Wed. Feb. 24, 2021 | By Tim Cushing – TechDirt.com |
Last October, Senators Ron Wyden and Elizabeth Warren asked the IRS’s oversight to take a look at the agency’s use of third-party data brokers to obtain cell site location info harvested from phone apps. This new collection of location data appeared to bypass the Supreme Court’s Carpenter decision, which said cell site location info was protected by the Fourth Amendment.
This means warrants were needed to obtain this information from cell service providers. Multiple government agencies — including the CBP, DEA, and Defense Department — appear to believe approaching data brokers a couple of steps removed from the location data collection process aren’t affected by this warrant requirement. While both cell site location info from cell providers and bulk data from brokers can accomplish the same long-term tracking of individuals, the latter tends to be less detailed since it sometimes requires apps to be in use to produce location data, rather than just connected to a cell tower.
The IRS may have believed no warrants are needed to buy bulk data from brokers, but its oversight disagrees. The Treasury Department Inspector General says the 2018 Supreme Court ruling may cover this data as well.
A new Treasury Department watchdog report warns that law-enforcement agencies may not be on firm legal footing when they use cellphone GPS data drawn from mobile apps without obtaining a warrant first.In a review of the Internal Revenue Service’s use of a commercial platform that allowed the agency to track cellphones, the Treasury Department inspector general for tax administration said that a landmark 2018 Supreme Court case might preclude the warrantless tracking of criminal suspects through location data generated by weather, game and other apps. The report encouraged stricter controls on use of the data.
But it’s only a “may.” The report [PDF] says the IRS should consider seeking a warrant before obtaining this data in the future. However, the IRS hasn’t purchased data for a few years now because it doesn’t consider it useful. And its only utilization of data broker Venntel occurred before the Supreme Court’s Carpenter decision was handed down.
According to the purchase order, the subscription was for one year from September 9, 2017, through September 8, 2018, at the cost of $19,872. CI stated that the single-user license subscription was used exclusively by a single field office in the Cyber Crimes Unit, and Venntel was only utilized on a few specific occasions and did not produce effective results. According to CI, the last use of this database was in March 2018…
That would be two months before the Carpenter decision, which would make it a good faith effort if anyone were to challenge this evidence. But if anyone was going to, they’d likely already have done it. And the IRS’s limited use (at least of this vendor) reinforces the IRS’s claims that bulk location data from brokers doesn’t help it with investigations.
Even given the Supreme Court’s 2018 decision, IRS officials still seem to believe if the agency make use of this in the future, agents still wouldn’t need to seek a warrant.
Carpenter v. U.S. was decided in June 2018. The last known attempt to use the Venntel product was March 2018, before the Supreme Court decision. Nevertheless, it is our understanding that the Carpenter decision concerned historical Cell Site Location Information which is distinct from the opt-in app data available on the Venntel platform.
Ah, but that’s the same argument the government made to attempt to avoid a search warrant requirement: that the location data was voluntarily obtained from cellphone users. The Supreme Court disagreed, saying the data was collected continuously, even when owners weren’t actively using their cellphones. If US government agencies continue to seek this data without a warrant, they’re likely going to start generating caselaw contradicting their presumptions.
Treasury Oversight suggests warrants. The IRS suggests they aren’t necessary. For now, the only thing preventing internal conflict is the IRS’s determination that this particular form of cell location data is mostly useless.
Read the full story here.
