The body tasked with oversight of the IRS announced in a letter that it will investigate the agency's use of location data harvested from ordinary apps installed on peoples' phones, according to a copy of the letter obtained by Motherboard.
The move comes after Senators Ron Wyden and Elizabeth Warren demanded a formal investigation into how the IRS used the location data to track Americans without a warrant.
"We are going to conduct a review of this matter, and we are in the process of contacting the CI [Criminal Investigation] division about this review," the letter, signed by J. Russell George, the Inspector General, and addressed to the Senators, reads. CI has a broad mandate to investigate abusive tax schemes, bankruptcy fraud, identity theft, and many more similar crimes. Wyden’s office provided Motherboard with a copy of the letter on Tuesday.
Do you work at Venntel, Babel Street, or other company providing location data to the government? Did you used to? Do you know anything else about the sale of location data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
In June, officials from the IRS Criminal Investigation unit told Wyden's office that it had purchased location data from a contractor called Venntel, and that the IRS had tried to use it to identify individual criminal suspects. Venntel obtains location data from innocuous looking apps such as games, weather, or e-commerce apps, and then sells access to the data to government clients.
A Wyden aide previously told Motherboard that the IRS wanted to find phones, track where they were at night, use that as a proxy as to where the individual lived, and then use other data sources to try and identify the person. A person who used to work for Venntel previously told Motherboard that Venntel customers can use the tool to see which devices are in a particular house, for instance.
The IRS' attempts were not successful though, as the people the IRS was looking for weren't included in the particular Venntel data set, the aide added.
But the IRS still obtained this data without a warrant, and the legal justification for doing so remains unclear. The aide said that the IRS received verbal approval to use the data, but stopped responding to their office's inquiries.
The Inspector General specifically said they would investigate the legal argument used.
"You requested that TIGTA investigate CI's use of commercial databases in the performance of its duties, and that TIGTA examine the legal analysis IRS lawyers performed to authorize this practice. Your concern is that CI's use of the data described above may not be consistent with the holding of the Supreme Court in the case Carpenter v. United States," the Inspector General's letter continues, referring to the Treasury Inspector General for Tax Administration.
"Upon compilation, to the extent allowable under the law, we will advise you of the results," the letter adds.
The IRS did not immediately respond to a request for comment.
On Tuesday, Motherboard reported that U.S. Customs and Border Protection had paid for access to Venntel's "global" dataset, meaning the agency could track phones beyond U.S. borders.