There is unquestionably no other topic more discussed in tandem with technology than privacy. With every technological development that makes our daily lives easier, the question arises about what information that technology gathers on the user. You will find many champions of privacy expressing their concerns about how much data is acquired in our daily lives and what exactly is being done with said data. Understandably, the topic of “advertiser ID data” becomes a nebulous area. How much information can law enforcement obtain from advertiser ID data, and how exactly does law enforcement obtain that data?

To understand advertiser ID data, I’ll use this anecdote from my youth: When I was home sick from school, I remember seeing many television commercials for law firms targeting those who had been injured or were unable to work, specifically in the morning hours. I also recount seeing many ads about retirement investing and life insurance. These commercials were drastically different from those that played during other times. In essence, the commercials were targeting a specific audience, based on age demographics and who would likely be watching TV during those specific times.

Advertiser ID data doesn’t reveal a name or personal identifying information, but it can provide geolocation, device ID and system architecture, age demographic, etc.

On social media, the adage “Every third post is an ad” has become prevalent over the past few years. This is something known in the marketing world as “microtargeting.” Historically, TV commercials were broadcast in the hope of being seen by a desired demographic. With microtargeting, not only are ads definitely seen by their target demographic, but they are also not seen by those who are not the intended base. How? Through advertiser ID data!

To comprehend how advertiser ID data on an individual is created, first we must understand the concept of how “free” services make their money. Google, a free service, makes its money via various methods, absent charging an end user for the use of its myriad of tools. One such method is Google Analytic cookies (see policies.google.com/technologies/cookies). Once you click the link to whatever response the Google search provided you, the Google Analytic cookie links your Google search to that website you visited. Per Google’s explanation of how it uses cookies in advertising (policies.google.com/technologies/ads): “Many websites, such as news sites and blogs, partner with Google to show ads to their visitors. Working with our partners, we may use cookies for a number of purposes, such as to stop you from seeing the same ad over and over again, to detect and stop click fraud, and to show ads that are likely to be more relevant (such as ads based on websites you have visited)”(emphasis added).

Does this sound Orwellian to you? This is how advertiser ID data brokers thrive! They are thriving so much that Transparency Market Research predicted the global data brokers market to be over $462 billion by 2031 (transparencymarketresearch.com/data-brokers-market.html).

The sources behind the main sets of data are unequivocally smartphones and installed apps. According to a 2019–2020 study (simform.com/blog/the-state-of-mobile-app-usage), the average person has approximately 40 apps installed on their smartphone.

When the cybersecurity firm Penetrum first released its research about TikTok in 2020 (distractify.com/p/penetrum-tiktok), it started a political furor that resulted in legislation signed in 2024 by President Biden forcing the sale of the company from China, or else the app would be banned in the U.S. Yet there are a plethora of apps that collect just as much data on their users! That data is sold and winds up in the hands of data broker firms. From there, advertiser ID data is sold to subsidiaries and developers for investigative tools like X-Mode, Venntel and Fog Data Science. These are the tools that are geared toward law enforcement, because the advertiser ID data is something available without any type of court order.

How so? Because, this data is collected consensually! The advertiser ID data doesn’t reveal a name or personal identifying information (PII), but it can provide geolocation, device ID and system architecture, age demographic, etc. As highlighted in a March 2024 Wired article (wired.com/story/jeffrey-epstein-island-visitors-data-broker-leak), visitors to Jeffery Epstein’s Bahamas island were purportedly tracked via advertiser ID data from a data leak.  

One of the more famous cases involving the use of advertiser ID data in the investigation was the 2020 murder of Sydney Sutherland. As highlighted in a 2022 Associated Press article (tinyurl.com/apfogreveal), access to the tool Fog Reveal allowed local law enforcement to observe advertiser ID data of devices nearby to the killing. In the same breath, it is important to understand access to this type of data is not exclusive to the law enforcement community. A February 2021 piece in the New York Times (tinyurl.com/nytcapitolapps) highlighted how advertising ID data tracked those who went to and from the Capitol on January 6, 2021.

Conversely, there are plenty who argue that advertiser ID data should not find its way into the hands of law enforcement in the first place. Some elected officeholders are doing their best to curtail the accessibility of advertiser ID data in general. In January 2024, the FTC moved to ban location data sales, issuing actions against data brokers. The bipartisan bill American Privacy Rights Act (ARPA) would seek to empower the FTC to heavily regulate and restrict what data can be retained in the first place (tinyurl.com/arpabill). Advertiser ID data can be colloquially referred to as a “gray space,” where its existence and use merits equal praise and criticism. For law enforcement specifically, it can sometimes be an immeasurable resource when there are no other investigative leads.