Margin Of The Law

Constitutional Analysis • Civic Education • Investigative Research

The Data Broker Market: Surveillance, Commodification, and the Collapse of Privacy

The Data Broker Market: Surveillance, Commodification, and the Collapse of Privacy

By Malcolm Lee Kitchen III | MK3 Law Group
(c) 2026 – All rights reserved.

The Architecture of a Surveillance Economy

The Federal Trade Commission’s 2024 enforcement action against X-Mode Social, and its successor entity Outlogic, provided a rare moment of institutional transparency regarding the mechanics of the commercial surveillance industry. The order exposed how a single data broker had systematically harvested precise geolocation records from millions of Americans and sold them to military contractors, defense firms, and government-adjacent clients, including records tied to sensitive locations such as abortion clinics, addiction treatment centers, and places of worship. The action was, in narrow terms, a regulatory success. In broader terms, it was a footnote.

The data broker industry does not operate as a collection of rogue actors. It operates as infrastructure. Brokers function as the logistical backbone connecting mass behavioral data collection to the commercial and governmental entities that consume it. Their products are not incidental byproducts of the digital economy; they are the primary output of a market specifically engineered to convert human movement, routine, and association into monetizable intelligence. The FTC’s action addressed one node in a vast network. The network itself remained intact, operational, and expanding.

Understanding the scope of this industry requires abandoning the assumption that data collection is a secondary consequence of digital services. It is not. For a significant portion of the app economy, data collection is the primary function. The service delivered to the user is not the product; the user’s behavioral data is. Location access, granted through permission prompts that most users approve without reading, feeds directly into broker pipelines that aggregate, package, and sell that data to advertisers, insurers, law enforcement agencies, and foreign governments. The numbers reflect the scale: brokers process data from over 200 million U.S. devices daily, operating in a global market valued at more than 200 billion dollars annually.

This is not a peripheral market. It is a foundational layer of the modern surveillance economy, and its relationship to governmental authority raises constitutional questions that the FTC’s enforcement framework is not designed to answer.

Location Data as Behavioral Biography

The phrase “location data” understates the product. What brokers sell is not a sequence of coordinates. It is a behavioral record, time-stamped and granular, that maps the contours of a person’s life with a precision no witness could replicate and no confession would reveal voluntarily.

Consider what a comprehensive location history contains. It records the medical facilities a person visits and how often. It logs attendance at religious services, political gatherings, and community meetings. It documents overnight stays at addresses that are not a person’s registered residence. It tracks patterns of avoidance as clearly as patterns of presence, registering which neighborhoods a person skirts, which institutions they approach but do not enter. Individually, each data point is mundane. Aggregated across weeks and months, the dataset constitutes a detailed profile of vulnerabilities, associations, and private decisions that the subject never chose to disclose.

Brokers categorize this material by resolution and sell it in tiers. Basic mobility traces, showing general movement across regions, are sold to advertisers seeking demographic targeting. High-resolution histories, precise to individual buildings and timestamped to the minute, are sold to security firms, government contractors, and intelligence-adjacent clients. The FTC’s investigation documented X-Mode’s sales of data tied to more than one thousand sensitive locations. The problem the FTC identified was framing: X-Mode had not adequately disclosed the nature of its collections. The structural problem, that such a market exists and operates without meaningful legal constraint, was not within the scope of the enforcement order.

The claim that this data is anonymous does not survive scrutiny. The de-identification argument, advanced routinely by brokers as a legal and ethical shield, has been empirically refuted. A 2019 study from the University of Washington demonstrated that 95 percent of anonymized location datasets could be re-identified using as few as four data points. The logic is straightforward: a device that consistently appears at a specific home address at night, a specific workplace address during business hours, and a specific set of transit routes between them is not anonymous. It is identifiable through elementary cross-referencing with public records, utility registrations, or social media check-ins. Brokers understand this. Some have offered products specifically designed to facilitate re-identification, marketing them as enhanced targeting packages to clients who require individual-level precision.

Re-identification transforms the abstract risk of data collection into a concrete threat. It is the mechanism by which a dataset of clinic visits becomes a tool for insurance discrimination. It is how a record of shelter stays becomes a tracking resource for an abusive partner. It is how attendance at a political demonstration becomes the basis for a law enforcement investigation. The FTC’s order against X-Mode required deletion of historical data and notification of buyers. It did not address the persistence of re-identification capability across the broader market.

Commodified Vulnerability and the Distribution of Harm

The harms produced by the broker market are not uniformly distributed. They follow the existing gradients of social vulnerability, concentrating among populations that are already exposed to institutional risk: domestic violence survivors, individuals seeking reproductive healthcare, members of minority religious communities, political activists, and people experiencing economic precarity who depend on free applications that monetize data aggressively.

In 2022, a California woman’s location history was purchased from a data broker by her abuser, who used it to track her to a new city after she had relocated to escape him. This case was documented, but it was not exceptional. The broker market creates no mechanism for screening buyers by intent. A stalker and an advertiser submit equivalent payment and receive equivalent access. The data does not distinguish between uses; the market does not require buyers to justify them.

The structural asymmetry extends to entire communities. Geolocation records from Black Lives Matter demonstrations allowed for participant identification long after the events concluded. Data from LGBTQ-affirming healthcare facilities created actionable profiles of individuals in jurisdictions where such identities carry legal or social risk. Records from mosques and Islamic centers entered counterterrorism pipelines, converting attendance at religious services into a flag for further scrutiny. The FTC’s action identified the category of sensitive locations as a specific harm. It did not address the reality that sensitivity is not a fixed property of a location but a function of who is buying the data and for what purpose.

The effects on social behavior are measurable even when they are not explicitly tracked. Self-censorship of physical movement is a documented response to surveillance awareness. People avoid certain locations not because they have legal or practical reasons to do so, but because they understand that presence constitutes a data point that may be used against them in contexts they cannot predict or control. This is not a theoretical concern about future risk. It is a present modification of behavior that constitutes a restriction on freedom of association, freedom of religion, and freedom of political participation, enforced not by law but by the architecture of commercial data collection.

The Government-Broker Pipeline

The relationship between federal agencies and the commercial data broker market is not incidental. It is structural, deliberately maintained, and specifically designed to circumvent constitutional constraints on government surveillance.

The Fourth Amendment prohibits unreasonable searches and seizures. The Supreme Court’s 2018 decision in Carpenter v. United States established that the government requires a warrant to obtain historical cell-site location information from telecommunications carriers. The ruling was grounded in the recognition that comprehensive location data reveals the privacies of life in a way that the third-party doctrine, which holds that information voluntarily shared with a third party carries no reasonable expectation of privacy, was not designed to address.

Brokers operate in the space that Carpenter created. Their data is not obtained from carriers. It is collected from applications, aggregated by commercial entities, and made available for purchase on the open market. Agencies including the NSA, FBI, DEA, IRS, ICE, and DHS have purchased location data from commercial brokers rather than obtaining it through legal process, on the theory that commercially available data does not constitute a government search. This theory has not been definitively adjudicated, but agencies have operated under it as settled policy.

The DEA’s use of broker-sourced location data to investigate drug suspects without court orders was confirmed by reporting in 2023. ICE’s use of commercial location data for immigration enforcement has been documented by whistleblowers, including accounts of procurement processes specifically structured to avoid FOIA disclosure obligations. When an agency purchases data through a broker, it can credibly deny having collected the data itself. The broker holds the collection record; the agency holds a purchase receipt that may be shielded from disclosure under procurement exemptions. This is not an incidental feature of the system. It is the value proposition.

The mechanics are consistent across agencies. Software development kits embedded in consumer applications collect location data in the background, transmitting it to broker servers regardless of whether the application is actively in use. Users are informed of this collection only in terms broad enough to provide legal cover but specific enough to mislead. “Improve your experience” and “provide personalized content” are the standard formulations. The actual buyers, the defense contractors, government agencies, and intelligence-adjacent firms waiting at the end of the pipeline, are never named. X-Mode’s SDK was present in thousands of applications, and the data it collected flowed to government clients through intermediary defense firms. This was not disclosed to users of the weather applications, fitness trackers, and navigation tools where the SDK was embedded.

The persistence of this pipeline is demonstrated by what happens after enforcement actions. Outlogic, X-Mode’s rebranded successor, resumed operations with revised privacy language and continued offering substantially similar data products. Competitors including Venntel and Gravy Analytics absorbed market share, positioning themselves as compliant alternatives. The agencies that purchased from X-Mode did not lose access to the underlying data; they shifted to alternative suppliers. The FTC’s order required X-Mode to notify buyers of the prohibition on use of certain data categories, but no mechanism existed to compel buyers to delete what they had already incorporated into existing systems.

The Illusion of Informed Consent

The broker market is sustained by a consent framework that is structurally incapable of producing genuine informed consent. The conditions under which consent is obtained, and the conditions under which it is exercised, are asymmetric in ways that make the consent itself largely fictitious.

Consider the standard permission request. A user installs an application and is presented with a prompt requesting location access. The options presented are typically “Allow While Using App,” “Allow Once,” or “Don’t Allow.” The consequences of declining are not disclosed. In many cases, declining location access disables core application functionality, converting a nominal choice into a practical requirement. Studies have found that approximately 70 percent of applications request location permissions that exceed what is required for the service’s stated function, and that user approval rates for location permissions exceed 80 percent. These numbers reflect the conditions under which consent is obtained, not a genuine assessment of informed user preference.

The legal architecture built around this framework is equally asymmetric. End User License Agreements, Terms of Service documents, and Privacy Policies are drafted by legal teams specifically to maximize data collection rights while minimizing legally actionable disclosure obligations. These documents are not designed to be read. They are designed to provide a legal defense against the claim that collection occurred without disclosure. Average reading comprehension of these documents would require an advanced legal education. Average reading time, if users read them at all, which studies consistently suggest they do not, would require hours per application.

The power differential extends beyond individual transactions. Brokers operate at institutional scale, backed by venture capital investment, supported by government procurement contracts, and defended by lobbying infrastructure that maintains favorable regulatory conditions. Individual users operate with consumer-grade technical knowledge, limited time, and no practical recourse when they discover that their data has been sold in ways they did not expect. A 2023 Pew Research survey found that 60 percent of Americans were unaware that their location data was being sold by third-party brokers. The remaining 40 percent largely felt unable to prevent it.

The expansion of the data-collection surface area has compounded this problem substantially. Smart home devices, fitness wearables, connected vehicles, and ambient sensing technologies have extended data collection beyond the smartphone into the physical environment. Occupancy patterns inferred from smart thermostat data, exercise routes logged by fitness trackers, and travel histories recorded by connected cars all feed broker pipelines through similar SDK and API relationships. Opting out of this ecosystem is not a practical option for most users. It requires forgoing significant portions of modern infrastructure and, for lower-income users who depend on free application tiers that monetize data in lieu of subscription fees, it may require forgoing access to essential services entirely.

Structural Deficiency and the Limits of Enforcement

The FTC’s enforcement action against X-Mode was the most significant federal intervention in the commercial location data market to date. It resulted in a consent order requiring X-Mode to delete certain data categories, notify buyers of use restrictions, and implement a sensitive location data program designed to prevent future collection and sale of records tied to protected categories of sites. These are not trivial requirements. They represent a meaningful shift in how the FTC conceptualizes harm in the data broker context.

They are also insufficient as a structural remedy, for reasons that have nothing to do with the competence or commitment of FTC staff.

Enforcement actions are retrospective by design. They identify specific harms, document violations, and impose remedies calibrated to the conduct that has already occurred. They do not restructure the incentives of a market. As long as the commercial location data market remains legal, profitable, and supported by government procurement, new brokers will enter the market, existing brokers will adapt their practices to stay within the boundaries of current enforcement posture, and the underlying extraction will continue. This is precisely what has happened since the X-Mode order was issued. The order changed the compliance language used by market participants. It did not change the market.

The Carpenter decision established that comprehensive location data warrants constitutional protection when obtained by government from carriers. The logical extension of that reasoning applies with equal force to broker-sourced location data purchased by government agencies. The third-party doctrine was developed in an era when information sharing with a third party was genuinely voluntary and genuinely limited. The doctrine was not designed to govern a world in which third-party data collection is embedded in nearly every application on every device and is structurally unavoidable for participants in the digital economy. Courts have not yet fully resolved this question. Agencies have exploited the uncertainty.

Meaningful reform of this system requires addressing the commercial loophole at the legislative level, not merely through FTC enforcement of existing deceptive practices authority. A prohibition on government agency purchase of commercially available location data without a warrant would close the primary demand-side driver of the market’s most harmful applications. Mandatory opt-in consent requirements, replacing the current default-share framework, would alter the supply side by reducing the volume of data that brokers can collect under the current informed-consent fiction. Criminalization of de-anonymization tools used without the explicit consent of the data subject would address the re-identification capability that transforms aggregate datasets into individual-level surveillance instruments. Enforceable audit requirements, with independent verification and meaningful penalties for recidivism, would provide the accountability mechanism that the current consent-order framework lacks.

None of these reforms are under active legislative consideration at the federal level. The American Data Privacy and Protection Act passed the House Energy and Commerce Committee in 2022 and stalled. The Fourth Amendment Is Not For Sale Act, which would close the commercial data loophole for law enforcement, has not advanced past committee. The broker market continues to operate without comprehensive federal privacy legislation, in a regulatory environment where sector-specific rules leave the core of the market unaddressed.

The System as Designed

The surveillance economy did not emerge through accident or negligence. It was constructed through deliberate engineering decisions, legal interpretations chosen for their permissiveness, procurement practices optimized for deniability, and a regulatory framework that has consistently prioritized market development over individual rights protection.

The FTC’s action against X-Mode is worth acknowledging on its own terms. It documented specific harms, imposed concrete obligations, and established that the sale of sensitive location data to military contractors is within the FTC’s enforcement authority. That matters. It is not sufficient.

The data broker market processes the behavioral data of the entire American population, sells it to buyers who include foreign governments and domestic law enforcement agencies, operates under a consent framework that is structurally incapable of producing genuine informed consent, and supplies a government surveillance capacity that bypasses constitutional warrant requirements. The FTC’s order addressed one broker’s specific violations. It did not address the market that made those violations profitable, the legal framework that made them deniable, or the government procurement practices that made them persistent.

The market continues. The pipeline functions. The auction proceeds. What has changed is the language used to describe it.

Until the structural drivers of this market are addressed through legislation that closes the commercial loophole, requires genuine informed consent, and imposes enforceable warrant requirements on government purchases of location data, enforcement actions will remain exactly what the X-Mode order was: a correction applied to one participant in a system that has not been asked to justify its existence. The system’s existence is the question that requires an answer.

© 2026 – MK3 Law Group
For republication or citation, please credit this article with link attribution to marginofthelaw.com/.

MK3

, , , ,