By Malcolm Lee Kitchen III | Margin Of The Law

A data broker has spent years selling raw location data on individual Americans to federal, state, and local law enforcement agencies. The Electronic Frontier Foundation confirmed this after filing more than 100 public records requests across several months. The company is called Fog Data Science. Its product is called Fog Reveal. And most of the people it tracks have no idea it exists.

This is not a story about cell towers or big tech. Fog does not buy data from Google, Apple, or Facebook. It buys data from the broader mobile app ecosystem, pulling location signals from thousands of apps installed on Android and iOS devices. Those signals get packaged into a searchable database, sold to law enforcement agencies under annual subscriptions, and used to build detailed histories of where Americans sleep, work, worship, and associate.

The price for this capability is under $10,000 per year. That puts mass surveillance tools within reach of county sheriffs and small-town police departments that could never afford the surveillance infrastructure used by federal intelligence agencies. That is exactly the market Fog targeted.

The EFF shared its findings with the Associated Press. The records they obtained document contractual relationships between Fog and at least 18 law enforcement clients. Other agencies tested the product through free trials. One internal note from a law enforcement meeting with Fog representatives stated the company was working with between 50 and 60 agencies nationwide.

What those records also show is that Fog and several of its law enforcement customers did not believe the service triggered Fourth Amendment protections. No warrant required. No probable cause. Just a subscription, a browser, and a geofence.

What Fog Reveal Actually Does

Fog’s marketing materials describe access to a “near real-time” database of billions of geolocation signals pulled from smartphones. The database includes latitude, longitude, timestamp, and a device identifier for each signal. Historical data goes back to at least June 2017. Fog claims to process data from over 250 million devices each month in the United States. By the company’s own numbers, those devices generate 15 billion signals per day, over 5 trillion per year.

Those figures cannot be independently verified. The actual coverage is likely uneven. Fog’s data comes from apps while they are active, or from apps that users have granted background location access. People who do not install many third-party apps, or who have opted out of tracking through Apple’s App Tracking Transparency framework, may not appear in the database at all. Some devices in the records EFF reviewed generated several hundred pings per day. Others showed up only a few times. The data is patchy in ways Fog does not advertise.

But patchy does not mean harmless. If Fog’s coverage claims are even approximately accurate, the company holds location data on a majority of people in the United States. Even partial coverage is enough to identify a large number of attendees at a protest, a clinic, or a religious gathering.

Fog Reveal gives law enforcement two core query types.

The first is an area search. An officer draws one or more shapes on a map, specifies a time range, and the system returns all device signals recorded within that area during that period. This includes the location, timestamp, and device ID for every device the system tracked in that space during that window. This is functionally equivalent to a geofence warrant served to Google, except no warrant is required to use Fog.

The second is a device search. An officer specifies one or more device IDs and a time range. The system returns the full location history for those devices during that period. Fog’s materials describe this as a “pattern of life” analysis. The output tells investigators where a person sleeps, what hours they keep, where they work, what places they visit regularly, and who else’s devices appear alongside theirs over time. A single query can cover several months of a person’s movements.

Used together, these two functions create a surveillance capability that is both wide and deep. An area search sweeps up every device in a location. A device search then maps each of those devices across weeks or months. Police can start with a geofenced area and end with detailed movement histories for everyone who was there. That includes people with no connection to any crime, who were simply present in the same place at the same time.

Fog’s subscription pricing reflects a calculated approach to market penetration. Annual licenses typically run between $6,000and$6,000and9,000 for 100 queries per month. Additional query blocks are available for purchase. In 2019, the California Highway Patrol paid $7,500forayearofaccessplus$7,500forayearofaccessplus2,400 for 500 additional queries per month. Fog routinely encouraged agencies to share a single license among multiple users, and records show some customers ran queries on behalf of other law enforcement agencies that did not hold their own subscriptions.

The company’s marketing email to potential customers read: “Find strong leads at your desk in minutes. Just type in a location, date and time, then watch app signals disclose what mobile devices were present at the crime scene.” Convenience is the sales pitch. Fog frames its product as a time-saving tool. The civil liberties implications do not appear in the brochure.

Fog’s marketing materials list use cases ranging from “Human Trafficking” and “Terrorism Investigations” to “Drug Investigations” and “Soft Target Protection.” The language is drawn from the vocabulary of intelligence agencies. The term “pattern of life analysis” is an intelligence community term for a behavioral profile built from long-term data. “Tipping and cueing” refers to using broad, low-resolution surveillance to identify targets for more focused monitoring. Fog’s brochure uses both terms. One version of the marketing materials listed “Border Security/Tracking” as a use case. A screenshot included in the brochure shows Fog Reveal being used to monitor “a location at the US/Mexico border.”

Fog also markets “outsourced analytic services” for non-law enforcement customers. The company states it will not grant private companies direct access to its database, but it will perform analysis on behalf of law firms and investigative firms. That analysis includes verifiable presence at a location, likely residences and places of business, links to other individuals and devices, and patterns of activity correlating to specific events or time periods. Fog collects location data on millions of Americans and will run analytical reports on specific individuals for private clients. The records EFF obtained do not detail any specific private-sector relationships, but the service is advertised openly.

Where the Data Comes From

The location data that Fog sells begins with apps. Any smartphone app with location permission can share that data with third-party advertisers or data brokers. The exchange is simple: the app gets extra revenue, the broker gets location signals. Data brokers then aggregate signals from multiple apps, tie them to individual devices using advertising identifiers, and sell the combined dataset to other brokers or direct buyers. By the time data reaches a company like Fog, the chain of custody is deliberately obscured. The original source is often untraceable. The terms under which the data was collected are unclear.

When asked directly which apps or companies supply its data, Fog has consistently refused to give specific answers. In July 2020, a Fog representative told Chino police that its data provider “protects the sources of data that they purchase from.” A Santa Clara County attorney wrote in records that Fog gets information from “lots of smaller apps” but not Google or Facebook. One document shared with the city of Anaheim in 2019 referenced “unstructured geo-spatial data emanating from open apps (Starbucks, Waze, etc.)” though it is unclear whether those apps are actual sources or illustrative examples. A former data analyst for the Greensboro, North Carolina police department told EFF that Waze came up repeatedly in a presentation on Fog’s capabilities, specifically because it runs in the background while people drive and generates a steady stream of location pings.

One agency document states that Fog gathers data from “over 700 apps.” Fog’s own materials reference a single “data provider” that “works with multiple sources to ensure adequate worldwide coverage.” The company has framed this relationship as a competitive advantage. One document sent to Anaheim stated that Fog’s competitors all buy from the same upstream source, and that Fog has a unique relationship as an “associate” of that source, giving it lower prices and more direct data access.

That framing points toward a specific company.

The Venntel Connection

Multiple records from EFF’s investigation suggest that Fog’s upstream data provider is Venntel, a subsidiary of the marketing data company Gravy Analytics and one of the largest sellers of location data to the US government. Venntel has previously sold data to Immigration and Customs Enforcement, Customs and Border Protection, and the FBI. Prior to the Fog investigation, Venntel’s government work was understood to be primarily at the federal level.

The evidence connecting Fog to Venntel is specific and consistent across multiple document types.

The most direct link comes from an email exchange with the Iowa Department of Public Safety. A Fog representative responded to a question from an Iowa intelligence analyst about the dataset by saying it would consult its data partner. Fog then forwarded the question, including a specific device identifier, to a Venntel representative. Venntel sent back screenshots explaining how to interpret the data. That sequence is not the behavior of two unrelated companies. It is the behavior of a vendor and its upstream supplier.

The marketing materials tell the same story. Fog’s brochures and Venntel’s materials, as obtained by the ACLU in separate records requests, share nearly identical style, language, and graphics. Both companies use the same screenshot of a location in Santa Teresa, New Mexico to demonstrate their capabilities. Both make identical claims: 250 million mobile devices processed per month in the US, 15 billion daily location signals. Identical figures appearing in separate companies’ marketing materials point to a shared dataset.

The legal documents reinforce this. A version of Fog’s Software License Agreement provided by the Missouri State Highway Patrol contained a piece of header text that had been edited to appear hidden but not deleted. It read “Venntel Analytics, Inc. Event Data Licensing Agreement.”

The code behind Fog Reveal contains the clearest evidence. EFF’s investigation of the code hosted at fogreveal.com found multiple URLs with “Venntel” in their path. When a Fog Reveal user performs a geofenced device query, the system submits that request to the URL path “/Venntel/GetLocationData.” The product is built on Venntel’s infrastructure.

This matters beyond the question of corporate structure. Venntel supplies location data to multiple companies serving law enforcement and government clients, including Babel Street, which sells location data through its undisclosed “Locate X” service. If Venntel is the sole upstream source for this category of law enforcement data products, as Fog’s own materials suggest, then Venntel functions as the central node in a surveillance supply chain that reaches from mobile app developers to local police departments. Fog is one distribution point. There are others.

The records EFF obtained also provide a rare look at Venntel’s own interface. Screenshots relayed through Fog’s email exchanges appear to show Venntel’s web portal. It mirrors Fog Reveal’s functionality with area searches and device searches. The visual style differs slightly, and Venntel’s interface appears to display more data per signal, including IP addresses. To EFF’s knowledge, these are the first publicly available images of Venntel’s user interface.

The Fiction of Consent

Fog has consistently told prospective law enforcement customers that its data is “100% opt-in” and that “no PII is ever collected.” Both claims require examination.

The opt-in claim rests on a specific interpretation of consent that courts, privacy advocates, and members of Congress have challenged on practical grounds. Smartphones require user permission before an app can access location data. When you grant that permission, the phone does not limit what the app can do with the data afterward. The entire decision happens in a single moment: you allow location access or you do not. What happens downstream is governed only by the app’s privacy policy. In the United States, those policies can be written broadly enough to permit nearly any use, including sale to data brokers, including eventual transmission to law enforcement.

The gap between what users understand they are agreeing to and what they have actually authorized is significant. A person who allows a weather app to access location data in order to see a local forecast has not, in any meaningful sense, consented to that data appearing in a law enforcement surveillance database. The legal consent exists. The informed consent does not. Fog’s “100% opt-in” claim is accurate in the narrowest technical reading and false in every practical sense.

The “no PII” claim is harder to defend. Location data is treated as personally identifying information under multiple state privacy laws. Colorado’s Privacy Act explicitly includes “specific geolocation data” as information that can identify an individual. California’s Privacy Rights Act classifies “precise geolocation data” as sensitive personal information subject to heightened protection. These definitions exist because the academic record is clear: anonymized location traces can be reliably tied back to specific individuals, even without names, email addresses, or other traditional identifiers.

Fog’s own materials acknowledge this in passing. A PowerPoint presentation shared with Chino, California explained that “while there is no PII data provided, the ability to identify a location based on a device’s signal strength can provide potential identifications when combined with other data that agencies have access to.” A St. Louis County officer who attended a Fog briefing summarized the dynamic directly: “There is no PI linked to the device ID. But if we are good at what we do, we should be able to figure out the owner.”

That is not a privacy protection. That is an extra step.

Location traces built from months of movement data are personally identifying by definition. A pattern showing where a device sleeps, works, worships, and seeks medical care does not require a name attached to it. The identity is embedded in the pattern. Fog’s argument that it collects no PII because it withholds names and email addresses is a definitional maneuver, not a substantive privacy protection.

Fog’s data is also tied to advertising identifiers, the unique codes assigned to mobile devices and shared broadly among app developers, ad networks, and data brokers. Anyone with access to a target’s device, or to a data source that includes the ad ID, can use Fog to search for that device’s full location history. Multiple records show that Fog has helped law enforcement customers use device searches tied to specific ad IDs. The ad ID is the thread that ties an “anonymous” device to a real person, and it is available to a wide range of actors outside law enforcement.

The Warrant Question

Fog and several of its law enforcement customers operated on the assumption that using Fog Reveal did not require a warrant. Emails between Fog and the California Highway Patrol indicate that Fog did not believe the Supreme Court’s 2018 decision in Carpenter v. United States applied to its service.

In Carpenter, the Court held that law enforcement must obtain a warrant before accessing historical cell-site location information from a carrier. The decision recognized that long-term location tracking implicates Fourth Amendment protections even when the data is held by a third party. The government argued the third-party doctrine applied. The Court disagreed, at least for CSLI gathered over an extended period.

Fog’s position is that app-derived location data is different. The data comes from apps, not carriers. The collection is framed as consensual. And the company’s marketing actively avoids language that might invite judicial scrutiny.

That reasoning is difficult to sustain when you look at what the data actually reveals. Fog’s device searches can return months of movement history from a single query. The output includes where a person sleeps, works, and worships. It maps relationships and routines. The surveillance capability is not meaningfully different from what the Court found to require a warrant in Carpenter. The data source is different. The constitutional exposure is comparable.

The records EFF obtained do not show that law enforcement agencies placed consistent limits on officer access to Fog Reveal. Some agencies required warrants in specific circumstances. The records do not show routine oversight or auditing of how individual officers used the tool. The absence of documented controls matters because the potential for misuse is concrete. In June 2022, a US Marshal was charged with allegedly using a different geolocation service, one operated through prison payphone infrastructure, to track people he had personal relationships with and their spouses. The US Marshals have previously contracted with Fog. The same pattern of personal misuse is possible with any tool that provides individual officers with direct, unmonitored access to location data on millions of people.

Who Is Behind Fog Data Science

Fog Data Science was founded by two former US government intelligence employees. The company has been deliberate about operating outside public view. Former police analyst Davin Hall, who attended a presentation from Fog representatives while working for the Greensboro, North Carolina police department, told EFF that the company wanted to keep its existence quiet specifically to prevent more people from disabling their advertising identifiers. The business model depends on low public awareness.

The company’s marketing and sales approach reflects that preference. Fog targeted agencies that tend to receive less public scrutiny than federal law enforcement. State highway patrols, county sheriffs, and local police departments are the agencies most Americans interact with daily. They are also agencies whose technology procurement decisions often receive less press coverage, fewer advocacy group challenges, and less sustained public attention than federal contracts. Fog found a market in that gap.

The company’s approach to law enforcement also reflected an understanding of budget constraints at smaller agencies. Venntel sold a year of data to the Department of Homeland Security for over $650,000. Fog sold the same underlying capability to the sheriff of Washington County, Ohio, for $9,000 a year. The price difference is not accounted for by the data itself, which appears to come from the same source. It reflects Fog’s strategy of making this kind of surveillance affordable for agencies that could not otherwise access it.

The Infrastructure Behind the Market

Fog did not build the surveillance apparatus it sells. It assembled components that others built and presented them in a usable form to customers who would not otherwise have the technical capacity to work with raw location data at scale.

The broader location data market involves dozens of companies buying and selling app-derived signals. App developers monetize their software by installing third-party tracking code, then receiving payment from data brokers based on the number of users whose data gets collected. The brokers aggregate data from many sources, link streams to individual devices using advertising identifiers, and sell combined datasets to other brokers or direct buyers. The process repeats until the data is several transactions removed from the app that originally collected it. The terms of collection are buried or lost. The original consent decision, already thin, has been diluted through multiple transfers.

Apple and Google built mobile operating systems that support this ecosystem. The advertising identifier is a platform feature, not an accident. App tracking became a standard revenue model with the platforms’ implicit support. Apple introduced App Tracking Transparency in 2021, which made ad ID access opt-in and significantly reduced the number of devices sharing that identifier. One Fog-related email suggests this meaningfully degraded the quality and coverage of services like Fog Reveal. That response to a privacy control is itself revealing: the surveillance value of Fog’s product depends on users not exercising the privacy tools available to them.

Congress has not passed comprehensive federal privacy legislation that would govern how location data is collected, sold, or used. The data broker industry operates openly and at large scale in the absence of meaningful federal limits. Courts have only partially addressed the constitutional questions, and the existing legal framework does not clearly prohibit what Fog does.

The result is that a company with no public profile, selling a product most people have never heard of, has built a surveillance capability covering the majority of people in the United States and sold it to local police departments at a price point that fits in a discretionary budget.

Real-World Consequences

The harms Fog’s service enables are not hypothetical.

Fog’s area search function can be used to identify every device present at a protest, a religious service, a political rally, or a healthcare facility during a specified time window. That information can then be used to build movement profiles for every person who attended. This is dragnet surveillance applied to constitutionally protected activities. The California Highway Patrol, which has contracted with Fog, was separately found by the ACLU to have used helicopters equipped with surveillance cameras to capture detailed video of attendees at peaceful demonstrations against police violence. The same agency had access to Fog Reveal.

The Supreme Court’s 2022 decision in Dobbs v. Jackson Women’s Health Organization eliminated the federal constitutional right to abortion. Since that decision, multiple states have enacted laws criminalizing abortion procedures and, in some cases, the act of traveling to obtain them. Fog Reveal lets any officer with a subscription draw a geofence around a reproductive health clinic, anywhere in the country, and retrieve a list of every device recorded inside that perimeter during a specified time range. That list can then be used to build movement histories for every person who appeared. The surveillance infrastructure existed before the legal landscape changed. The change in law converted an existing capability into a tool for targeting people seeking legal medical care in other states.

Immigration enforcement presents the same structure. Fog’s marketing includes “Border Security/Tracking” as an advertised use case and shows a screenshot of the product being used to monitor the US/Mexico border. DHS-affiliated fusion centers, where local and federal law enforcement share data and resources, appear in records connected to Fog’s client base. A geofence around an immigration law office or a community organization serving undocumented people generates the same kind of device list. The architecture does not distinguish between use cases. The same query that could identify a suspect at a crime scene can identify a person seeking legal advice.

The potential for personal misuse by individual officers is also documented in adjacent cases. The US Marshal charged with tracking personal acquaintances using a different geolocation service illustrates that the risk is not theoretical. Fog Reveal gives individual officers direct, browser-based access to months of location history for millions of people. The records EFF obtained do not show consistent internal controls governing how that access is used.

Protecting Yourself

There are concrete steps that can reduce exposure to Fog’s surveillance.

Fog’s data pipeline depends on apps with active location permissions. Revoking location access from apps you do not fully trust removes those apps from the data collection chain. Disabling location services at the operating system level prevents app-based data brokers from accessing your location data through that channel. This step does not address all location tracking, your cellular carrier can still collect location data through different mechanisms, but it cuts off the specific pipeline Fog depends on.

Google Maps, Apple Maps, and Facebook do not appear to supply data to Fog. Fog representatives and customer records both state that Google and Facebook data is excluded. Restricting data shared with those services may address other privacy concerns, but it does not specifically protect against Fog.

Disabling your advertising identifier is the most direct countermeasure. Fog’s service links location signals to individuals through the advertising ID. Without that identifier, signals from your device cannot be reliably tied together into a movement history. Apple’s App Tracking Transparency initiative made ad ID access opt-in in 2021, and internal communications connected to Fog indicate that this change measurably reduced the effectiveness of services like Fog Reveal. The fact that Fog wanted to stay hidden to prevent more people from disabling their ad IDs confirms that this action has real effect.

Instructions for resetting or disabling your advertising identifier are available through your device’s privacy settings. The EFF’s Surveillance Self-Defense project provides broader guidance on reducing exposure to a range of surveillance mechanisms.

What This Exposes

Fog Data Science is not an outlier. It is the logical product of an ecosystem that was built and sustained by deliberate choices across multiple industries and institutions.

App developers installed tracking code because it paid. Platforms built advertising identifiers because they supported a revenue model. Data brokers created a market for aggregated location data because buyers existed. Congress declined to regulate the market. Courts applied existing doctrine inconsistently to new technology. And law enforcement agencies purchased what the market offered without asking whether a warrant was required or whether their use of the tool was consistent with the rights of the people it tracked.

Fog packaged all of that into an affordable, browser-based product and sold it to agencies that would not otherwise have had access to this kind of surveillance capability. The company operated quietly, cultivated a narrow client base, and depended on public ignorance for its effectiveness.

The records EFF obtained through more than 100 public records requests document what the company preferred to keep private: who its clients are, where its data comes from, what the product actually does, and what law enforcement agencies actually thought about the legal framework governing their use of it.

The picture is not complicated. A company sells detailed movement histories of millions of Americans to police departments and sheriffs. Those agencies use the data without warrants. The data is sourced from apps through a chain of transactions that leaves users with no meaningful understanding of how their location information will be used. The company claims consent because the technical mechanism for consent was satisfied. The constitutional protection is absent because the agencies decided it did not apply.

Fog spent years trying to stay invisible. Invisible systems do not get scrutinized. They do not get regulated. They do not get shut down. That is the entire operating principle.

The records are now public. The system is visible. What happens next depends on whether lawmakers, courts, and the agencies that contracted with Fog treat this information as a reason to act or as noise to wait out.

Margin of the Law publishes constitutional analysis, civic research, and legal education for people who want to understand the system they actually live in. Read the Full Constitutional Analysis Library at marginofthelaw.com.

© 2026 – MK3 Law Group
For republication or citation, please credit this article with link attribution to marginofthelaw.com.