Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Intelligence, Governance, Risk and Compliance, Compliance Management, Government Regulations, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

DoJ agrees to share secret memos on geolocation tracking with select House members

Following two years of pressure from Congress, the Department of Justice (DoJ) has agreed to disclose a series of internal memoranda that set policy on device geolocation data collection for federal law enforcement purposes.

The DoJ originally distributed these secret memos following the 2012 case U.S. v Jones, in which the Supreme Court ruled that use of a GPS tracking device to monitor a vehicle's movements required a valid court warrant, subject to Fourth Amendment protections.

This morning, Rep. Jason Chaffetz (R-Utah), chairman of the U.S. House of Representatives' Committee on Oversight and Government Reform, revealed that within the last 24 hours, the DoJ had agreed to a compromise that would allow him and the Committee's ranking member Elijah Cummings (D-Maryland) to review the memos, along with two selected staff members.

“Now while I appreciate that gesture, I need to say it is frustrating that it has literally taken years to get to this point,” said Chaffetz, speaking at an Oversight Committee hearing held today to address the thorny issues surrounding geolocation data tracking, including the collection of historical cell site records and real-time GPS tracking using devices such as stingrays. “Thus far the Department of Justice has refused to allow those of us who serve in Congress to even understand how they're using these type of materials. This is a positive step forward.”

Cummings was likewise encouraged that there would be no redactions in the memo, and said they were able to strike “an appropriate balance between legitimate Congressional oversight and protective law enforcement sensitivities.”

Other members of the committee expressed dissatisfaction that the memos would not be open to all of Congress, accusing the executive branch of exhibiting a lack of trust. Richard Downing, deputy assistant attorney general of the DoJ's Criminal Division, insisted that a mass disclosure to Congress would potentially be "detrimental" to the agency's ongoing investigations.

Rep. Thomas Massie (R-Ky.), however, wasn't buying that argument. “We are trusted with many other secrets of national importance and I think the people's representatives – if not the people, at least the people's representatives – deserve to know how the laws are being interpreted, and how they are going to affect them,” said Massie.

Throughout his testimony, Downing defended the DoJ's current practices for collecting geolocation data. The tracking of a suspect's precise, real-time GPS information requires a probable cause warrant, based on recently clarified DoJ policy. However, the DoJ maintains that it needs only a standard 2703(d) court order for collecting less precise, historical geolocation data, such as cell site records. Downing noted that there are still “substantial privacy protections built into” such orders, as dictated by the Electronic Communications Privacy Act (ECPA).

Neema Singh Guliani, legislative counsel with the American Civil Liberties Union (ACLU), argued that the DoJ's stance doesn't “reflect the intimate nature of location information,” as even historical records can reveal a lot about a person's habits, such as frequent psychiatric appointments or hospital visits.

Downing said the DoJ is “troubled” by calls from the ACLU – and other like-minded organizations – for Congress to make all geolocation data seizures (including historical metadata) dependent on a warrant. Dowling said such a requirement, if passed into law by Congress, could negatively impact criminal investigations “at an early stage where we do not have probable cause, but are gathering information that could be important and could exclude people that were not involved” in a crime.

While Downing affirmed that the DoJ's stingrays are configured to capture only metadata related to a person's location, he acknowledged that with the right software the technology can also capture data and voice communications. Using these devices in this manner would be a violation of current DoJ policy; however, under questioning, Downing acknowledged his department had the ability to change the policy.

Local law enforcement agencies are under no such policy and can use stingrays to intercept communications with a wiretap order, Downing confirmed.

Several Committee members cited considerable distress over the Internal Revenue Service having access to a stingray device and whether or not the agency is following policies similar to what is written in the DoJ's memos from the Jones case. “How in the world is the IRS using this information? We don't know," said Chaffetz, who in 2015 sponsored a proposed GPS Act that would standardize geolocation data collection across all forms of government.

Asked if the DoJ ever shared its Jones memos with the IRS as a model on which to build its own stingray and geolocation policies, Downing said, “I don't believe so.”

“We're concerned that the guidance that exists [within the DoJ] doesn't apply to states and localities or other federal agencies,” added Guliani. “And I will note, even that guidance has loopholes and deficiencies.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.