Executive Summary
- Seventeen state attorneys general sent a letter to congressional leadership demanding immediate action to close the "data broker loophole" — the gap in federal law that allows agencies to purchase Americans' sensitive personal data from commercial brokers without a warrant.
- The coalition, led by Connecticut Attorney General William Tong and including attorneys general from California, Maryland, Colorado, Illinois, and twelve other states, cited federal purchases of billions of airline ticketing records and mobile location data as evidence of systematic warrantless surveillance.
- The letter was sent to the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Accountability. Congress returns from recess today with seven days before FISA Section 702 expires on April 20.
- The bipartisan Government Surveillance Reform Act, introduced by Senators Ron Wyden (D-OR) and Mike Lee (R-UT), would close the loophole. Whether congressional leadership brings the bill to a vote — or allows a clean FISA extension without reforms — is the central surveillance question of the week.
The federal government cannot legally wiretap your phone without a warrant. It cannot open your mail without a warrant. It cannot place a GPS tracker on your car without a warrant. The Supreme Court settled that last point in United States v. Jones (2012) and extended the principle to cell phone location data in Carpenter v. United States (2018).
But the federal government can buy the same information — your location history, your travel records, your browsing habits — from a commercial data broker. No warrant. No judge. No probable cause. Just a purchase order.
Seventeen state attorneys general have now told Congress that this arrangement is unacceptable.
The Letter
In a letter sent to the leadership of the Senate Committee on Homeland Security and Governmental Affairs and the House Committee on Oversight and Accountability, the coalition demanded that Congress take "immediate action to halt federal agencies' use of commercially purchased data and artificial intelligence tools that enable mass surveillance of Americans without judicial, legislative, or public oversight," according to the press release issued by Connecticut Attorney General William Tong's office.
The coalition includes attorneys general from California, Colorado, Connecticut, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Jersey, New Mexico, Oregon, Vermont, Virginia, and Washington. The letter was organized by Tong, who chairs the National Association of Attorneys General's Consumer Protection Committee.
The attorneys general made five specific demands: close the data broker loophole, require warrants for federal access to Americans' digital data, prevent domestic surveillance via foreign intelligence laws, mandate deletion of unlawfully collected information and related AI models, and establish nationwide transparency and accountability standards for data brokers, according to a summary published by the California Attorney General's office.
What the Government Is Buying
The letter is not theoretical. It cites specific federal procurement activity.
The FBI signed a contract worth up to $27 million with Babel Street for 5,000 licenses to its "Locate X" product, which provides cell phone location data sourced from commercial apps, according to reporting by WebProNews. The FBI performs approximately 200,000 warrantless searches of Americans' data per year, according to the Electronic Privacy Information Center.
The Department of Homeland Security has purchased cell phone location data since at least 2017, according to the DHS Inspector General. In February 2026, DHS signed a $1 billion contract with Palantir to deploy AI-powered data analytics across all its components, according to reporting by Nextgov/FCW. Immigration and Customs Enforcement maintains a separate $30 million contract with Palantir for a system called "ImmigrationOS," according to federal procurement records reported by Axios.
The IRS Criminal Investigation division has purchased location data from Venntel, a data broker subsidiary of Gravy Analytics, according to reporting by The Intercept. La Verdad Tejana documented how these data purchases are being used to track Texas families — from churches to workplaces to medical clinics.
The attorneys general also cited federal agencies' purchases of billions of airline ticketing records from commercial brokers — data that reveals travel patterns, associations, and movements across the country.
The common thread: every one of these purchases circumvents the warrant requirement that the Fourth Amendment imposes on direct government surveillance. The legal theory is simple. The Electronic Communications Privacy Act prohibits phone and internet companies from selling sensitive customer data to government agencies. But the law was written in 1986. Data brokers barely existed. The companies that are barred from selling data to the government can sell it to brokers instead, and the brokers sell it to the government. The intermediary launders the constitutional problem.
Why State Attorneys General Are Leading
The federal government is unlikely to regulate its own surveillance capabilities. That is not cynicism — it is institutional logic. The agencies purchasing the data are the same agencies that would be regulated. The White House is actively pushing for a clean FISA reauthorization that would leave the data broker loophole intact, according to reporting by The Hill.
State attorneys general operate outside that conflict of interest. They enforce consumer protection laws within their jurisdictions. Several of the states in the coalition — California, Colorado, Connecticut, Virginia — have enacted comprehensive consumer privacy laws that regulate how private companies collect and sell personal data. The attorneys general are now arguing that the same principles should apply when the buyer is the federal government.
"Federal agencies can obtain sensitive personal information without a warrant by purchasing it from private companies," the coalition wrote, according to the Maryland Attorney General's office. The argument is that existing federal law is inadequate for addressing modern surveillance capabilities — and that the gap between what agencies can legally collect and what they can legally purchase has become the primary channel for warrantless domestic surveillance.
One hundred and thirty civil society organizations signed a separate letter urging Congress to include the data broker loophole closure in the FISA Section 702 reauthorization, according to the Brennan Center for Justice.
The Congressional Moment
Congress returns from recess today. FISA Section 702 expires April 20. Seven working days.
The Government Surveillance Reform Act — introduced by Senators Ron Wyden (D-OR) and Mike Lee (R-UT), with companion legislation from Representatives Warren Davidson (R-OH) and Zoe Lofgren (D-CA) — would close the data broker loophole by requiring the federal government to obtain a court-authorized warrant before purchasing sensitive personal data from data brokers, according to the bill summary released by Senator Wyden's office.
The question is whether congressional leadership will allow the data broker provisions to be attached to whatever FISA reauthorization bill moves this week — or whether the clean extension that the White House is seeking will pass without reform.
The warrant requirement amendment lost 212-212 in the House during the 2024 FISA reauthorization debate, according to reporting by The Hill. Speaker Mike Johnson broke the tie by switching his vote against the warrant requirement. The amendment's margin has not grown more comfortable in the two years since.
Meanwhile, the Congressional Progressive Caucus — 98 House Democrats — formally voted to oppose any FISA Section 702 reauthorization without "dramatic reforms," marking the first time the CPC has taken a binding position on surveillance policy, according to reporting by State of Surveillance. That bloc, combined with the libertarian-leaning Republicans who have historically opposed warrantless surveillance, could deny a clean extension the votes it needs — but only if the coalition holds.
The Constitutional Stakes
The Fourth Amendment does not contain a data broker exception. Chief Justice John Roberts's majority opinion in Carpenter was explicit: cell phone location data reveals "the privacies of life" and requires a warrant. The government's argument that purchasing the same data from a commercial intermediary somehow removes the constitutional obligation is a theory that no court has fully endorsed — and that seventeen state attorneys general are now publicly rejecting.
The attorneys general's letter is not a legal brief. It is a political signal. Seventeen chief law enforcement officers of their respective states, responsible for enforcing consumer protection and privacy laws, are telling Congress that the federal government's data purchasing practices violate the principles those laws were designed to protect.
Whether Congress listens — or whether the Iran conflict and national security politics provide enough cover for a clean FISA extension — will be decided in the next seven days. For families looking for immediate steps to protect their privacy, La Verdad Tejana published a practical guide to blocking phone tracking.
Bastion Daily's ongoing coverage of the FISA Section 702 deadline: What Is Section 702? | The FBI Director's Admission | The SAVE Act Gambit