Your Legal Research Vendor Is a Data Broker. Now What?

On May 31 a $22.8M ICE contract expires. The same companies behind Westlaw and Lexis run the data brokerage. What vendor due diligence should look like at the next renewal.

By Claude and Gemini with Sid Newby | May 2026

The two companies that publish the case law most American lawyers rely on also operate the data brokerage operations that ICE used to identify the individuals it deported in 2025. That sentence is unremarkable to anyone who has been reading the federal contracting docket. It is news to almost everyone whose firm pays Westlaw or Lexis subscription fees.

LawNext's two-part investigation, published April 27 and 29, mapped the corporate structure publicly for the first time at this level of detail.^[1]^[2] Thomson Reuters has been awarded over $161 million in DHS contracts since 2003, including a $22.8 million LEIDS-5 deal that expires May 31, 2026. LexisNexis's parent RELX has been awarded over $172 million in DHS contracts since 2005, including a $22.1 million LEIDS contract that runs alongside it.^[1] The contracts are real, public-record, and individually traceable through USAspending. The data products underneath them — Thomson Reuters' CLEAR and LexisNexis's Accurint — are the same products that, in some forms, ride along inside the legal research platforms most law firms have under enterprise license.

The May 31 deadline turns the question from a thought experiment into a procurement decision. Either Thomson Reuters renews the contract and the corporate structure continues, or the contract lapses and the company's relationship with the agency becomes a memory. Either way, the legal-tech-buyer side of this — the law firms, in-house teams, and litigation support providers who write the checks for Westlaw and Lexis — has not, in any organized way, asked the obvious vendor due diligence question. The deadline is three weeks out. The diligence work that should have preceded the deadline is overdue.

What CLEAR and Accurint Actually Are

The technical scope of these data products is the part most lawyers underestimate. Thomson Reuters CLEAR aggregates billions of records spanning driver's licenses, vehicle registrations, credit reports, phone records, real estate transactions, court filings, social media, healthcare provider directories, and a license plate recognition database with over 20 billion scans.^[1] Thomson Reuters' public position is that CLEAR excludes citizenship information, phone call logs, credit histories, and real-time geolocation. The 2024 California class-action settlement — Brooks v. Thomson Reuters, $27.5 million — disposed of allegations that the platform had been compiling profiles on roughly 40 million California residents without their consent.^[3]

LexisNexis Accurint maintains records on 276 million+ U.S. residents.^[1] In 2021, RELX expanded the data set by acquiring Appriss Insights, integrating real-time jail booking data into Accurint's lookups. That feature became the basis for an August 2022 lawsuit by Just Futures Law, Mijente, and Organized Communities Against Deportations alleging that Cook County, Illinois consumer data was being shared with LexisNexis without authorization and ending up in ICE workflows.^[2] The Cook County litigation was dropped in May 2024 with undisclosed settlement terms.

The 2020 Brooks litigation produced an evidentiary record that legal scholars used to argue the data-brokerage business model itself sits in a Fourth Amendment gray zone.^[4] When law enforcement purchases a comprehensive personal data profile from a commercial broker, the third-party doctrine — established in Smith v. Maryland in 1979 and barely modernized since — has historically allowed the agency to bypass the warrant requirement that would attach to direct collection of the same data. That is the legal architecture the ICE contracts depend on. It is also the legal architecture that gets challenged every time a privacy plaintiff finds standing to argue Carpenter v. United States should extend further than it currently does.

Flowchart showing how Thomson Reuters and RELX each operate a legal research platform alongside a data brokerage product feeding ICE through DHS contracts

Figure 1: The corporate-structure map LawNext's investigation made visible. The two companies whose legal research platforms underpin most American legal practice (green) operate the two largest data brokerage operations selling personal data to ICE (red). The same parent companies. The same engineering organizations. Different products with materially different ethical postures, but a shared corporate balance sheet that makes the vendor due diligence question far harder than it looks.

The corporate-structure map matters because the legal tech buyer's standard mental model is that legal research platforms and data broker platforms are different vendors. They are not. They are different products of the same vendor. The licensing terms are negotiated by the same procurement teams. The roadmap decisions go through the same executive committees. When a law firm puts $400,000 a year into a Westlaw renewal, the dollars travel into the same income statement that books the DHS revenue. There is no clean accounting wall between the two — only a marketing wall, and a marketing wall is not a compliance control.

The Investigation and the Pushback

The LawNext series, written by Bob Ambrogi, is the cleanest current public summary, but the investigative work feeding into it has been ongoing for nearly a decade. Sarah Lamdan's 2019 work — published when she was a law professor at CUNY, now extended in her role at the American Library Association — was the first sustained academic treatment of the ethical implications of the dual-product structure.^[1] The Mijente-led #NoTechForICE coalition, launched in 2018, has been pushing the procurement-side case for cancellation ever since.^[2] The new development in 2026 is the velocity of internal and shareholder pushback at the companies themselves.

The pushback came from four directions in the past 18 months.

Employee organizing. On March 11, 2026, 200+ Thomson Reuters employees signed a letter demanding non-renewal of the LEIDS-5 contract.^[2] Management responded with one-on-one conversations, listening sessions, an internal blog post, and an all-hands meeting with CEO Steve Hasker. The company eventually shut down internal-platform discussion of the contract, and employees moved their organizing onto Signal. Billie Little, a senior attorney-editor in the Oregon office who organized an earlier protest letter, was terminated and filed a whistleblower lawsuit; NPR covered the firing on April 21.^[5]

Journalist organizing. In March 2026, 200+ Law360 journalists — nearly 80 percent of the unionized newsroom under RELX ownership — signed a parallel letter demanding RELX end its $22.1 million DHS contract.^[2] Law360 is a property of Portfolio Media, a LexisNexis subsidiary. The letter framed its concern around "separation of families, removal of children from schools," the kind of editorial-board language that, in a publishing house, is expected to influence corporate priorities. RELX issued no public response.

Shareholder activism. The British Columbia General Employees' Union (BCGEU) has been running a shareholder-resolution campaign at Thomson Reuters for six years. The 2020 proposal received roughly 30 percent support among independent investors. The 2021 proposal — focused on a third-party human rights risk assessment — received 70 percent of the independent-investor vote.^[2] Thomson Reuters agreed in 2022 to adopt the UN Guiding Principles on Business and Human Rights but did not exit the ICE contracts. A June 2025 BCGEU proposal on AI governance received around 20 percent support; Glass Lewis recommended a vote in favor.^[2] The structural ceiling on this campaign is the Woodbridge Company — the Thomson family investment vehicle holds approximately 70 percent of voting shares.

Litigation. On May 1, 2026 — three days after Part 2 of the LawNext series — Thomson Reuters was hit with a new privacy class action in Michigan over the display of Social Security numbers on its legal research platforms.^[6] The Michigan case is structurally distinct from the Brooks California settlement and from the Cook County Accurint suit, but it sits in the same family of allegations: the same corporate entity, the same data assets, the same Fourth Amendment third-party doctrine pressure points, the same plaintiff's-bar tactical playbook.

Timeline of pushback against Thomson Reuters and LexisNexis ICE contracts from 2018 launch of NoTechForICE through May 2026 deadline showing employee letters shareholder votes lawsuits and the LawNext investigation

Figure 2: Eight years of pushback have accumulated into a 2026 inflection point. The May 31 expiration of the Thomson Reuters LEIDS-5 contract is the first concrete decision point on the timeline. The pattern of retaliatory firing, the Michigan litigation filed three days after the LawNext series, and the unresolved RELX position make the next four weeks the most consequential window the contracts have faced since they began in 2003.

The volume of this is what makes the May 31 date matter. Three or four years of accumulated organizing, two class actions, a 70-percent independent-shareholder vote, a unionized newsroom letter, a fired senior editor, an NPR story, and now a fresh Michigan privacy suit landing the same week as the investigation that surfaces all of it. That is the pattern of pressure that, in other industries, precedes a real corporate decision. Whether it produces one here depends on whether enough customer-side pressure surfaces in the next 25 days to give Thomson Reuters cover to do something other than the default renewal.

What This Means for Westlaw and Lexis Users

Most legal research customers do not think of themselves as customers of CLEAR or Accurint. They are customers of Westlaw or Lexis+. The company that sends them the invoice is the same company in both cases. The product they are paying for is, in normal usage, segregated from the data brokerage operation. Thomson Reuters has stated publicly that Westlaw user data "is not included in data sold to law enforcement" and "is treated as confidential."^[2] LexisNexis has been less specific in its public statements but has made similar claims about Lexis+ research data.

Take that at face value. The professional ethics problem still exists, and it sits one level up from the data-flow problem. A litigation team using Westlaw to research a defense theory while watching the same parent company sell the data products that ICE used to find their client is a posture that represents an unresolved tension — particularly for firms representing immigrants, asylum seekers, or anyone whose Fourth Amendment rights are at stake in their matter. It is a posture that the firm signs up for every time it renews. Most firms have not been shown the renewal terms with the dual-product structure made visible. They have been shown the legal research line item.

The Model Rules of Professional Conduct do not prohibit this. Model Rule 1.6(c) requires reasonable efforts to prevent unauthorized disclosure of client information.^[7] That obligation, on its face, applies to confidentiality of client matter content, not to the broader question of whose business operations the firm is materially supporting. Model Rule 5.3 requires reasonable efforts to ensure that nonlawyer assistants — which a vendor is, functionally — comply with the lawyer's professional obligations. That rule, read aggressively, opens space for an argument that buying from a vendor whose other business lines are hostile to clients' interests is itself a failure of supervision. That argument has not been litigated. It is theoretically available to a creative legal ethics complainant.

The cleaner framing is the procurement framing. The buyer's question is whether a reasonable enterprise legal-tech buyer, doing the diligence appropriate to a multi-year platform contract worth six figures and up, can in good conscience renew with a vendor whose other operating divisions are subject of an ongoing federal class action and the largest organized employee/shareholder dissent in the company's history. That question does not require taking a political position on immigration policy. It requires acknowledging that infrastructure ethics is a real field, that vendor due diligence is a real obligation under most enterprise procurement frameworks, and that the standard checkbox-driven third-party risk assessments that most firms run on their legal research vendors do not currently surface this question at all.

What Vendor Due Diligence Should Look Like

The procurement-side response is straightforward to describe and slow to execute. The principle is that the firm's diligence on a multi-year legal tech contract should match the firm's diligence on any other multi-year vendor relationship. Five things to put on the table at the next renewal.

1. Map the corporate structure of the vendor. The Thomson Reuters / RELX consolidation question becomes invisible if the procurement team only sees the legal-research division. The vendor's full SEC filings, full DHS and government contracting history (USAspending is public), and any active class-action exposure should be visible to whoever signs the renewal. Most firms do not currently do this.

2. Ask about data segregation in writing. The verbal statement that "Westlaw user data is not sold to law enforcement" is necessary but not sufficient. The vendor should commit, in the contract, to the same statement, with audit rights, with breach-of-warranty liability, and with a defined remedy if the segregation fails. If the vendor will not commit in writing, the verbal statement is marketing.

3. Track the litigation exposure. Brooks v. Thomson Reuters settled for $27.5 million; the May 2026 Michigan filing is a fresh class action; the Cook County Accurint suit was dropped on undisclosed terms. The pattern is enough that any reasonable enterprise procurement framework should treat it as an active and material vendor risk. Tracking this should be part of the renewal, not an afterthought when the local newspaper picks up the story.

4. Evaluate the ethics surcharge. When the vendor's behavior in adjacent product lines is materially adverse to a substantial fraction of the firm's clients, a reasonable buyer can decide to factor that adversity into the price. Either the vendor matches the discount that the ethics question implies, or the firm shifts spend to vendors whose corporate structure is cleaner. Casetext, Fastcase, and Bloomberg Law are all materially competitive on the legal research side of the workflow, with cleaner positions on data brokerage. The substitution cost is real but bounded.

5. Know what the alternative looks like. The dominant counterargument to vendor switching is that no clean alternative exists. That argument is weaker in 2026 than it has been in 15 years. Bloomberg Law has built a federal case law product that is competitive at the top of the market. Casetext was acquired by Thomson Reuters in 2023 — that one is no longer clean — but Fastcase merged with vLex and the resulting vLex/Fastcase product is a defensible enterprise legal research alternative for many practice areas. Free Law Project's CourtListener has improved enough on AI-augmented federal case search that it covers a meaningful fraction of public-domain research needs at zero cost.^[8] No firm needs to renew a Westlaw or Lexis contract on autopilot in 2026.

Decision tree flowchart for legal research vendor renewals showing red and yellow paths where dual product risk goes unsurfaced and a green path where corporate structure data segregation and litigation exposure are documented

Figure 3: A decision tree for legal research vendor renewals in May 2026. Each red or yellow path represents a way that a procurement renewal proceeds without surfacing the dual-product structure to the firm decision-makers who would need to approve the trade-off if they could see it. The green path is not unreachable. It just requires the firm to do work that current procurement frameworks rarely demand.

The argument here lands on procurement diligence, not boycott. Documented diligence appropriate to a multi-year, six-figure-plus enterprise contract with a vendor under active federal civil litigation, active employee dissent, and active shareholder pressure. Any firm whose procurement framework does not currently surface those facts at renewal time has a procurement framework problem that is broader than this specific story.

What May 31 Decides

The contract expiration on May 31 is a forcing function whether anyone wants it to be or not. There are three plausible paths from here.

Path one: silent renewal. The default. Thomson Reuters and ICE sign a follow-on. The contract details may not surface in the federal register for weeks. The internal employee organizing continues but loses momentum once the visible deadline passes without action. This is the path most consistent with the Woodbridge Company's structural shareholder control and with the company's two-decade pattern of declining to make the public statement that its critics have demanded. It is also the path most consistent with how vendor-customer relationships in regulated industries usually behave when the customer side does not exert procurement pressure.

Path two: managed wind-down. Thomson Reuters announces that LEIDS-5 will not be renewed in its current form, transitions some functions to other vendors, and quietly retains other parts of the relationship. The optics improve. The substance changes less than the optics. This path is the one the company can take while still claiming credit for "responding to stakeholder concerns," and it is the most likely outcome if customer-side pressure surfaces meaningfully in the next 25 days.

Path three: full exit. Thomson Reuters publicly announces it will not renew, will sunset CLEAR's law enforcement-facing tier, and will move CLEAR toward private-sector compliance and fraud-investigation use cases only. This is the BCGEU's stated objective. It is consistent with the human-rights commitments TR adopted in 2022. It is hard to see in the Woodbridge-controlled corporate structure absent some material change in the financial calculus — a major customer cancellation, a regulatory action, or a settlement-driven reorganization.

The path that gets taken depends largely on whether enough enterprise customers — law firms, in-house teams, legal aid organizations, university libraries — surface the question explicitly with their account representatives in the next month. The historical pattern is that they do not. The historical pattern is that the renewal happens, the press cycle moves on, and the BCGEU and the #NoTechForICE coalition keep grinding on a six-month timeline. The tactical question for any law firm that takes this question seriously is whether to be on the short list of customers that signaled before May 31, or on the long list of customers that read about the renewal in the trade press in June and asked themselves why they did not weigh in.

The consolidation of legal tech vendors over the last decade has produced a market structure in which a small number of companies own most of the workflow surface across legal practice. The dual-product structure that LawNext mapped is the most visible expression of why that consolidation has costs that buyers have not accounted for. Westlaw and Lexis are excellent legal research platforms. They are also subsidiaries of corporate parents whose other product lines are now subject to active federal civil litigation, organized employee dissent, and shareholder action. The legal industry that built itself around those platforms has the option to ask, on the renewal cycle, whether the consolidation it accepted is the consolidation it actually wants.

May 31 is not the deadline for that conversation. It is the first deadline. There will be more.