Forget TikTok. IRS Inquiry Shows The Continued Abuse Of Location Data Is The Real Scandal.
from the every-step-you-take dept
We’ve noted a few times now that despite all the pearl clutching over TikTok, the use and abuse of user location data makes concerns about TikTok look like a grade school picnic. That should have been made obvious by the Securus and LocationSmart scandals, which showed that cellular carriers had been selling access to data (including 911 data) on your every movement to any nitwit with a nickel. This data was then abused by everyone from law enforcement, to folks pretending to be law enforcement, to idiot stalkers.
And while cellular carriers have pinky sworn this sort of thing won’t happen again, regulators and lawmakers haven’t really bothered to confirm this because basic oversight and accountability simply isn’t in vogue. Meanwhile, location data is also being collected and sold by a universe of apps and third parties, then repackaged and sold across a universe of governments, dubious middlemen, data brokers, and intelligence organizations.
This week, reports revealed that the IRS is now investigating itself for buying access to this data harvested from user phones, and using it to identify and track U.S. residents without a warrant. The data comes from a company named Venntel, which sells this sort of data to a wide variety of clients, including U.S. Customs and Border Protection. ICE and CBP are still busy buying this data despite a Congressional inquiry into how this probably isn’t, you know, legal.
And it’s not just ICE and CBP. Last month, Senators Ron Wyden and Elizabeth Warren wrote a letter to the IRS suggesting the IRS Criminal Investigation (CI) division might just want to investigate the agency’s use and purchase of this data since they’re treading on thin legal ice:
“The IRS is not above the law and the agency?s lawyers should never provide IRS-CI investigators with permission to bypass the courts and engage in warrantless surveillance of Americans. We also urge you to examine the legal analysis that IRS lawyers performed in order to determine how such an obvious violation of Americans? privacy rights was approved.”
This month, a letter obtained by Joseph Cox at Motherboard indicates said investigation has begun:
“You requested that TIGTA investigate CI’s use of commercial databases in the performance of its duties, and that TIGTA examine the legal analysis IRS lawyers performed to authorize this practice. Your concern is that CI’s use of the data described above may not be consistent with the holding of the Supreme Court in the case Carpenter v. United States.”
“Upon compilation, to the extent allowable under the law, we will advise you of the results,” the letter adds.
Of course there’s no guarantee that the U.S. government’s investigations of itself result in absolutely anything of note. Motherboard also obtained documents highlighting the width and breadth of the data being purchased by Customs and Border Protection. Together they show just how deep this rabbit hole goes. And while the government and companies like to suggest that buying and selling this kind of sensitive data with reckless abandon is no big deal because that data is often “anonymized,” researchers have repeatedly made it abundantly clear that means absolutely nothing in practice.
It should be pretty clear by this point that the United States has prioritized money over any kind of genuine oversight of location data or consumer privacy. As a result there’s an absolute ocean of often sketchy, interconnected industries from adtech and telecom to data brokers and tiny app makers, all hungrily crowding around a mammoth trough with absolutely no meaningful oversight. When there is oversight, it usually involves the kinds of flimsy wrist slaps and fines so small as to be meaningless in full context of the money being made off your every waking behavior.
The sheer volume of access to this data also continues to highlight the stupidity of the TikTok ban and the obsession with the app. We’re purportedly super concerned that Chinese intelligence could get access to data from lip-syncing teens, yet we refuse to pass even a basic privacy law, or bring anything even remotely close to oversight to a vast international network of adtech companies, intel operations, governments (including China), and data brokers all buying and selling significantly more data with reckless abandon.
Filed Under: data, data brokers, irs, privacy, surveillance
Comments on “Forget TikTok. IRS Inquiry Shows The Continued Abuse Of Location Data Is The Real Scandal.”
I’m going to go further, and say the continued collection of location data is the scandal. How dumb do we have to be to believe promises yet again? Even if we had an effective regulator, do we really believe the government wouldn’t bypass them to get location data for its own uses? Maybe just to the NSA in relation to "terrorism", at first. Then the CBP to catch terrorists trying to enter the country, then the IRS to catch terrorist-financiers evading taxes, then to non-terrorist criminals…
Europe has more effective regulation, but they still act all shocked that foreign spies are able to track them.
I see only one way to fix this problem long-term and worldwide: develop a cellular protocol to prevent telcos from learning people’s locations. Companies such as Apple can push it as a privacy measure. Branches of the US government can push it as a way to resist foreign totalitarian governments, as they currently promote Tor. We’re talking about basically the same technology, after all, and foreign countries tend to inherit whatever technology becomes popular in the USA and Europe.
There's an obvious question in there
If the data is "anonymized", why are these agencies buying it in order to locate people (or money)?
"Oh, but that data isn’t anonymized…"
Re: There's an obvious question in there
Anonymized data is still good for fishing expeditions. Look through it, find suspicous patterns, then subpoena the provider for the non-anonymous version of that specific data.
Verizon's attempt at "privacy"
For anyone interested, here are several links to Verizon’s privacy policies.. (I found one that they have for license plate readers that they operate….WHAAAAAAT??)
Automated license plate recognition
https://www.verizon.com/about/privacy/automated-license-plate-recognition
https://www.verizon.com/about/privacy/full-privacy-policy#acc-item-34
https://www.verizon.com/about/privacy/mobile-location-analytics-privacy-notice
https://www.verizon.com/about/privacy/
https://www.verizon.com/about/terms-conditions/verizon-online-terms-service-verizon-business-internet-and-value-added-services