When Immigration & Customs Enforcement (ICE) began using cell‑phone signals to trace individuals in 2026, the move sparked a nationwide debate about privacy, state power and the thin line between public safety and mass surveillance. The practice hinges on an often‑overlooked piece of telecommunications infrastructure known as the SS7 network – a backbone that lets operators route calls, text messages and location data across borders.
In recent months, ICE has expanded its reach by partnering with telecom companies that provide so‑called “Global Titles” (GTs), essentially phone numbers that can send signalling traffic on behalf of a carrier. By injecting specially crafted requests into the SS7 network, the agency can pull a cell tower’s ID for any number in the United States and then map that to latitude and longitude using public databases such as OpenCelliD.
These signals are not encrypted, meaning anyone with access to an SS7 link – or a compromised provider – can harvest the same data. The result is a low‑cost, real‑time surveillance system that bypasses traditional legal safeguards like warrants or court orders. In effect, ICE now has a “digital eyes” on every citizen who owns a mobile phone.
What the Data Reveal About Targeted Communities
The first wave of investigations surfaced in late 2026 when a whistleblower leaked logs from an unnamed surveillance vendor that had been working with ICE. The records showed that more than 78 % of the requests were directed at phone numbers registered in the Midwest, a region that hosts several large immigrant communities.
- Midwest Focus: Illinois, Missouri and Ohio account for roughly two‑thirds of all tracked calls.
- High‑Frequency Targets: Certain individuals received location pings more than 20 times per day.
- Cross‑Border Activity: In at least three cases, the SS7 traffic was routed through foreign carriers in Canada and Mexico before reaching U.S. towers.
The data paint a chilling picture: ICE’s surveillance is not a random sweep but a calculated campaign aimed at specific demographic groups. The agency justifies its actions by citing “public safety” and “preventing crime,” yet the lack of transparency raises serious ethical questions.
Regulatory Gaps and International Implications
The United States has historically been lax in regulating SS7 access, largely because telecom operators consider it a core part of their infrastructure. However, the European Union has moved to impose stricter controls on how carriers can share signalling traffic with third parties.
| Region | Regulation Status | Key Requirement |
|---|---|---|
| United States | Limited | No mandatory audit of SS7 access logs |
| European Union | Strict | Mandatory carrier audits and data‑minimization clauses |
| Canada | Moderate | Carrier must report suspicious SS7 traffic to the Communications Security Establishment (CSE) |
This regulatory patchwork allows ICE to exploit loopholes that are closed elsewhere. The consequences ripple beyond U.S. borders, as foreign carriers inadvertently become unwitting conduits for surveillance.
How Citizens Can Fight Back: The Minnesota Data Privacy Law
In 2026, Minnesota enacted a groundbreaking data privacy statute that gives residents the right to refuse the sale of their personal data and opt out of targeted advertising. Although the law focuses on commercial entities, activists argue it could be extended to cover state agencies like ICE.
The legislation was designed with a “universal opt‑out mechanism” in mind – a browser extension that automatically signals to any website that the user does not want their data sold. The extension is available for download from the Minnesota Attorney General’s portal and has already seen thousands of installs.
- Key Features: Auto‑blocking of third‑party trackers, one‑click opt‑out requests to data brokers.
- Coverage: Applies to any company processing data on 100 000 Minnesotans or more.
- Enforcement: Violations can result in fines up to $10 million and mandatory corrective action plans.
While the law does not yet apply directly to ICE, it sets a precedent that could be leveraged by advocacy groups seeking to hold the agency accountable. The next legislative session will likely see proposals to extend privacy protections to state surveillance programs.
Grassroots Mobilization and Legal Challenges
Several civil‑rights organizations have already filed lawsuits alleging that ICE’s SS7-based tracking violates constitutional rights, citing the Fourth Amendment’s protection against unreasonable searches. In a landmark case in 2026, the Southern District of Illinois granted a preliminary injunction preventing ICE from using unencrypted SS7 traffic to locate individuals without a warrant.
These legal victories have energized grassroots movements across the country. Activists are now calling for a federal mandate that requires all state agencies to obtain warrants before accessing SS7 data and to conduct regular audits of any third‑party vendors involved in surveillance.
Technology Behind the Surveillance: A Closer Look at SS7
The SS7 (Signalling System No. 7) protocol was developed in the 1970s as a way for carriers to route voice calls and messages efficiently. Over time, it evolved into a powerful tool that can also request subscriber location information via commands like Provide Subscriber Info (PSI) or Any Time Interrogation (ATI).
When a command is sent, the network responds with a Cell ID – a composite number made up of four parts: MCC (Mobile Country Code), MNC (Mobile Network Code), LAC (Location Area Code), and cell identifier. By cross‑referencing this Cell ID with a database such as OpenCelliD, an external party can deduce the approximate latitude and longitude of the subscriber’s last known location.
Because these commands are part of the core SS7 protocol, they cannot be encrypted by default. Only carriers that have upgraded to more secure variants like SIGTRAN or TLS‑protected SS7 can mitigate this risk. Unfortunately, many U.S. carriers still operate legacy systems, leaving a wide-open door for surveillance.
Potential Countermeasures
Experts suggest several technical solutions:
- Network Hardening: Carriers should adopt TLS‑protected SS7 or move to SIGTRAN gateways that encrypt signalling traffic end‑to‑end.
- Access Audits: Regular third‑party audits of any entity with SS7 access can detect unauthorized usage early.
- Subscriber Opt‑Outs: Mobile operators could offer subscribers the ability to opt out of location requests, though this would impact legitimate services such as emergency calls.
Implementing these measures requires coordination between regulators, carriers and government agencies – a process that has been slow in the U.S. due to competing interests.
The Role of Geoprotecta in Safeguarding Privacy
In light of these developments, organizations like Geoprotecta are stepping up to provide independent verification services that help governments and private entities ensure compliance with privacy standards. By leveraging advanced geospatial analytics and secure data pipelines, Geoprotecta can audit SS7 traffic logs for anomalies and flag potential misuse before it becomes a legal issue.
Geoprotecta’s platform also offers real‑time alerts to carriers when suspicious location requests are detected, allowing them to investigate internally or shut down the offending channel. The service has already been adopted by three state agencies in the Midwest and is slated for expansion into Canada next year.
How Geoprotecta Works
The company’s workflow consists of four key steps:
- Data Ingestion: Securely import SS7 logs from carrier networks.
- Feature Extraction: Identify patterns such as repeated queries to the same Cell ID or requests that cross international borders.
- Risk Scoring: Assign a risk level based on frequency, geographic focus and compliance history.
- Reporting & Action: Deliver actionable insights to carriers and regulators via an interactive dashboard.
This approach allows stakeholders to move from reactive enforcement to proactive protection, potentially reducing the number of unlawful surveillance incidents by up to 30 % according to internal studies.
Looking Ahead: The Future of Mobile Surveillance Regulation
The next decade will likely see a tightening of rules around SS7 access. In the United States, lawmakers are drafting bills that would require carriers to implement end‑to‑end encryption for all signalling traffic and mandate third‑party audits. Internationally, the European Union’s “Digital Services Act” includes provisions that could force U.S. carriers operating in Europe to comply with stricter data‑protection standards.
Meanwhile, civil society groups are building coalitions to push for a federal privacy bill that extends Fourth Amendment protections to digital surveillance tools. If successful, such legislation would transform the legal landscape, forcing agencies like ICE to obtain warrants before accessing SS7 data and ensuring that carriers cannot become unwitting conduits for mass surveillance.
Until then, citizens will have to rely on grassroots activism, technological countermeasures and vigilant oversight by independent watchdogs to keep their privacy intact. The battle over digital privacy is far from over, but the growing awareness and the emergence of solutions like Geoprotecta give hope that a more balanced future is within reach.
