from the will-continue-to-investigate-murders-in-its-spare-time dept
Now that it's been a few weeks and we're used to the idea that the IRS has a Stingray device, more information has arrived to put us slightly more ill at ease. Sen. Ron Wyden asked IRS head John Koskinen some pointed questions about the IRS's cell tower spoofer ("WTF?" wasn't one of them) and has received some answers.
The IRS assures Wyden -- and by extension, the American public -- that it only uses them correctly and in a limited fashion through its criminal investigation division.
IRS use of cell-site simulation technology is limited to the federal law enforcement arm of the IRS, our Criminal Investigation division. Only trained law enforcement agents have used cell-site simulation technology, carrying out criminal investigations in accordance with all appropriate federal and state judicial procedures.The IRS has only one* Stingray at this point, but is acquiring another, because you just can't have enough cell site simulators these days. It will also start obtaining warrants, in accordance with the DOJ's non-legally-binding suggestion that its agencies do so going forward.
*Possibly two -- see Marcy Wheeler's comments towards the end of this post.
But everything it said above about its Stingray use being limited to the IRS's Criminal Investigation division isn't exactly true. It may have sent its agents out to assist other law enforcement agencies with their work, but it did not limit its Stingray usage to its own investigations.
In addition, IRS-CI has used the cell-site simulator to assist in four non-lRS-CI investigations, one other federal and three state investigations. The federal case was a Drug Enforcement Agency (DEA) federal grand jury narcotics investigation, and tracked one cellular device. In this instance, IRS-CI operated the cell-site simulator, based upon the appropriate federal court order obtained by DEA, and followed all applicable laws under the guidance of an Assistant United States Attorney. The three state cases were non-grand jury investigations involving attempted murder, murder, and gun trafficking, and tracked six cellular devices.So, the IRS sent its Stingray out to assist other agencies with their investigations. It's understandable that the DEA would be aware the IRS had a Stingray in its possession, but the three state investigations were performed by local agencies that somehow knew to ask the IRS if it had a cell site simulator they could borrow.
Even more absurd is the fact that the IRS is in the process of acquiring another cell site simulator. It's not as though it's worn the other one out, as Marcy Wheeler notes.
In other words, over the course of its almost 4 year life, the Stingray has tracked just 44 devices.If everything adds up (including Daniel Rigmaiden's exposure of the IRS's cell phone tracking efforts in his case), this would be the third device the IRS has purchased -- or at least the third it will have access to. Stingrays aren't cheap and at ~4 deployments a year, it would seemingly make more sense for the IRS to borrow one from another federal agency when it needs one, rather than acting as a small-time Stingray lending library for state agencies.
That seems to suggest this tracking isn’t just a quick one-off, otherwise they wouldn’t need another device, as they’re currently in the process of getting.
Perhaps however, this is a testament to the obsolescence of these devices. In his response to Wyden, Koskinen doesn’t mention the Stingray IRS bought in 2009, suggesting it may not be in use anymore.
The government is sure blowing through these expensive surveillance toys in quick succession.
If Wheeler's other conjecture is accurate -- that these devices need periodic replacement -- then Harris is no different than a host of other tech manufacturers who make planned obsolescence an integral part of the business model.