IRS says it will get a warrant before using cell-site simulators

The U.S. Internal Revenue Service is drafting a policy to restrict the use without a warrant of cell-site simulator technology to snoop on the location and other information from mobile phones.

The head of the IRS, John Koskinen, wrote in a letter that the agency was drafting a policy that would mirror an earlier Department of Justice rule,  which requires a search warrant supported by probable cause before using the technology,  except in exigent or exceptional circumstances.

Cell-site simulators, also referred to as stingrays or ‘IMSI catchers,’ track the location and other information from mobile phones by mimicking cellphone towers. The use of the technology without a warrant by law enforcement has been criticized by civil rights groups.

The Criminal Investigation division of the IRS first deployed the cell-site simulator in 2012, according to Koskinen’s letter to Senator Ron Wyden. Since then the IRS-IC tracked 37 cellular devices in support of 11 federal grand jury investigations. The investigations were led by the U.S. Attorney’s Office, which provided guidance in obtaining necessary authorizations, including court orders and tracking warrants, Koskinen wrote. The IRS also used the device in four other investigations that required the tracking of seven cellular devices.

The IRS commissioner said that the new policy would be issued by Monday. It wasn’t immediately clear if the policy is now in effect.

DOJ said in September that its agents would have to obtain a search warrant supported by probable cause before using a cell-site simulator, with some exceptions. Under the DOJ policy, old and irrelevant data would also have to be deleted. It also prohibits the use of cell-site simulators to collect the contents of any communication in the course of criminal investigations. 

[ ALSO ON CSO: Lost in the clouds: Your private data has been indexed by Google ]

The Department of Homeland Security also announced a similar warrant requirement and data retention policy for the use of stingrays.

Koskinen wrote to Wyden that the IRS has not used the cellphone tracking technology after DOJ announced its policy, and had placed a hold on its use until the new IRS policy is issued.

New legislation, called the Cell-Site Simulator Act of 2015, was introduced in the House of Representatives last month, with the aim of prohibiting federal, state and local government agencies from using stingrays without a warrant.

Working from press reports and publicly available documents, the American Civil Liberties Union identified on a map 57 agencies in 22 states and the District of Columbia that have stingray technology. It warned that the map could underrepresent the deployment of stingray because of the secrecy surrounding its purchase and use.