Because of errors inserted during editing, the original version of this article contained the mistaken assertion that ICE used private Facebook data to track unauthorized immigrants. The story has been corrected. See below for full correction. Cambridge Analytica may have had access to the personal information of tens of millions of unwitting Americans, but a genuine debate has emerged about whether the company had the sophistication to put that data effectively to use on behalf of Donald Trump’s presidential campaign. But one other organization that has ready access to Facebook’s trove of personal data has a much better track record of using such information effectively: U.S. Immigration and Customs Enforcement. ICE, the federal agency tasked with Trump’s program of mass deportation, uses backend Facebook data to locate and track suspects, according to a string of emails and documents obtained by The Intercept through a public records request. The hunt for one particular suspect provides a rare window into how ICE agents use social media and powerful data analytics tools to find targets.

ICE agents were able to obtain backend Facebook data revealing a log of when the account was accessed and the IP addresses corresponding to each login.

In February and March of 2017, several ICE agents were in communication with a detective from Las Cruces, New Mexico, to find information about a particular person. They were ultimately able to obtain backend Facebook data revealing a log of when the account was accessed and the IP addresses corresponding to each login. Lea Whitis, an agent with Homeland Security Investigations, the investigative arm of ICE, emailed the team a “Facebook Business Record” revealing the suspect’s phone number and the locations of each login into his account during a date range. Law enforcement agents routinely use bank, telephone, and internet records for investigations, but the extent to which ICE uses social media is not well known. A Facebook spokesperson, in a statement, said that ICE does not have any unique access to data: Facebook does not provide ICE or any other law enforcement agency with any special data access to assist with the enforcement of immigration law. We have strict processes in place to handle these government requests. Every request we receive is checked for legal sufficiency. We require officials to provide a detailed description of the legal and factual basis for their request, and we push back when we find legal deficiencies or overly broad or vague demands for information. In this case, our records show that ICE sent valid legal process to us in an investigation said to involve an active child predator. We take the enforcement of laws protecting children from child predators very seriously, and we responded to ICE’s valid request with data consistent with our publicly available data disclosure standards. ICE did not identify any immigration law violations in connection with its data request to Facebook in this case. One of the agents involved in the hunt responded that they could combine the data with “IP address information back from T-Mobile.” Another agent chimed in to say that the agency had sent the phone company an expedited summons for information. “I am going to see if our Palantir guy is here to dump the Western Union info in there since I know there is a way to triangulate the area he’s sending money from and narrow down time of day etc,” responded Jen Miller, an ICE agent on the email thread. Palantir is a controversial data analytics firm co-founded by billionaire investor Peter Thiel. The company, which does business with the military and major intelligence agencies, has contracted with ICE since 2014. As journalist Spencer Woodman reported last year, the company developed a special system for ICE to access a vast “ecosystem” of data to facilitate immigration officials in both discovering targets and then creating and administering cases against them.

But there is little public disclosure of how ICE uses the Palantir platform to track individuals. The emails obtained by The Intercept show that private Facebook information is yet another data point for agents in pursuit of a suspect. “I have not heard of HSI going and getting private information from Facebook. What we’ve been seeing is when they use someone’s Facebook page and print what they’ve been posting to use as evidence to argue that person is a gang member,” said Rachel K. Prandini, staff attorney with the Immigrant Legal Resource Center. “Photos with friends ICE thinks are gang members, doing hand signs that ICE alleges are gang signs, or wearing clothes that ICE believes indicate gang membership are being pulled from Facebook and submitted as evidence in immigration court proceedings,” Prandini added.

Matthew Bourke, a spokesperson for ICE, emailed The Intercept to say the agency would not “comment on investigative techniques or tactics other than to say that during the course of a criminal investigation, we have the ability to seek subpoenas and court orders to legally compel a company to provide information that may assist in case completion and subsequent prosecution.” “Court orders are an established procedure that is consistent with all other federal law enforcement agencies. Additionally, investigators can use open-source information that is readily available on various social-media platforms during the course of an investigation,” Bourke added. The Stored Communications Act provides broad powers for law enforcement to request information from communication service providers, including Facebook. The law delineates a variety of types of data that can be requested, much of it without a court order. Facebook publishes a semiannual transparency report detailing the number of government requests for user data. The report does not break down which law enforcement agencies are making the requests for data, so it is unclear how many of the requests came from ICE. The report reveals that from January 2017 through June 2017, Facebook received 32,716 requests for data from 52,280 users. Facebook notes in its report that it complied with 85 percent of the requests and “approximately 57% of legal process we received from authorities in the U.S. was accompanied by a non-disclosure order legally prohibiting us from notifying the affected users.” “Occasionally companies will push back, but that’s relatively rare,” says Nathan Wessler, staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project. “From time to time, companies will push back if they receive what they perceive to be a grossly over-broad request, like a true dragnet request, or if there’s a request for example to unmask the identity of someone who is engaging in First Amendment-protected speech online anonymously. But they — for the vast majority of the requests — they comply.” “For these subpoenas, it’s trivially easy for ICE or any other law enforcement agencies to issue,” explained Wessler. “They don’t require the involvement of a judge ahead of time. It’s really just a piece of paper that they’ve prepared ahead of time, a form, and they fill in a couple of pieces of information about what they’re looking for and they self-certify what they’re looking for is relevant to an ongoing investigation.”

Facebook is facing increasing demands about how it manages user data.