Cell phones are convenient devices, handily connecting us with loved ones, paying bills, accessing information—and treacherously reporting on our every move. Worse, even after the Supreme Court weighed in, many government agencies still insist that they have the right to pull up that tracking data to see our whereabouts. It’s increasingly apparent that, if you have your phone in your pocket, you may as well have a GPS beacon strapped to your ankle. If you want anonymity from the government, leave the gadget at home.

That point was illustrated in the wake of the Capitol riot, when the authorities pulled cell phone records to see who was present.

“In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene,” The Intercept reported this week. “Investigators have also relied on data ‘dumps’ from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.”

The data collected by people’s phones and the apps they use, often compiled by marketing firms, is amazingly detailed. An individual “outraged by the events of Jan. 6” supplied data on participants in the day’s events to The New York Times, whose writers were thoroughly creeped out by the information…

Read the full story here.

Last October, Senators Ron Wyden and Elizabeth Warren asked the IRS’s oversight to take a look at the agency’s use of third-party data brokers to obtain cell site location info harvested from phone apps. This new collection of location data appeared to bypass the Supreme Court’s Carpenter decision, which said cell site location info was protected by the Fourth Amendment.

This means warrants were needed to obtain this information from cell service providers. Multiple government agencies — including the CBP, DEA, and Defense Department — appear to believe approaching data brokers a couple of steps removed from the location data collection process aren’t affected by this warrant requirement. While both cell site location info from cell providers and bulk data from brokers can accomplish the same long-term tracking of individuals, the latter tends to be less detailed since it sometimes requires apps to be in use to produce location data, rather than just connected to a cell tower.

The IRS may have believed no warrants are needed to buy bulk data from brokers, but its oversight disagrees. The Treasury Department Inspector General says the 2018 Supreme Court ruling may cover this data as well.

A new Treasury Department watchdog report warns that law-enforcement agencies may not be on firm legal footing when they use cellphone GPS data drawn from mobile apps without obtaining a warrant first.In a review of the Internal Revenue Service’s use of a commercial platform that allowed the agency to track cellphones, the Treasury Department inspector general for tax administration said that a landmark 2018 Supreme Court case might preclude the warrantless tracking of criminal suspects through location data generated by weather, game and other apps. The report encouraged stricter controls on use of the data.

But it’s only a “may.” The report [PDF] says the IRS should consider seeking a warrant before obtaining this data in the future. However, the IRS hasn’t purchased data for a few years now because it doesn’t consider it useful. And its only utilization of data broker Venntel occurred before the Supreme Court’s Carpenter decision was handed down.

According to the purchase order, the subscription was for one year from September 9, 2017, through September 8, 2018, at the cost of $19,872. CI stated that the single-user license subscription was used exclusively by a single field office in the Cyber Crimes Unit, and Venntel was only utilized on a few specific occasions and did not produce effective results. According to CI, the last use of this database was in March 2018…

That would be two months before the Carpenter decision, which would make it a good faith effort if anyone were to challenge this evidence. But if anyone was going to, they’d likely already have done it. And the IRS’s limited use (at least of this vendor) reinforces the IRS’s claims that bulk location data from brokers doesn’t help it with investigations.

Even given the Supreme Court’s 2018 decision, IRS officials still seem to believe if the agency make use of this in the future, agents still wouldn’t need to seek a warrant.

Carpenter v. U.S. was decided in June 2018. The last known attempt to use the Venntel product was March 2018, before the Supreme Court decision. Nevertheless, it is our understanding that the Carpenter decision concerned historical Cell Site Location Information which is distinct from the opt-in app data available on the Venntel platform.

Ah, but that’s the same argument the government made to attempt to avoid a search warrant requirement: that the location data was voluntarily obtained from cellphone users. The Supreme Court disagreed, saying the data was collected continuously, even when owners weren’t actively using their cellphones. If US government agencies continue to seek this data without a warrant, they’re likely going to start generating caselaw contradicting their presumptions.

Treasury Oversight suggests warrants. The IRS suggests they aren’t necessary. For now, the only thing preventing internal conflict is the IRS’s determination that this particular form of cell location data is mostly useless.

Read the full story here.