IRS Joins FBI, DEA & Other Federal Agencies With Access To Cellphone Surveillance Technology
If you think you’re being watched, you may be right. The Internal Revenue Service (IRS) has joined the list of at least 13 federal agencies now equipped with sophisticated surveillance technology known as Stingray. The information was confirmed by The Guardian, which obtained invoices following a request under the Freedom of Information Act (FOIA) acknowledging the purchase of the devices in 2009 and 2012. The 2012 invoice indicates that IRS spent more than $70,000 on training and the purchase of a more powerful version of the Stingray called a HailStorm from the Harris Corporation which manufactures the devices.
Stingrays are also known as “cell site simulators” or “IMSI catchers.” The highly controversial devices, only slightly larger than a laptop, mimic cell phone towers and send out signals, or pings, to trick cell phones in the area into sending signals back with their location and other identifying information which may include the phone’s contacts, messages, and other content. While the devices are generally intended to target a specific target’s cell phone, the devices are capable of gathering the same information from nearby cell phones – folks who might be intended targets. Some smaller devices using related technology used by state and local law enforcement are virtually undetectable, about the size of a person’s hand.
Why is this alarming? The ability to gather data from all cell phone users in one location, including those who might not have been targets, is powerful. The data associated with innocent people may now be available for purposes it was perhaps not intended to be secured for in the first place. Additionally, while it has traditionally been the case that persons are generally protected from searches in places where there might be an expectation of privacy, such as inside a person’s home, the wide reach of the Stingray can allow for what is basically a warrantless search. The latter causes some to be concerned about whether the use of this technology might be a constitutional violation.
It is not clear how IRS is using or has used Stingray and related technology. While the Criminal Investigations department of IRS (IRS-CI) doesn’t generally use focus on “ordinary” taxpayers like you and me, the investigative arm does help follow the money in a variety of criminal matters, including situations where IRS may team up with the Department of Justice to bring down organized crime syndicates, terrorists and identity thieves as well as target financial institution fraud and public corruption.
(For more about the work of IRS-CI, click here.)
Prior to the acknowledgment that IRS has this technology, the American Civil Liberties Union (ACLU) had identified 12 other federal agencies with Stingrays. Those agencies include Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), the Secret Service, Immigration and Customs Enforcement (ICE), U.S. Marshals Service, Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF), U.S. Army, U.S. Navy, U.S. Marine Corps, U.S. National Guard, U.S. Special Operations Command (Special Ops), and, of course, the National Security Agency (NSA).
Exactly how extensively the devices are being used in federal agencies like IRS – as well as state and local police – is unknown. This is because federal agencies, police and other law enforcement have refused to disclose the purpose of the technology, even going so far as to deny the use. The use of the technology is so secret that in 2012, the FBI advised police that it was better to drop criminal charges than be forced to reveal ”any information concerning the cell site simulator or its use.”
The manufacturer, Harris Corporation, isn’t naming names. The ACLU has submitted a number of FOIA requests in an effort to determine where and how the technology, often purchased with grants from the Department of Homeland Security, is being used. You can also find a list of FOIA requests on the ACLU website; the Wall Street Journal has posted a similar list on Document Cloud. (The cities and towns which responded are eye-opening: I was shocked to see that my small hometown of Wilmington, NC, spent tens of thousands of taxpayer dollars on this technology.)
The shroud of secrecy over who might have the devices and how they might be used to circumvent the normal warrant process (and to avoid mentioning the surveillance at trial) was concerning enough to draw national attention. Last month, the Department of Justice announced a new policy for the use of Stingrays and other cell site simulators “that will enhance transparency and accountability, improve training and supervision, establish a higher and more consistent legal standard and increase privacy protections in relation to law enforcement’s use of this critical technology.” The policy goes into effect immediately and applies to all agencies under its department. Just last week, the Department of Homeland Security followed suit (memo downloads as a pdf).
So, better right? There’s just one teensy problem: IRS isn’t a part of the DOJ. Or the DHS. IRS is under the purview of the Treasury Department so the new rules wouldn’t apply to them (the new rules also don’t apply to various military agencies as well as state and local law enforcement). A request for more information made after hours regarding the IRS policy about use of this technology was not returned prior to publication.
It’s clear that as the use of these devices ramp up, concerns about privacy will, too. How various agencies and law enforcement use the tools, as well as the process for determining when it might be an appropriate use, is bound to be a topic for discussion – especially when a new administration takes shape. Stay tuned.
This article was written by Kelly Phillips Erb from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.