US Border Agency’s Data Broker Deal Masks Spy Tools, Critics Say

US Customs and Border Protection is paying data broker LexisNexis Special Services Inc. for access to a powerful suite of surveillance tools, according to public records. Critics say CBP is using the contract to hide the agency’s full ability to monitor immigrants and others in the US.

The nearly $16 million, five-year contract provides access to social media monitoring, web data such as email addresses and IP address locations, real-time jail booking data, facial recognition services, and cellphone geolocation data analysis tools.

“They’re hiding their capabilities in some ways from transparency for the law enforcement agencies,” said Julie Mao, an attorney and co-founder at Just Futures Law, a legal nonprofit serving marginalized communities. “It’s no longer that they need to particularly contract with the facial recognition company or Babel X,” a social media monitoring tool Vice News in May reported CPB was using.

“They’re able to hide those capabilities within one contract,” she said.

Just Futures Law sued LexisNexis Risk Solutions last year, alleging it violated Illinois law by collecting and selling personal data to third parties, including to law enforcement.

The contract records, obtained through the Freedom of Information Act by Just Futures Law and shared with Bloomberg Law, highlight how some data broker services can evolve into one-stop shops for surveillance tools. The contract offers access to social media monitoring service Babel X as well as “Lexis Nexis facial recognition” services. In the past, CBP has contracted with Babel X directly and received facial recognition services through Clearview AI.

CBP didn’t respond to questions for this story.

LexisNexis referred Bloomberg Law to a web page of frequently asked questions about its work with the government that states the company “does not provide the Department of Homeland Security or US Immigration and Customs Enforcement with license plate images or facial recognition capabilities.”

“LexisNexis Risk Solutions supports the responsible use of data in accordance with governing statutes, regulations and industry best practices,” Paul Eckloff, senior director of public relations-government at LexisNexis Special Services, told Bloomberg Law in an email. “As with our other customers, the Department of Homeland Security must use our services in compliance with these principles.”

In its statement of work for the contract, CBP says a “Law Enforcement Investigative Database” and its tools “shall help examine individuals and entities to determine their admissibility to the US and their proclivity to violate U.S. laws and regulations.” The document states the tools are an “essential analytic aid” to “identify companies and significant persons of interest, using only partial information if necessary, and must create detailed analytical tracking.” The database requires “real-time access, 24/7, 365 days.”

Sarah Sherman-Stokes, a clinical associate professor of law at Boston University, called the contract “consistent” with the Homeland Security Department’s efforts to use every available tool to build out digital surveillance of migrants.

“The risk of that is that it’s easier to obtain,” said Sherman-Stokes. “These individuals can be searched at the click of a button.”

Digital Policing

CBP isn’t the only federal law enforcement agency to use LexisNexis Special Services. US Immigration and Customs Enforcement, mentioned on the company’s FAQ page, also has a contract for LexisNexis Risk Solutions’ Accurint TraX virtual crime platform. Public records obtained by Just Futures Law and Latinx activist group Mijente last year reported by The Intercept show that the agency used the tool to conduct more than a million searches in just seven months during 2021.

CBP’s use of the data and tools provided by LexisNexis, which the contract says are available to a redacted number of agents across its operations, not just US Border Patrol, is also poised for large volumes of searches. The database allows for “batch queries” of a host of sensitive information including real-time arrests and incarcerations, real estate records, utility bills, business affiliations and motor vehicle records.

While CBP is largely known for its work at ports of entry, the agency has authority within 100 miles of American’s borders and has played a role in monitoring protests, including those in Minneapolis following George Floyd’s killing in 2020.

“The technologies are really built on this goal of mass surveillance of everyone,” said Just Future’s Mao. “You see in the contract that they’re not asking specifically, for example, for data in relation to immigration enforcement.”

Homeland Security’s reliance on data brokers highlights a disconnect within the Biden administration over how to handle commercial surveillance providers. Federal law enforcement has become one of the industry’s biggest clients, and the Biden administration recently opposed congressional proposals to ban government purchases of commercial data.

Meanwhile, agencies like the Federal Trade Commission and Consumer Financial Protection Bureau have sought to rein in the billion-dollar data broker economy with proposals that would limit sales of sensitive information bought by law enforcement. The White House this summer hosted a summit on the harms of data brokers, including against migrant communities.

LexisNexis’ data broker services also fuel Login.gov, a government-run online identity verification platform for the public sign in securely to federal websites of agencies such as the Small Business Administration. According to USAspending.gov, LexisNexis Special Services currently has $18 million in government contracts.

The group Mijente, one of the plaintiffs in Just Futures Law’s lawsuit against LexisNexis, has called for DHS to end its data broker contracts.

“It has tremendous impact on entire communities,” said Jacinta Gonzalez, field director of Mijente. “That surveillance has the reach to encapsulate other people as well. It’s not only terrifying for immigrants, but for entire communities that include immigrants.”

CBP Director Troy Miller at an April budget hearing told House Appropriations Committee members that “strong investments in border security technology are especially critical to CBP’s efforts to maintain domain awareness and take swift action to respond to dangerous threats.”

The National Fraternal Order of Police said in a July letter to the House Judiciary Committee that legislation to ban law enforcement use of data brokers like LexisNexis would “would have a profoundly negative effect on public safety and on the ability of law enforcement to conduct investigations into violent crimes like murder, kidnapping, terrorism, and other serious threats” and would “cut off access to vital investigative tools routinely used by law enforcement agencies every day.”

Sherman-Stokes, the law professor, noted that the use of surveillance tools introduced for one purpose often expands to a broader population.

“Information-gathering is not neutral. It’s designed to target communities that have very little political power,” she said. “We know whatever is tried on vulnerable communities first will be tried later on everyone.”

Location-Data Tools

CBP’s purchase of commercial surveillance data has come under scrutiny before, as recently as September.

Just weeks before the Homeland Security Inspector General’s Office released a report that month finding CBP failed to adhere to privacy procedures when buying commercial cellphone location data, the agency sent a letter to Sen. Ron Wyden (D-Ore.) saying it would stop buying the information at the end of September.

That pledge raises questions about CBP’s contract with LexisNexis, the solicitation for which specifically called for “cell phone and mobile devices geolocation” data, “including detailed call record history analysis” as a requirement.

The contract with LexisNexis doesn’t mention providing cellphone geolocation data. It does include access to Accurint TraX, a tool LexisNexis states “combines the power of identity data and law enforcement data with call detail record analysis.”

Accurint TraX allows users to link mobile device numbers with individual and personal information in real time and can be used by law enforcement to “enhance their device geolocation investigations,” according to LexisNexis’ marketing materials.

The service also includes access to a Virtual Pen Register Tool (VIPER), which can track data regarding specific phone numbers and generate forms for law enforcement to request access to communications providers’ data. The tool can also generate alerts to track targets in a predesignated area.

Just Futures’ Mao says that the contract for the services raises its own concerns.

“We’re concerned that they’re using the LexisNexis contract as a backdoor to continue to monitor the mobile locations of millions of people in the United States,” she said.