IRS Harvesting Data From a Database of Smartphone Movements

From Privacy Wiki
Jump to navigation Jump to search
IRS Harvesting Data From a Database of Smartphone Movements
Short Title IRS Could Search Warrantless Location Database Over 10,000 Times Using Government Contractor’s Tool
Location United States
Date November 2020

Taxonomy Surveillance, Interrogation, Disclosure, Increased Accessibility
Information Location, Computer Device, Contact
Threat Actors Internal Revenue Service (IRS), Venntel, Law Enforcement

Individuals
Affected Potentially anyone with a smartphone
High Risk Groups
Secondary Consequences

Internal Revenue Service (IRS) used Venntel’s spying tool to identify specific smartphone users and to monitor their location.

Description

In November 2020 the Internal Revenue Service (IRS) was found to have been querying a database of location data quietly harvested from ordinary smartphone apps over 10,000 times.

Venntel is a government contractor that sells clients access to a database of smartphone movements. It sources its location data from gaming, weather, and other innocuous looking apps. Venntel also obtains location information from the real-time bidding that occurs when advertisers push their adverts into users' browsing sessions.Surveillance

Venntel then packages that data into a user interface and sells access to government agencies. Customers can use the product to search a specific area to see which devices were there, or follow a particular device across time.Increased Accessibility Disclosure

Venntel allows tracing and pattern-of-life analysis on locations of interesting criminal investigations, allowing investigators to trace locations of mobile devices even if a target is using anonymizing technologies like a proxy server, which is common in cyber investigations.

The new documents say that the IRS' purchase of an annual Venntel subscription granted the agency 12,000 queries of the dataset per year. The fact that IRS used Venntel’s spying tool to identify specific smartphone users can be interpreted as Interrogation.

Breakdown

Threat: Venntel monitoring location data of people through smartphone apps and advertisers
At-Risk group: Potentially anyone with a smartphone
Harm: Surveillance
Secondary Consequences: not known

Threat: Law enforcement querying Venntels database for personal information about people
At-Risk group: Potentially anyone with a smartphone
Harm: Interrogation
Secondary Consequences: not known

Threat: Venntel sharing location data of people to law enforcement
At-Risk group: Potentially anyone with a smartphone
Harm: Disclosure
Secondary Consequences: Potentially: Incarceration

Threat: Venntel making location data of people easily accessible and searchable to law enforcement
At-Risk group: Potentially anyone with a smartphone
Harm: Increased Accessibility
Secondary Consequences: Potentially: Incarceration

Risk Statistics

Laws and Regulations

Sources

https://www.vice.com/en/article/m7agpa/irs-location-data-venntel-contract