Wyden and Warren Demand Investigation into IRS Warrantless Location Tracking

A unit of the IRS previously bought access to location data harvested from ordinary apps installed on peoples’ phones to try and identify individuals.
September 24, 2020, 4:00pm
IRS headquarters
Image: Chip Somodevilla/Getty Images

Ron Wyden and Elizabeth Warren want a formal investigation into the IRS' use of smartphone location data to track Americans without a warrant.

On Thursday, the two Senators sent a letter to the body tasked with oversight of the IRS demanding it investigate how a section of the IRS bought access to this data.

The news highlights the continued tread of law enforcement agencies obtaining location data that would ordinarily require a warrant to do, by simply purchasing the data from commercial providers instead.

"The IRS is not above the law and the agency’s lawyers should never provide IRS-CI investigators with permission to bypass the courts and engage in warrantless surveillance of Americans," the letter to the Treasury Inspector General for Tax Administration reads. "We also urge you to examine the legal analysis that IRS lawyers performed in order to determine how such an obvious violation of Americans’ privacy rights was approved."

Do you work at Venntel or Babel Street? Did you used to? Do you know anything else about the sale of location data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

IRS officials previously told the office of Senator Wyden that the IRS Criminal Investigation (CI) unit had purchased location data from a company called Venntel. Venntel sells government clients access to data that has been harvested from ordinary apps installed on peoples' phones, such as games, weather, or e-commerce apps. In August, Motherboard reported that Customs and Border Protection had recently paid nearly half a million dollars to the firm.

IRS-CI bought the Venntel data with the intention of identifying specific criminal suspects between 2017 and 2018, The Wall Street Journal reported in June. IRS-CI's mandate includes a wide range of tax, fraud, and money laundering related crimes. Wyden's office said at the time that the IRS let the subscription lapse after the agency was unable to locate any targets of interest.

A Wyden aide told Motherboard that the intention was to find phones, track where they go at night to act as a proxy as to where they live, and then use other data sources to identify the individuals. The issue was that the people IRS-CI was looking for weren't included in the particular Venntel data set, likely because they didn't happen to use the normal apps that Venntel obtains data from.

A source who used to work for Venntel previously told Motherboard that a user can look up an identifier of a device to see where else it has been, or search by an area to see which devices were there.

"If you search a certain house, you're only going to get three or four different signals out of there. I think from that standpoint, you could definitely try and identify specific people," the source said. "I think that was part of the goal in using it for government customers and things like that, is that you're able to identify devices, and then you can do device searches to see where else they might have been." Motherboard granted the source anonymity as they weren't authorized to speak to the press about internal Venntel issues.

But regardless, the IRS still obtained the data without a warrant. The Wyden aide told Motherboard that in their conversations with the IRS, officials said they received oral sign-off from attorneys to use the data. The exact legal argument for the agency not requiring a warrant is unclear; the Wyden aide said the IRS stopped responding to their inquiries. The IRS did not respond to Motherboard's request for comment.

"The IRS is not above the law and the agency’s lawyers should never provide IRS-CI investigators with permission to bypass the courts and engage in warrantless surveillance of Americans."

"In 2018, the Supreme Court held in Carpenter v. United States that the collection of significant quantities of historical location data from Americans' cell phones is a search under the Fourth Amendment and therefore requires a warrant," the letter continues. Before the Carpenter decision, various courts and the Department of Justice debated whether accessing location data from Americans' phones should require a warrant or perhaps a court order with a lower standard of suspicion.

"However, even DOJ did not attempt to argue that government officials could have unfettered access to location data without any kind of court order," as happened in this case, the letter adds.

The letter concludes by asking the Treasury Inspector General for Tax Administration to investigate not just IRS-CI's use of Venntel data, but other commercial databases containing Americans' information too.

The Treasury Inspector General for Tax Administration did not respond to a request for comment.