A $10 million federal procurement contract shows Immigration and Customs Enforcement is purchasing immigrants’ tax identifiers from commercial data brokers—a move that may allow the agency to bypass court restrictions on deportation operations.
The deal, reviewed by 404 Media, reveals a specific surveillance mechanism: ICE is acquiring tax-related data on immigrants through vendors who aggregate and resell personal financial records. The timing and structure of the purchase raise a critical question about whether the government is using the private data market to work around legal constraints that would otherwise block such operations.
- The Contract Scale: ICE committed $10 million to purchase tax identifiers from commercial data brokers, signaling sustained, large-scale targeting infrastructure rather than a pilot program.
- The Legal Workaround: By acquiring data through private vendors rather than collecting it directly, ICE may be attempting to create legal distance from court orders restricting its surveillance operations.
- The Consent Gap: Individuals whose tax records were sold had no opportunity to opt out, no notification from the broker, and likely no knowledge that their financial identifiers are now in ICE’s possession.
Senator Ron Wyden, who has long tracked federal surveillance spending, characterized the arrangement bluntly: “It looks for all the world like Trump is trying to skirt the law and a court order to fuel his mass-deportation campaign.” The procurement itself does not explicitly state the operational purpose, but the combination of the contract value, the specific data type (tax identifiers), and the timing suggests ICE is building a targeting infrastructure independent of traditional law-enforcement databases.
This pattern mirrors a structural weakness in American privacy law that became infamous during the Cambridge Analytica scandal. In that case, Facebook’s data was harvested at scale and resold to political operatives who used it to micro-target individuals without their knowledge or consent. The mechanism was simple: a third party collected data, brokers packaged it, and end-users purchased access to populations they wished to influence. No warrant. No transparency. No individual consent. As documented in the rise of surveillance capitalism, Cambridge Analytica exposed precisely how the commercial data market could be weaponized against individuals who never agreed to participate. ICE’s procurement follows the same structural logic: outsource the collection to a private vendor, purchase the targeting data, and deploy it operationally.
• A 2023 Costs of War surveillance report documents that ICE has contracted with data brokers to purchase customer records, a practice that has expanded significantly alongside the commercial data aggregation industry
• The Fair Credit Reporting Act does not cover all categories of data broker, leaving large volumes of personal financial records outside its regulatory scope
• State privacy laws including California’s CCPA contain explicit carve-outs for law enforcement, limiting their protective reach for the populations most at risk
Why Are Tax Identifiers a Surveillance Tool?
The specificity of “tax identifiers” is significant. Tax records are among the most sensitive personal documents an individual holds. They contain income, address history, filing status, and often links to bank accounts and employer information. For immigration enforcement, a tax identifier is a locating and identification tool. It connects a name to a specific financial footprint and history. Someone who filed taxes under a particular identifier years ago can be tracked, located, and cross-referenced against other government databases.
For immigrants and mixed-status households, the implications are immediate. Filing taxes—an act often framed as civic participation and legal compliance—now creates a permanent digital record that can be purchased by immigration enforcement. The data broker who sold this access had no obligation to notify the individuals whose records were included. Those individuals had no opportunity to opt out. They likely have no way to know their tax identifiers are now in ICE’s hands. This dynamic is not isolated: an EFF client’s account of Google handing data to ICE illustrates how multiple commercial pipelines now feed the same enforcement apparatus.
How Does the Data Broker Market Enable This Purchase?
The legal framework enabling this purchase is the same one that allows data brokers to operate with minimal regulation. The data broker market has expanded substantially since the Cambridge Analytica scandal brought it to public attention in 2018. Today, commercial vendors legally aggregate tax records, financial histories, and other sensitive personal data—then sell access to any buyer with a budget. The legal theory ICE appears to be applying is that if the agency does not directly collect the data itself, court orders restricting ICE surveillance do not apply.
Analysis by the ACLU examining the expansion of surveillance data sales to ICE notes that enforcement data broker purchases represent a category of government surveillance that existing legal frameworks were not designed to address. The question of whether purchasing data constitutes a form of surveillance subject to Fourth Amendment constraints has not yet been definitively resolved by federal courts.
• Research from the University of Washington’s Center for Human Rights documents how government agencies have used commercial surveillance data to power immigration enforcement, raising concerns about accountability and oversight
• The Costs of War Project’s surveillance analysis confirms that ICE’s use of commercial data broker contracts is part of a broader pattern of federal agencies acquiring private-sector data to supplement or circumvent direct collection restrictions
• The absence of a federal data-broker licensing or transparency requirement means there is currently no mechanism requiring vendors to disclose which government agencies have purchased access to specific data categories
Is This Purchase Legal Under Existing Court Orders?
The procurement was flagged as part of routine federal contract reviews, but the scale and specificity suggest this is not a pilot program. A $10 million commitment indicates ICE expects sustained, large-scale access to this data stream. The contract does not appear to include public notice of its purpose or scope—standard practice for law-enforcement procurement that agencies wish to keep operationally opaque.
The court orders Senator Wyden referenced appear to relate to ICE’s broader deportation operations, which have faced legal challenges on due-process and Fourth Amendment grounds. By purchasing data through a broker rather than collecting it directly, ICE may be attempting to create legal distance between the enforcement action and the surveillance mechanism—a strategy that has not yet been tested in court. The question of whether this approach constitutes a constitutional violation is precisely the kind of issue that experts warn about when analyzing how data broker ecosystems outpace regulatory and judicial frameworks.
What Comes Next for Legal Challenges?
Whether this procurement will face legal challenge depends on whether affected individuals or advocacy groups can demonstrate standing and whether courts will recognize the purchase of data as a form of surveillance subject to the same constitutional constraints as direct collection. That question is likely to reach federal court within the next 12 months.
The deeper structural problem is that the data broker market was built without anticipating that its customers would include federal law enforcement agencies seeking to circumvent judicial oversight. The individuals whose tax identifiers were sold into this contract did not consent to that use. They had no mechanism to prevent it. And under current law, they have limited recourse to challenge it. Until Congress passes comprehensive data broker regulation—or until courts extend Fourth Amendment protections to cover government data purchases—the gap between what the law permits and what privacy requires will continue to widen.
