How ICE became a $2.8b domestic surveillance agency

Your US tax dollars at work

The US Immigration and Customs Enforcement (ICE) agency has spent about $2.8 billion over the past 14 years on a massive surveillance "dragnet" that uses big data and facial-recognition technology to secretly spy on most Americans, according to a report from Georgetown Law's Center on Privacy and Technology.

The research took two years and included "hundreds" of Freedom of Information Act requests, along with reviews of ICE's contracting and procurement records. It details how ICE surveillance spending jumped from about $71 million annually in 2008 to about $388 million per year as of 2021. The network it has purchased with this $2.8 billion means that "ICE now operates as a domestic surveillance agency" and its methods cross "legal and ethical lines," the report concludes.

ICE did not respond to The Register's request for comment.

The agency pulls data from Department of Motor Vehicle records, calls, child welfare reports, employment records, geolocation information, health-care and housing records and social media reports, the report said.

In addition to accessing public agencies' records on individuals, ICE also buys customer records from utility companies through its contact with data brokers Thomson Reuters. This is because undocumented people may not want to provide their information to government bodies — like the DMV — because they fear deportation. But they still need to connect their homes to water, gas, electricity and internet services.

"For people who are not easily traceable via traditional sources," a cited Thomson Reuters marketing letter reads, "locator information from utility hookup records may provide the only current and accurate address and phone number data available."

These types of contracts with private data brokers have helped ICE amass utility records from more than 218 million customers across all 50 states and Washington, DC, according to the Georgetown researchers.

Access to all of this information, along with AI tools for scanning and analyzing huge data sets, has turned ICE into a modern-day domestic spy agency, the report suggested:

By reaching into the digital records of state and local governments and buying databases with billions of data points from private companies, ICE has created a surveillance infrastructure that enables it to pull detailed dossiers on nearly anyone, seemingly at any time.

This includes using facial recognition technology to scan driver's license photographs of 32 percent of all adults in the US, the research said. In fact, ICE has access to driver's license data of 74 percent of US adults, and tracks the movements of cars in cities where nearly 70 percent of the adult population lives, it added.

Additionally, ICE was automatically alerted when 74 percent of US adults connected gas, electricity, phone or internet to a new home — thus providing the agency with their home addresses.

And as the researchers noted: "Almost all of that has been done warrantlessly and in secret."

In one particularly heart-wrenching example, the report detailed how ICE used interviews with unaccompanied children crossing US borders and being interviewed by Department of Health and Human Services about family members in America who could care for them. Per an information-sharing agreement between the two agencies, ICE used these kids' interviews to arrest at least 400 of their family members. The practice has now been formally banned by the agency.

Congress and state lawmakers remain mostly unaware of ICE surveillance activities, according to the researchers, which noted that there hasn't been any congressional hearings or Government Accountability Office report focused on such efforts. 

And as such, the report authors called on Congress to do a better job overseeing ICE surveillance. This includes updating the Driver's Privacy Protection Act (DPPA) to prohibit, or at least require a warrant or court order, the use of any DMV data for immigration enforcement purposes.

Additionally, states should prohibit the disclosure, sale or resale of utility data for immigration purposes, the team suggests. ®

Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022