US and UK Immigration Agencies Seek Expanded Surveillance and Data-Analytics Capabilities
US Immigration and Customs Enforcement (ICE) issued a federal request for information seeking commercial “Big Data and Ad Tech” products—explicitly including ad-tech compliant and location data services—to “directly support investigative activities,” signaling continued interest in leveraging commercial data-broker and advertising-technology ecosystems for law-enforcement use. Related reporting highlights longstanding concerns that US agencies can sidestep Fourth Amendment warrant requirements by purchasing sensitive data about residents, and notes broader DHS/ICE enforcement activity that has increased scrutiny of surveillance practices and the downstream impacts of ad-tech tracking on affected communities.
Separately, the UK Home Office’s Border Security Command is pursuing up to £100M in procurement for a “maritime situational awareness system” designed to autonomously detect, track, and identify small boats and other non-cooperative vessels, including fusing data from land-based and BVLOS drones into a managed “Coastal Maritime ISR Service.” In parallel, a viral “ICE List” site claimed to publish leaked personal data on thousands of DHS employees, but analysis found the database largely relies on publicly available self-disclosed information (notably LinkedIn), underscoring operational security risks from personnel oversharing even when no breach is involved.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
9 events from the most recent confirmed update back to the earliest known activity.
UK Home Office seeks vendors for £100M coastal maritime ISR system
The UK Home Office launched a procurement effort for a maritime situational awareness capability to detect and track small boats and other non-cooperative vessels in the English Channel. The proposed Coastal Maritime ISR Service could run three to five years and be worth up to £100 million.
ICE publishes RFI for commercial ad-tech and big-data tools
ICE published a request for information seeking details on commercial 'Big Data and Ad Tech' products that could support investigative activities. The notice signaled interest in ad-tech-compliant and location-data services for federal investigative and operational use.
Researcher finds exposed database with 149 million stolen credentials
A researcher discovered an unsecured internet-accessible database containing 149 million stolen login credentials that were likely collected by infostealing malware. The database was later taken offline, according to WIRED's weekly security roundup.
OpenPayrolls says its ICE-related records came from FOIA-released OPM data
OpenPayrolls stated it was not affiliated with ICE List and said its ICE-related records were derived from a US Office of Personnel Management release obtained through FOIA. The statement clarified one of the public data sources cited by the site.
WIRED finds ICE List relies heavily on public online sources
WIRED reviewed 1,580 pages in ICE List's 'Agents' category as of January 22 and found many entries were sourced from public information, especially LinkedIn, rather than clear evidence of a private-data breach. The review also found some unsupported claims and some entries for people who were not ICE employees.
ICE List gains attention over claimed DHS employee data leak
A website called ICE List went viral after its creators claimed they had received a leak containing personal information on nearly 4,500 Department of Homeland Security employees. The site became a focal point in debates over whether publishing officer identities constituted doxing.
FTC bars Gravy Analytics and Venntel from most sensitive location-data uses
After the FTC action, Gravy Analytics and Venntel were barred from selling, disclosing, or using sensitive location data except in limited national security or law enforcement circumstances. The restriction is part of the regulatory backdrop to ICE's new market inquiry.
FTC alleges Venntel sold sensitive location data without proper consent
In 2024, the US Federal Trade Commission alleged that Venntel, a Gravy Analytics subsidiary, sold sensitive consumer location data without obtaining proper consent. The allegation was cited as context for ICE's interest in commercial ad-tech and location-data tools.
UK border security spending on Channel crossings begins rising
Progressive International said private companies have won about £3.5 billion in UK border security contracts since 2017, including contracts tied to monitoring and responding to small-boat crossings in the English Channel. This establishes the longer-running procurement backdrop for later Home Office surveillance plans.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
ICE Asks Companies About ‘Ad Tech and Big Data’ Tools It Could Use in Investigations | WIRED
wired.com
Open sourceDOGE May Have Misused Social Security Data, DOJ Admits | WIRED
wired.com
Open sourceUK Home Office targets small boats with £100M tech budget • The Register
go.theregister.com
Open sourceICE Agents Are ‘Doxing’ Themselves | WIRED
wired.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
ICE Expands Use of Commercial and Technical Surveillance Data for Immigration Enforcement
U.S. Immigration and Customs Enforcement (**ICE**) is exploring expanded access to commercially available data from online advertising and technology brokers to support investigations, issuing a **Request for Information (RFI)** to understand the availability of personal, financial, location, and health data and how it could be provided to federal investigative entities. The effort is framed as market research rather than a direct procurement, and follows an earlier RFI seeking open-source intelligence and social media data to improve targeting for ICE’s Enforcement and Removal Operations. Privacy and civil liberties advocates warn that purchasing brokered data can function as a workaround to traditional warrant requirements, and point to proposed legislation such as the **Fourth Amendment Is Not For Sale Act** as a potential constraint on government acquisition of data that would otherwise require judicial authorization. Reporting on ICE’s broader deportation and enforcement posture describes the agency’s reliance on multiple surveillance technologies to identify and track individuals, including **cell-site simulators** (also known as *stingrays* / **IMSI catchers**) that impersonate cellular towers to locate and potentially identify nearby phones. The coverage also highlights legal controversy around enforcement tactics, including allegations of warrantless home entry that legal experts argue conflicts with **Fourth Amendment** protections. Separately, European policymakers are described as reassessing dependence on U.S. technology amid geopolitical tensions and sanctions risk, but that discussion is not specific to ICE’s surveillance or data-broker acquisition activity.
Mar 21, 2026
U.S. Federal Agencies Expand Warrantless Commercial Surveillance and Location Data Purchases
The **Department of Homeland Security** and the **FBI** are expanding use of commercially available surveillance and data-tracking capabilities, prompting renewed scrutiny over privacy, civil liberties, and oversight. DHS is reportedly preparing to spend hundreds of millions of dollars on surveillance technology in 2026, including a **$1 billion** blanket purchase agreement with *Palantir* and additional investments in AI-enabled monitoring, mobile tracking, and tools from vendors such as *Cellebrite* and *Paragon Solutions*. Advocacy groups and lawmakers have warned that these programs broaden the government’s ability to scan faces, track cell phone activity, and monitor both immigrants and U.S. citizens while governance mechanisms fail to keep pace. The **FBI** separately confirmed it has resumed buying Americans’ location and other commercially available data from brokers, reviving a practice the bureau had previously said it was not actively pursuing. Director **Kash Patel** told lawmakers the agency uses purchased data in ways it says are consistent with the Constitution and the **Electronic Communications Privacy Act**, while Sen. **Ron Wyden** characterized the practice as a warrantless workaround to Fourth Amendment protections. Reporting on DHS also indicates declining transparency, with Privacy Impact Assessment filings falling sharply and the department’s inspector general accusing the agency of obstructing audits tied to biometric data management and immigration enforcement, reinforcing concerns that federal surveillance capabilities are growing faster than meaningful oversight.
Mar 21, 2026
U.S. Agencies Expand Efforts to Identify and Share Data on Immigration-Related Targets
Reporting indicates the U.S. Department of Homeland Security (DHS) has significantly increased its use of **administrative subpoenas**—which do not require judicial approval—to obtain identifying information for anonymous social media accounts that criticize **ICE** or post information about ICE agent locations. According to the New York Times (as cited by TechCrunch), DHS sent **hundreds** of subpoenas to major platforms including **Google, Meta, Reddit, and Discord**, and some companies reportedly complied in at least some cases; Google said it notifies users when possible and challenges subpoenas it views as **overbroad**. Separately, a court filing disclosed that the **IRS improperly overshared** immigrants’ personal data with DHS/ICE under an April 2025 IRS–DHS data-sharing arrangement intended to support certain non-tax criminal investigations under **IRC Section 6103** exceptions. After ICE requested **1.28 million** addresses, the IRS could verify **47,289** individuals, and for a subset (reported as **under 5%** of verified matches) the IRS mistakenly provided ICE with **additional address information** beyond what ICE had supplied, raising concerns that the interagency data-sharing deal increased exposure of sensitive taxpayer information.
Mar 21, 2026