The Guardian reports that the IRS is among the federal agencies that has a Stingray.
The Internal Revenue Service is the latest in a growing list of US federal agencies known to have possessed the sophisticated cellphone dragnet equipment known as Stingray, according to documents obtained by the Guardian.
Invoices obtained following a request under the Freedom of Information Act show purchases made in 2009 and 2012 by the federal tax agency with Harris Corporation, one of a number of companies that manufacture the devices. Privacy advocates said the revelation “shows the wide proliferation of this very invasive surveillance technology”.
The 2009 IRS/Harris Corp invoice is mostly redacted under section B(4) of the Freedom of Information Act, which is intended to protect trade secrets and privileged information. However, an invoice from 2012, which is also partially redacted, reports that the agency spent $65,652 on upgrading a Stingray II to a HailStorm, a more powerful version of the same device, as well as $6,000 on training from Harris Corporation.
I think it is troubling the IRS has Stingrays.
But it should not be surprising.
After all, the single solitary person we know who was convicted using a Stingray, Daniel Rigmaiden, was busted for tax fraud in 2008. Here’s the WSJ’s description of how the government used a Stingray to spy on Rigmaiden without a warrant.
Federal investigators say they pursued Mr. Rigmaiden “through a virtual labyrinth of twists and turns.” Eventually, they say they linked Mr. Rigmaiden to use of a mobile-broadband card, a device that lets a computer connect to the Internet through a cellphone network.
Investigators obtained court orders to track the broadband card. Both orders remain sealed, but portions of them have been quoted by the defense and the prosecution.
These two documents are central to the clash in the Arizona courtroom. One authorizes a “pen register” and clearly isn’t a search warrant. The other document is more complex. The prosecution says it is a type of search warrant and that a finding of probable cause was made.
But the defense argues that it can’t be a proper search warrant, because among other things it allowed investigators to delete all the tracking data collected, rather than reporting back to the judge.
In the Rigmaiden example, investigators used the stingray to narrow down the location of the broadband card. Then they went to the apartment complex’s office and learned that one resident had used a false ID and a fake tax return on the renter’s application, according to court documents.
Based on that evidence, they obtained a search warrant for the apartment. They found the broadband card connected to a computer.
Indeed, much of what we know about Stingrays comes from Rigmaiden’s years-long effort to demand details of how they used the Stingray to find him, and since he got released for time served, he has continued his efforts to uncover how they’ve been used.
What’s interesting about the Guardian report, then, is that the IRS itself owned a Stingray, which they were updating in 2009 and 2012, even as the government was being exposed for improperly using Stingrays without a warrant to prosecute tax fraud. Reports on Rigmaiden had suggested an FBI Stingray was used to catch him — and that may well be the case — but we now learn that they owned one before 2009 (so early enough to capture him with, presumably).
In Rigmaiden’s case, IRS was clearly partnering with FBI, so could have (and may have) used their Stingray. That would seem to be the case for all proper uses of the technology. So, among all the other things we should demand on Stingray use, one of them should be to limit their use to the FBI, which will increase the likelihood they’ll get properly noticed in any prosecution.