Treasury Oversight Says IRS Should Consider Getting Warrants Before Buying Location Data From Data Brokers

from the everyone-reads-Carpenter-differently dept

Last October, Senators Ron Wyden and Elizabeth Warren asked the IRS's oversight to take a look at the agency's use of third-party data brokers to obtain cell site location info harvested from phone apps. This new collection of location data appeared to bypass the Supreme Court's Carpenter decision, which said cell site location info was protected by the Fourth Amendment.

This means warrants were needed to obtain this information from cell service providers. Multiple government agencies -- including the CBP, DEA, and Defense Department -- appear to believe approaching data brokers a couple of steps removed from the location data collection process aren't affected by this warrant requirement. While both cell site location info from cell providers and bulk data from brokers can accomplish the same long-term tracking of individuals, the latter tends to be less detailed since it sometimes requires apps to be in use to produce location data, rather than just connected to a cell tower.

The IRS may have believed no warrants are needed to buy bulk data from brokers, but its oversight disagrees. The Treasury Department Inspector General says the 2018 Supreme Court ruling may cover this data as well.

A new Treasury Department watchdog report warns that law-enforcement agencies may not be on firm legal footing when they use cellphone GPS data drawn from mobile apps without obtaining a warrant first.

In a review of the Internal Revenue Service’s use of a commercial platform that allowed the agency to track cellphones, the Treasury Department inspector general for tax administration said that a landmark 2018 Supreme Court case might preclude the warrantless tracking of criminal suspects through location data generated by weather, game and other apps. The report encouraged stricter controls on use of the data.

But it's only a "may." The report [PDF] says the IRS should consider seeking a warrant before obtaining this data in the future. However, the IRS hasn't purchased data for a few years now because it doesn't consider it useful. And its only utilization of data broker Venntel occurred before the Supreme Court's Carpenter decision was handed down.

According to the purchase order, the subscription was for one year from September 9, 2017, through September 8, 2018, at the cost of $19,872. CI stated that the single-user license subscription was used exclusively by a single field office in the Cyber Crimes Unit, and Venntel was only utilized on a few specific occasions and did not produce effective results. According to CI, the last use of this database was in March 2018…

That would be two months before the Carpenter decision, which would make it a good faith effort if anyone were to challenge this evidence. But if anyone was going to, they'd likely already have done it. And the IRS's limited use (at least of this vendor) reinforces the IRS's claims that bulk location data from brokers doesn't help it with investigations.

Even given the Supreme Court's 2018 decision, IRS officials still seem to believe if the agency make use of this in the future, agents still wouldn't need to seek a warrant.

Carpenter v. U.S. was decided in June 2018. The last known attempt to use the Venntel product was March 2018, before the Supreme Court decision. Nevertheless, it is our understanding that the Carpenter decision concerned historical Cell Site Location Information which is distinct from the opt-in app data available on the Venntel platform.

Ah, but that's the same argument the government made to attempt to avoid a search warrant requirement: that the location data was voluntarily obtained from cellphone users. The Supreme Court disagreed, saying the data was collected continuously, even when owners weren't actively using their cellphones. If US government agencies continue to seek this data without a warrant, they're likely going to start generating caselaw contradicting their presumptions.

Treasury Oversight suggests warrants. The IRS suggests they aren't necessary. For now, the only thing preventing internal conflict is the IRS's determination that this particular form of cell location data is mostly useless.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, csli, data brokers, elizabeth warren, inspector general, irs, location info, oversight, privacy, ron wyden, treasury department, warrant


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ECA (profile), 24 Feb 2021 @ 11:46am

    How Easy?

    To get a warrant that Never expires?
    Or
    One that has a time limit, but a new one is sent every month?

    A blanket warrant to cover everything?
    How many Judges would Sign off on it, because it would be easier them doing it for Every person in the nation, every other day?

    link to this | view in chronology ]

  • identicon
    Pixelation, 24 Feb 2021 @ 12:13pm

    Take back the 4th.

    The Third Party Doctrine needs to die a horrible death. And, data brokers with it.

    link to this | view in chronology ]

    • icon
      ECA (profile), 25 Feb 2021 @ 11:53am

      Re: Take back the 4th.

      "In 1976 (United States v. Miller) and 1979 (Smith v. Maryland), the Court affirmed that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties."[3]"

      But here is the fun part.

      Your social sec. number WAS SUPPOSED TO BE PRIVATE, and not shared with 90% of the rest of the world. But, for some Odd reason, the courts have Never enforced this. And the Credit agencies HAVE LOVED IT. They have No rights to use this number.
      Your bank, your Work, are the Few that should have this number. AND to rent a house, IS NOT.
      So many companies and Police and use it to track you, easily.

      Do ya love this capitalist ideal of society?
      Its fun when a gog. makes laws, and then dont tell Which Enforcement agencies are responsible to Enforce those laws.
      And then those agencies dont have Any power to enforce laws created except a SLAP on the wrist that worth about 0.1% of its profit margin.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 26 Feb 2021 @ 8:22am

    lets make it real simple.....
    when in doubt -GET A WARRANT!
    if you are unsure -GET A WARRANT!
    if you don't know -GET A WARRANT!
    if you think that you don't need one -GET A WARRANT!
    you want some kind of data -GET A WARRANT!
    WE THE PEOPLE's personal info is protected by the 4th. the 3rd party crap has been used and abused for fare too long. so....-GET A WARRANT!
    in case i forgot something -GET A WARRANT!
    WE THE PEOPLE are tired of the surveillance/ police state.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.