A government watchdog’s probe into Internal Revenue Service use of cell phone location data is likely to run into legal uncertainty about privacy protections for the data.
Government agencies typically need a search warrant to obtain cell phone location data on a specific person over a set period of time, said Faiza Patel, co-director of the Brennan Center’s liberty and national security program. Privacy protections are less clear for anonymized data an agency purchases from a third party, she said.
“That sets up a legal gray area in which it’s not 100% clear that a warrant would be required,” Patel said.
The Treasury Department’s inspector general for tax administration is looking into an IRS contract with data broker Venntel Inc., which gets location data from the marketing industry, according to the IRS. The probe comes after an inquiry from Democratic senators Ron Wyden of Oregon and Elizabeth Warren of Massachusetts.
The IRS said its criminal investigation unit only used the cell phone location data for “significant” money laundering, cyber, drug and organized crime cases. The agency said it let the contract with Venntel lapse after determining the information wasn’t useful.
The IRS unit “takes the privacy of citizens very seriously and follows all laws and regulations surrounding that privacy,” said Justin Cole, a spokesperson for IRS criminal investigations.
The Supreme Court ruled in 2018 in Carpenter v. United States that the Constitution’s Fourth Amendment protections apply to a person’s historical mobile phone location data. Other courts have since held law enforcement officials must get a warrant to collect real-time cell-site data.
Wyden and Warren have asked whether IRS use of Venntel’s data conflicts with Carpenter. Wyden is working on a bill that would prevent government agencies from purchasing data that would otherwise require a court order, according to his office.
“The government doesn’t have a right to end-run the Fourth Amendment just by using a credit card,” Wyden said in a statement. “I’m grateful the inspector general is taking a close look at why the IRS thought it had the right to search Americans’ movements without a shred of court oversight.”
Marc Zwillinger, founder and managing member of ZwillGen PLLC, said it’s “a little overblown” to suggest the IRS action might violate the Supreme Court’s precedent or the privacy protections in the Fourth Amendment. The case looked at whether the government could force cell phone carriers to hand over a customer’s location data.
“It doesn’t really speak to what happens when companies are selling location data to third parties or the government,” Zwillinger said. “This is a loophole in privacy laws,” he added.
Victor Song, a former chief of the IRS criminal investigation division, said it’s important to await the probe’s findings before jumping to conclusions about whether the division committed any wrongdoing.
Song said that generally, during his time with the agency, the unit would get a court order or subpoena for records to justify getting that information, but it’s unclear from information made available so far what approvals the division got.
“It will be interesting to see what approvals were obtained, when, and from whom,” said Song, who is now chief operating officer at Integritas³ Corp., a forensic accounting, investigations and compliance company.
The Venntel data showed where a phone with an anonymized identifier is located at different times. Privacy advocates worry that large amounts of such data can still be used to identify people, by looking at where the phone user goes on a regular basis.
“The IRS has a problem: If this data is useful for targeting criminals, then it’s an invasion of privacy,” said Mark Rasch, an attorney at Kohrman Jackson & Krantz LLP who previously worked in the Justice Department. “If it’s not invading privacy, then it’s not particularly useful.”