should know that data they might search or seize belongs to a US citizen.
And if this data includes sufficient identifying info, they should be able to identify me as a US citizen. Even phone number would be enough, since I think that and my US social security number are together in various public data breach datasets.
(Yes, my US phone number should be generating foreign location data. I have two eSIMs simultaneously active, one US and one foreign. For odd reasons I don’t think I have proper roaming working for the US number where I am now, but it does work via Wi-Fi calling which does share the country info with the carrier - and I have had international roaming working at other times.)
Why should my SSN indicate citizenship, some might wonder? SSA certainly knows I was granted my SSN years ago as a newborn citizen, and the Department of State knows I hold a current US passport and have never relinquished my US citizenship.
> DIA currently provides funding to another agency that purchases commercially available geolocation metadata aggregated from smartphones. The data DIA receives is global in scope and is not identified as “U.S. location data” or “foreign location data” by the vendor at the time it is provisioned to DIA. DIA processes the location data as it arrives to identify U.S. location data points that it segregates in a separate database. DIA personnel can only query the U.S. location database when authorized through a specific process requiring approval from the Office of General Counsel (OGC), Office of Oversight and Compliance (OOC), and DIA senior leadership. Permission to query the U.S. device location data has been granted five times in the past two-and-a-half years for authorized purposes.
It's worth noting that they do collect the data up front, and only querying it is restricted. But I suppose having to follow due process for that part is better than nothing.