It seems that the IRS audit powers are increasing more and more at the expense of taxpayers’ privacy rights. In June of 2019, the IRS posted a procurement notice on its website to award a contract to a company Cellebrite, an Israeli company that specializes in smartphone decryption software and equipment. In other words, the IRS is about to acquire phone-hacking software from this company.
IRS Phone-Hacking Software: Primary Targets
What exactly does the IRS want to be able to hack? It appears pretty much everything that is used by taxpayers on a daily basis. Cellebrite software is capable to hacking both Android and Apple phones. Moreover, it can extract data from programs such as WhatsApp, Instagram and Facebook. This data-extraction ability covers encrypted messages.
According to Cellebrite’s website, its software would allow the IRS to “go beyond texts, call logs and photos with a comprehensive toolset that effectively accesses data from the widest variety of digital sources.” Furthermore, “advanced capabilities help you bypass passwords, overcome locks and encryption challenges to extract and decode complete data from the most devices, operating systems and applications. You can also extract and preserve public and private data from social media and other cloud-based sources, providing an unparalleled amount of forensically sound digital evidence.”
IRS Phone-Hacking Software: IRS Is Not the Only Federal Agency to Use It
The IRS is not alone in its usage of phone-hacking software. US Secret Service, US Immigration and Customs Enforcement, Federal Bureau of Investigation and other government agencies have acquired phone-hacking abilities, including from Cellebrite. One of the most famous examples of a government agency using phone-hacking software occurred with respect to a mass shooter’s iPhone. After Apple refused to cooperate with the FBI, the Bureau reportedly used an “outside party” to unlock the iPhone used by the San Bernardino shooter (the FBI has denied it, but it appears that the rumors are true).
Also, this is not the first time that the IRS used Cellebrite software. It appears the IRS has had contracts with the firm all the way back to 2009. In those instances, the IRS simply paid Cellebrite for its services to unlock a specific phone. This time, however, the IRS wants the software license, equipment and maintenance support.
IRS Phone-Hacking Software: Privacy Invasion Concerns
The fact that the IRS will acquire the capability to directly hack into taxpayers’ phones raises all kinds of privacy concerns. When will the IRS use it – only in criminal investigations or also in civil ones? Will there be a judicial review of the IRS usage of this software? Who will authorize the hacking and under what circumstances? How will the privacy rights of innocent taxpayers be protected? Will the information obtained by the IRS be shared with other federal agencies? What about state agencies? What kind of safeguards are in place to prevent the usage of the discovered data (especially when it is not relevant to tax compliance) for political vendetta purposes?
All of these questions are highly-important concerns in our world of rapidly-disappearing privacy rights. This is a concern that should be shared by all members of our society.
Sherayzen Law Office will continue to follow these recent developments with respect to expanding IRS capabilities to investigate US taxpayers.