The United States Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. While the practice of buying people’s location data has grown increasingly common since the US Supreme Court reined in the government’s ability to warrantlessly track Americans’ phones nearly five years ago, the FBI had not previously revealed ever making such purchases. 

The disclosure came today during a US Senate hearing on global threats attended by five of the nation’s intelligence chiefs. Senator Ron Wyden, an Oregon Democrat, put the question of the bureau’s use of commercial data to its director, Christopher Wray: “Does the FBI purchase US phone-geolocation information?” Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes. 

“To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising,” Wray said. “I understand that we previously—as in the pas—purchased some such information for a specific national security pilot project. But that’s not been active for some time.” He added that the bureau now relies on a “court-authorized process” to obtain location data from companies. 

It’s not immediately clear whether Wray was referring to a warrant—that is, an order signed by a judge who is reasonably convinced that a crime has occurred—or another legal device. Nor did Wray indicate what motivated the FBI to end the practice. 

In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment’s guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring loophole that allows the government to simply purchase whatever it cannot otherwise legally obtain. US Customs and Border Protection (CBP) and the Defense Intelligence Agency are among the list of federal agencies known to have taken advantage of this loophole. 

The Department of Homeland Security, for one, is reported to have purchased the geolocations of millions of Americans from private marketing firms. In that instance, the data were derived from a range of deceivingly benign sources, such as mobile games and weather apps. Beyond the federal government, state and local authorities have been known to acquire software that feeds off cellphone-tracking data. 

Asked during the Senate hearing whether the FBI would pick up the practice of purchasing location data again, Wray replied: “We have no plans to change that, at the current time.”

Sean Vitka, a policy attorney at Demand Progress, a nonprofit focused on national security and privacy reform, says the FBI needs to be more forthcoming about the purchases, calling Wray’s admission “horrifying” in its implications. “The public needs to know who gave the go-ahead for this purchase, why, and what other agencies have done or are trying to do the same,” he says, adding that Congress should also move to ban the practice entirely.