The IRS has been accused of buying Americans’ smartphone location data from a private surveillance company in order to track them. Last month, Democratic Senators Ron Wyden and Elizabeth Warren demanded a formal investigation into the IRS, and one was indeed launched on October 6th by the US Treasury’s Inspector General.
The IRS reportedly purchased this data from a company called Venntel, which scraps aggregate location data mined through regular apps like games and weather apps.
Governments and law enforcement agencies are able to bypass legal and constitutional limitations like the Fourth Amendment in order to obtain personally identifying information (PII) on their people without the need for a warrant.
Venntel is also currently the subject of a separate investigation by House Democrats over Department of Homeland Security contracts wherein location data was used to unlawfully track people crossing the US-Mexico border.
Since Venntel is getting the data through third-parties and are not the ones collecting it directly, it’s impossible for users to know whether their data is being sold by Venntel.
Venntel does graciously provide a way to request your info but it requires giving them your email address, your mobile advertising ID (basically how you get tracked across apps), 3 recently visited locations including street address, city, state and zip code, as well as your IP address.
I guess I’ll never know.
This information was revealed after the Inspector General wrote a letter to the Senators that had requested the investigation. Motherboard obtained a copy of the letter and released it publicly.
“We are going to conduct a review of this matter, and we are in the process of contacting the CI [Criminal Investigation] division about this review,” reads the letter, signed by Inspector General J. Russel George and dated September 30th 2020.
To make matters worse, the IRS wasn’t even successful. The person they were after wasn’t in the data set provided by Venntel. So then what happens to all that personal data they got on all those innocent people?
Is our location data worthless that it can be shared willy-nilly between government agencies and private companies for the interests of both with no regard to ours?