Skip to content
Naked Security Naked Security

IRS says it will get warrants before using stingrays

The IRS says it's used its stingray to investigate stolen refunds, money laundering, narcotics, attempted murder, murder, and gun trafficking.

We don’t typically think of tax authorities as staking out neighborhoods to make busts, but that’s how the Internal Revenue Service has relied on a stingray, it’s been revealed.

Last week, IRS Director John Koskinen sent a letter to Oregon Senator Ron Wyden in which he wrote that the service has used its stingray device – also know as a cell-site simulator – to track 37 phones in the course of 11 grand jury investigations and to assist with one non-IRS federal investigation and three non-IRS state investigations.

The IRS cases have involved stolen refunds and money laundering.

The non-IRS cases involved tracking six mobile phones involved in investigations of narcotics, attempted murder, murder, and gun trafficking.

Stingrays work by spoofing cell phone towers and tricking phones into connecting with them, so as to track and locate those phones.

StingRay is the brand name of an International Mobile Subscriber Identity locator, also known as an IMSI catcher, that’s targeted and sold to law enforcement.

The term stingray has also come into use in the US as a generic term for these devices.

The devices are a concern to civil liberties advocates because they scoop up phone information indiscriminately, able as they are to intercept hundreds of phones in surveillance dragnets, the majority of which belong to people innocent of whatever crimes the police happen to be investigating.

Those crimes can be petty: An in-depth investigation by USA Today recently showed hundreds of cases in which stingrays had been used to conduct routine police work, including tracking down stolen phones or pursuing check forgers.

In his letter, Koskinen wrote that the IRS first obtained its stingray in October 2011, and that it began the process of procuring a second one in July 2015.

In late October, Koskinen told a Senate committee that the IRS stingrays are “only used in criminal investigations”:

It’s only used in criminal investigations. It can only be used with a court order. It can only be used based on probable cause of criminal activity.

Koskinen’s letter to Wyden came one day before The Guardian revealed that the IRS had made two purchases from well-known surveillance device manufacturer Harris Corporation in 2009 and 2012.

The 2009 invoice was mostly redacted.

The 2012 invoice showed that the IRS spent $65,652 to upgrade its Stingray II to a more powerful version called HailStorm, as well as $6,000 on training from Harris.

Wyden, along with Rep. Jason Chaffetz, R-Utah, have been targeting the stingray program in a broader bill called the GPS Act that would require law enforcement agents to obtain warrants before tracking Americans’ locations with stingrays or tapping into mobile phones, laptops, or GPS navigation systems.

In September, the US Department of Justice (DOJ) released a new policy that requires all federal agencies to get a search warrant – based on probable cause, with exceptions granted where time is of the essence to avoid human death or injury or to pursue suspected fugitives – before using stingrays.

Koskinen said in the letter that the IRS hasn’t used its device since the DOJ issued the new policy, and it’s working on its own policy – one that will require a search warrant with probable cause, to mirror the DOJ’s policy – that was due on Monday.

Image of Stingray courtesy of Shutterstock.com

3 Comments

These are much more prevalent than implied. The Sherriff dept in the area I live (US) has at least one. While at an event this year I was shown an app that showed 4 devices trying to hijack cell relays, SnoopSnitch. It is a mistake to think your calls cannot be monitored by anyone that really wants to. I’m sure lower range/power Stingrays are dramatically cheaper than the IRSs unit.

If stingrays are this prevalent then there must be some crooks that are using them. its only a mater of time before cell phone carriers find a way to protect against it, then we have the encryption problem all over again. at what point is modile security and privacy a concern again?

Does anyone else get the feeling that all this technology is forcing us all to live in a police state where you have no rites, privileges, or privacy but still have the all the risks of mass shooting? at some point people will wake up and realize that these measures are not making anyone safer, but less private.

There’s an investigation under way in South Africa right now over an alleged private-world “industrial spy” who acquired an IMSI catcher using a fraudulent letter from a public service official to say he was buying it legitimately. Apparently his plan was to augment his industrial espionage capabilities, e.g. by getting info on rival bidders in big tenders by following them from meetings in his specially-equipped BMW X5. Seems some of his potential customers, to whom he gave a demo at a suburban shopping mall, were undercover cops…

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?