He taps the weather app to check the forecast. An ad loads, and somewhere between the pixels and the auction a record of his movement is saved. I read the document that shows how those tiny, routine transactions can be repurposeed into a map of where people go.
I want you to follow me through what the Department of Homeland Security’s own paper quietly admitted: Customs and Border Protection bought advertising-sourced location data and tested it against people’s phones. I’ll show you how the ad-tech plumbing works, who has been using it, and why that should make you feel uneasy.
Your phone just fetched an ad — and a location stamp.
The DHS Privacy Threshold Analysis obtained by 404 Media ties a Customs and Border Protection pilot (2019–2021) to marketing data built from mobile Advertising IDs, or AdIDs. That PTA is the agency’s required paper trail when testing new tech, and it admits what many privacy reporters long suspected: ad-tech can be turned into surveillance tools.
When an ad request fires inside a game, a dating app, or a news widget, an automated auction called real-time bidding sends device signals to dozens of buyers. Those signals can include precise location pings linked to an AdID — a device-level tag that functions like cookies for your phone. The result is a stitched timeline of where a device traveled, over hours, days, or longer.
How did the government get mobile location data?
CBP didn’t subpoena carriers; it bought data that the advertising ecosystem already collects and sells. The DocumentCloud copy of the PTA shows the agency evaluated commercially available marketing location datasets to power “targeting, vetting, analysis, and illicit network discovery processes.”
The ad networks are a marketplace; DHS treated it like a shopping list.
That line is literal: ad exchanges and data brokers assemble, anonymize, aggregate, and then license location feeds. The Wall Street Journal previously revealed that ICE purchased similar datasets to trace people later arrested, and the ACLU has produced FOIA evidence that DHS agencies routinely buy brokered cellphone location records — data phone companies would otherwise only release under legal process.
Think of AdIDs like a silent name tag on your phone. They don’t show your name or number, but when pooled across apps they create a pattern — like a digital breadcrumb trail that reveals where you live, work, worship, and travel.
Can advertisers trace individual phones?
Yes and no: advertising systems are designed to identify devices, not people, but operational practice blurs that line. Mature products marketed to law enforcement and government customers can search for devices inside a geographic area over time — a capability 404 Media reported ICE bought into as recently as January. Congressmen, privacy lawyers, and civil libertarians have warned that the practical effect can be the same as a warrantless geofence search.
A game or a weather app can become an unintended informant.
Apps you use for convenience — games, dating, maps, local news — participate in that pipeline. Every ad call can expose a location ping that, once purchased and stored by brokers or resold through exchanges, is re-usable. The PTA admits CBP tested that chain to support investigative workflows.
Agencies aren’t the only buyers. Major ad platforms, data brokers, and analytics vendors all process the same feeds, and companies like Google and Apple set the technical framing for advertising IDs. Google’s AdMob, programmatic RTB, and broker networks are the plumbing; DHS agencies are now buying the water that runs through it.
Accountability looks thin where the money and auctions are thick.
PRTAs exist to flag privacy issues, but the PTA’s existence also highlights how quietly these systems operate. The Wall Street Journal, ACLU releases, and 404 Media’s reporting have pushed this into the open — and 70 lawmakers recently asked the DHS Inspector General to investigate ICE’s purchases after those revelations.
CBP has not publicly answered questions about the PTA beyond what was released; a request from Gizmodo received no immediate reply. Meanwhile, the data ecosystem keeps selling movement records harvested from everyday apps, and agencies keep buying.
The stakes are civic, not academic.
We can argue technicalities — AdIDs vs. phone numbers, anonymized vs. re-identifiable — but the practice creates a surveillance collage of ordinary life. Data collected for targeted ads can be repurposed for immigration enforcement, neighborhood sweeps, and building suspicious-activity patterns without the warrants traditionally required of phone carriers.
The ad-tech economy is both a marketplace and a mirror: one is a web of transactions, the other a reflection of where people actually go. If you care about privacy or civil liberties, this should change how you think about an ad that appears on your screen.
I’ve walked you through the document, the players, and the danger. What limits do you expect the government to have when the same ecosystem that serves ads can also map movements in near real time?