New documents acquired by immigration rights groups show that Immigration and Customs Enforcement (ICE) signed a contract with powerful data broker LexisNexis to circumvent Colorado laws that protect low-priority immigrants from deportation.
The state of Colorado is home to over 300,000 non-US citizens and, with the passage of Colorado’s HB19-1124 law in 2019, it joined a sizeable group of American states that abide by so-called “sanctuary laws,” limiting cooperation with federal agencies to protect people without a valid residence permit from being identified and deported.
That means local agencies, which previously shared information like the probation schedules of undocumented migrants with ICE, have stopped cooperating with the federal agency.
As a result, according to ICE, the percentage of requests filed by the agency asking prisons to notify them of prisoner releases that were refused skyrocketed in Colorado, increasing from 19% in 2019 to over 29% in 2020.
But that, it turns out, didn’t stifle the agency, which decided to take a side road to access the same data.
According to a new report, co-published by several civil society organizations based in Colorado, ICE contracted with data broker company Appriss Solutions—a subsidiary of LexisNexis, which owns one of the largest global databases of personal information—to obtain information about the location of immigrants in Colorado jails.
The contract is part of a series of deals worth millions of dollars ICE has struck with data broker companies like LexisNexis and Equifax. In Colorado, it allows federal agents to access real-time information on jail bookings from a state jail alert system called VINE without law enforcement personnel handing it to them directly.
Thanks to this system, whenever someone on ICE’s list of targets is brought to jail, the federal agency is alerted, allowing them to arrest and potentially deport them upon their release.
Since, under the 2019 sanctuary policy, local police are prevented from arresting people on the basis of civil immigration violations, undocumented migrants in Colorado would only be at risk of deportation if they were convicted of either aggravated felonies, crimes involving moral turpitude, or deportable offenses like crimes relating to drugs, guns, or domestic violence.
ICE has been straightforward about using this loophole to circumvent sanctuary laws. “Due to policy or legislative changes, Enforcement and Removal Operations (ERO) has experienced an increase in the number of law enforcement agencies and state or local governments that do not share information about real-time incarceration of foreign-born nationals with ICE,” a 2021 document reads.
“These services are required to meet the ERO mission of tracking real-time incarceration information of suspected foreign-born nationals. ERO uses this information to search, track, and find persons of interest, locate ICE fugitives, and further investigative cases.”
Private data brokers are not the only source of information ICE employs to circumvent sanctuary laws: the agency is also known for issuing subpoenas to tech companies such as Google and Meta in order to access the masses of user data they store.
Local immigration rights advocates were alerted that ICE was somehow managing to target undocumented people in the past few months despite the sanctuary laws.
“I got calls fairly frequently from people from the community asking things like how did they know that my husband was going to be there? How did they know that we were driving this car? How did ICE know to pick us up here? How do they know where I worked?” Siena Mann, organizing and campaigns manager at the Colorado Immigrant Rights Coalition, told the Daily Dot. “We had the sense from those calls from community that ICE was accessing data on our community members, we just didn’t know how.”
Since the VINE alerts are matched to a massive trove of personal data—spanning addresses and credit histories to vehicle registration records, cell phone data, and information about relatives—having access to LexisNexis means ICE can easily locate people upon release.
“ICE agents once relied on the police to help them track us, arrest us, and deport us. Now, tech companies, by selling our personal data, are helping them instead,” Latinx organization Mijente’s senior campaign director Jacinta González stated in a press release.
Far from only applying to Colorado, similar loopholes are being exploited all over the U.S. Last year, the Washington Post reported that ICE was using Thomson Reuters’s CLEAR database, containing data points for hundreds of thousands of people in all 50 states, Puerto Rico, Guam, and the Virgin Islands, to pursue immigration violations. As the CLEAR contract was expiring, the Intercept revealed that LexisNexis had signed a $16.8 million contract to sell its data to ICE.
In April, members of the Cook County Board of Commissioners in Chicago advanced a resolution to investigate ICE’s use of data brokers for the specific objective of circumventing sanctuary policies.
“Tech companies are providing the loophole. They’re basically accumulating vast amounts of data from public and private sources, including from police and sheriffs, in order to continue their enforcement and deportation pipeline,” Mann said. “That’s really scary for local communities, because it means that ICE is getting data handed to them on a platter that could include things like their address, information about who their family are, and so on. Having access to this data means people could be picked up doing their everyday tasks, like taking their kids to school or going to work.”
In a statement to the Daily Dot, ICE said that its contract with LexisNexis “provides an investigative tool that allows the agency to easily and efficiently manage information to assist with law enforcement investigations.”
It noted that it used LexisNexis data for “national security and public safety cases, narcotics smuggling, transnational gang activity, child exploitation, human smuggling and trafficking, illegal exports of controlled technology and weapons, money laundering, financial fraud, cybercrime, and intellectual property theft. The contract complies with all laws, policies, and regulations that govern data collection.”
Lexis-Nexus did not immediately respond to an inquiry from the Daily Dot.
This post has been updated with comment from ICE.