1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws
by Davit Kravits
July 11, 2012
The nation’s mobile carriers weren’t kidding in April when they told California lawmakers that they were working “day and night” responding to police inquiries for subscriber information, such as locational data of where the phone was when it made and received calls.
That, they said, made them just too busy to have to report publicly how often they get such requests, and the politically powerful carriers ultimately defeated California legislation requiring them to do so.
But now it’s time for that requirement — as well as increased protection for Americans’ private data — to be made the law of the land.
On Monday, Rep. Edward Markey (D-Massachusetts), as part of a congressional probe, divulged statistics about the number of requests made to cellphone providers, for the first time ever revealing that the carriers assisted law enforcement an eye-popping 1.3 million times last year alone in dishing out subscriber information like text messages, location data and calling records.
And there was more disturbing information. AT&T revealed it charges a mere $75 for a “tower dump,” which tells police what mobile phones pinged a tower in a given time period, though we have no idea how often this happens or whether police store or share that data.
The nine responding companies to Markey — which reported about a 15 percent annual increase in government demands for subscriber information, did not disclose how many of these so-called tower dumps they performed. The dumps provide to law enforcement any cell phone number that has pinged a tower in a given time frame.
“There is no oversight at all of these tower dumps,” said Christopher Soghoian, a privacy expert. “We don’t know how many tower dumps, or what the government does with the data.”
The big four companies — AT&T, Sprint, T-Mobile, Verizon — and the five others need to report how often they perform these, as thousands of innocent people, including those exercising their rights to protest, can be swept up by such an order, and there’s no warrant required to get them.
AT&T also revealed that it receives more than 200 “exigent” requests a day — a sworn declaration from an officer that there’s an emergency — in which case AT&T hands over the data without a judge approving. That’s 79,300 in 2011, up from 25,000 in 2007.
What gives? Is this because more people have cell phones? Have we become a nation rife with emergencies or is it possible that police are abusing this power?
What’s apparent from the numbers and the questions they raise is that an informed citizenry can’t afford not to know how often and how the government gets access to the data nearly all of us generate daily as we lug our smartphones around everywhere.
In fact, the hodgepodge of data reported by the nine carriers leaves it unclear whether police are routinely violating Americans’ constitutional right to be free from unreasonable searches and seizures.
That’s because the law is murky at best about whether warrants are required for certain things, like locational tracking information that documents when and where a mobile phone pings cell towers or makes calls.
That makes it all the more important for Congress to fix those laws. And lawmakers need to require the nation’s carriers, who rent the public airwaves, to regularly report in detail how often they get such requests for data and how they respond.
“The data cries out for a public reporting requirement,” said Greg Nojeim, a director with the Center for Democracy & Technology.
There’s clear precedent for this information, and gross statistics wouldn’t endanger the public. The Justice Department, by law, has to report annually how often they use National Security Letters, obtain espionage and terrorism-related FISA wiretaps, as well as more run-of-the-mill phone tracking methods known as trap-and-traces and pen registers.
The nation’s court system also makes public every year the number of criminal wiretaps employed by federal, state and local officials.
The carriers could easily be required to be publish detailed data annually and made available to the public.
And the lawmakers can also do the carriers a favor by finally clarifying what protections Americans’ data has — and what the FBI and other law enforcement groups need to do to get the data.
As Voyan McCann, a Sprint vice president, said in a letter to Rep. Edward Markey (D-Massachusetts), it’s hard for a mobile phone service provider to know whether it is being properly served, since the legal standard of whether a probable-cause warrant was needed for locational information is murky — and varies across the country.
“Given the importance of this issue, the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel,” McCann wrote wrote (.pdf).
Markey, who co-chairs the Congressional BiPartisan Privacy Caucus, asked the carriers in May for the number of times they supply information to law enforcement, and under what circumstances. Markey released the responses Monday.
The American Civil Liberties Union seized on the revelations too, urging lawmakers to pass the Geolocation Privacy and Surveillance Act, which is pending in the House and Senate. It would require a probable-cause warrant for locational tracking information — and not leave it up to the whims of judges, prosecutors or the carriers.
“Whether they realize it or not, Americans are carrying tracking devices with them wherever they go. Today’s new information makes it clear that law enforcement has carte blanche to follow the trail they leave behind,” Christopher Calabrese, the ACLU’s legislative counsel, said in a statement.
Warrantless locational tracking of Americans is now a legal battleground following the Supreme Court’s decision in January requiring the authorities to obtain a warrant before affixing a GPS device to a vehicle and tracking its every move.
Battling to keep that ruling firewalled to vehicle tracking, the Justice Department claims it needs no warrant to acquire the GPS locational data from a cell phone — and instead only needs to show that the information sought is “relevant and material” to an investigation.
The Supreme Court said the act of affixing the GPS device to a vehicle amounted to a search. But when the phone — the GPS device — is already in somebody’s pocket, there’s no search and no warrant needed, the government argues, “because there is no trespass or physical intrusion on a customer’s cellphone.”
The administration also claims that, because the locational data is maintained by a third party, (.pdf) Americans have no expectation that it would be kept private. The Supreme Court has not decided the issue.
Congress, however, can and should settle it and require police to get a probable-cause warrant — which will make it clear to all what legal standards should be followed.
“The lack of clarity in the law has put providers in a tough spot and has put law enforcement in a tough spot and has put consumers in an impossible spot. When nobody knows the rules, because the rules haven’t yet been set, nobody wins,” Nojeim said.
And unless Markey keeps getting re-elected and demanding the information every year, Americans have no way to know what data is being doled out by their mobile phone provider or how often the government requests it.
That’s not a healthy way to run a democracy.