IRS Harvesting Data From a Database of Smartphone Movements
IRS Harvesting Data From a Database of Smartphone Movements | |
---|---|
Short Title | IRS Could Search Warrantless Location Database Over 10,000 Times Using Government Contractor’s Tool |
Location | United States |
Date | November 2020 |
Solove Harm | Surveillance, Interrogation, Disclosure, Increased Accessibility |
Information | Location, Computer Device, Contact |
Threat Actors | Internal Revenue Service (IRS), Venntel, Law Enforcement |
Individuals | |
Affected | Potentially anyone with a smartphone |
High Risk Groups | |
Tangible Harms |
Internal Revenue Service (IRS) used Venntel’s spying tool to identify specific smartphone users and to monitor their location.
Description
In November 2020 the Internal Revenue Service (IRS) was found to have been querying a database of location data quietly harvested from ordinary smartphone apps over 10,000 times.
Venntel is a government contractor that sells clients access to a database of smartphone movements. It sources its location data from gaming, weather, and other innocuous looking apps. Venntel also obtains location information from the real-time bidding that occurs when advertisers push their adverts into users' browsing sessions.Surveillance
Venntel then packages that data into a user interface and sells access to government agencies. Customers can use the product to search a specific area to see which devices were there, or follow a particular device across time.Increased Accessibility Disclosure
Venntel allows tracing and pattern-of-life analysis on locations of interesting criminal investigations, allowing investigators to trace locations of mobile devices even if a target is using anonymizing technologies like a proxy server, which is common in cyber investigations.
The new documents say that the IRS' purchase of an annual Venntel subscription granted the agency 12,000 queries of the dataset per year. The fact that IRS used Venntel’s spying tool to identify specific smartphone users can be interpreted as Interrogation.
Breakdown
Threat: Venntel monitoring location data of people through smartphone apps and advertisers
At-Risk group: Potentially anyone with a smartphone
Harm: Surveillance
Secondary Consequences: not known
Threat: Law enforcement querying Venntels database for personal information about people
At-Risk group: Potentially anyone with a smartphone
Harm: Interrogation
Secondary Consequences: not known
Threat: Venntel sharing location data of people to law enforcement
At-Risk group: Potentially anyone with a smartphone
Harm: Disclosure
Secondary Consequences: Potentially: Incarceration
Threat: Venntel making location data of people easily accessible and searchable to law enforcement
At-Risk group: Potentially anyone with a smartphone
Harm: Increased Accessibility
Secondary Consequences: Potentially: Incarceration
Laws and Regulations
Sources
https://www.vice.com/en/article/m7agpa/irs-location-data-venntel-contract