Dec 042012
 

1.3M Cellphone Snooping Requests Yearly? It’s Time for Privacy and Transparency Laws

 

WIRED
by Davit Kravits
July 11, 2012

Cellular Tower

 

The nation’s mobile carriers weren’t kidding in April when they told California lawmakers that they were working “day and night” responding to police inquiries for subscriber information, such as locational data of where the phone was when it made and received calls.

That, they said, made them just too busy to have to report publicly how often they get such requests, and the politically powerful carriers ultimately defeated California legislation requiring them to do so.

But now it’s time for that requirement — as well as increased protection for Americans’ private data — to be made the law of the land.

On Monday, Rep. Edward Markey (D-Massachusetts), as part of a congressional probe, divulged statistics about the number of requests made to cellphone providers, for the first time ever revealing that the carriers assisted law enforcement an eye-popping 1.3 million times last year alone in dishing out subscriber information like text messages, location data and calling records.

There is no oversight at all of these tower dumps

And there was more disturbing information. AT&T revealed it charges a mere $75 for a “tower dump,” which tells police what mobile phones pinged a tower in a given time period, though we have no idea how often this happens or whether police store or share that data.

The nine responding companies to Markey — which reported about a 15 percent annual increase in government demands for subscriber information, did not disclose how many of these so-called tower dumps they performed. The dumps provide to law enforcement any cell phone number that has pinged a tower in a given time frame.

“There is no oversight at all of these tower dumps,” said Christopher Soghoian, a privacy expert. “We don’t know how many tower dumps, or what the government does with the data.”

The big four companies — AT&T, Sprint, T-Mobile, Verizon — and the five others need to report how often they perform these, as thousands of innocent people, including those exercising their rights to protest, can be swept up by such an order, and there’s no warrant required to get them.

AT&T also revealed that it receives more than 200 “exigent” requests a day — a sworn declaration from an officer that there’s an emergency — in which case AT&T hands over the data without a judge approving. That’s 79,300 in 2011, up from 25,000 in 2007.

What gives? Is this because more people have cell phones? Have we become a nation rife with emergencies or is it possible that police are abusing this power?

What’s apparent from the numbers and the questions they raise is that an informed citizenry can’t afford not to know how often and how the government gets access to the data nearly all of us generate daily as we lug our smartphones around everywhere.

In fact, the hodgepodge of data reported by the nine carriers leaves it unclear whether police are routinely violating Americans’ constitutional right to be free from unreasonable searches and seizures.

That’s because the law is murky at best about whether warrants are required for certain things, like locational tracking information that documents when and where a mobile phone pings cell towers or makes calls.

That makes it all the more important for Congress to fix those laws. And lawmakers need to require the nation’s carriers, who rent the public airwaves, to regularly report in detail how often they get such requests for data and how they respond.

“The data cries out for a public reporting requirement,” said Greg Nojeim, a director with the Center for Democracy & Technology.

There’s clear precedent for this information, and gross statistics wouldn’t endanger the public. The Justice Department, by law, has to report annually how often they use National Security Letters, obtain espionage and terrorism-related FISA wiretaps, as well as more run-of-the-mill phone tracking methods known as trap-and-traces and pen registers.

The nation’s court system also makes public every year the number of criminal wiretaps employed by federal, state and local officials.

The carriers could easily be required to be publish detailed data annually and made available to the public.

And the lawmakers can also do the carriers a favor by finally clarifying what protections Americans’ data has — and what the FBI and other law enforcement groups need to do to get the data.

As Voyan McCann, a Sprint vice president, said in a letter to Rep. Edward Markey (D-Massachusetts), it’s hard for a mobile phone service provider to know whether it is being properly served, since the legal standard of whether a probable-cause warrant was needed for locational information is murky — and varies across the country.

“Given the importance of this issue, the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel,” McCann wrote wrote (.pdf).

Markey, who co-chairs the Congressional BiPartisan Privacy Caucus, asked the carriers in May for the number of times they supply information to law enforcement, and under what circumstances. Markey released the responses Monday.

The American Civil Liberties Union seized on the revelations too, urging lawmakers to pass the Geolocation Privacy and Surveillance Act, which is pending in the House and Senate. It would require a probable-cause warrant for locational tracking information — and not leave it up to the whims of judges, prosecutors or the carriers.

“Whether they realize it or not, Americans are carrying tracking devices with them wherever they go. Today’s new information makes it clear that law enforcement has carte blanche to follow the trail they leave behind,” Christopher Calabrese, the ACLU’s legislative counsel, said in a statement.

Warrantless locational tracking of Americans is now a legal battleground following the Supreme Court’s decision in January requiring the authorities to obtain a warrant before affixing a GPS device to a vehicle and tracking its every move.

Battling to keep that ruling firewalled to vehicle tracking, the Justice Department claims it needs no warrant to acquire the GPS locational data from a cell phone — and instead only needs to show that the information sought is “relevant and material” to an investigation.

The Supreme Court said the act of affixing the GPS device to a vehicle amounted to a search. But when the phone — the GPS device — is already in somebody’s pocket, there’s no search and no warrant needed, the government argues, “because there is no trespass or physical intrusion on a customer’s cellphone.”

The administration also claims that, because the locational data is maintained by a third party, (.pdf) Americans have no expectation that it would be kept private. The Supreme Court has not decided the issue.

Congress, however, can and should settle it and require police to get a probable-cause warrant — which will make it clear to all what legal standards should be followed.

“The lack of clarity in the law has put providers in a tough spot and has put law enforcement in a tough spot and has put consumers in an impossible spot. When nobody knows the rules, because the rules haven’t yet been set, nobody wins,” Nojeim said.

And unless Markey keeps getting re-elected and demanding the information every year, Americans have no way to know what data  is being doled out by their mobile phone provider or how often the government requests it.

That’s not a healthy way to run a democracy.

 

Direct Link:  http://www.wired.com/threatlevel/2012/07/mobile-data-transparency/all/

Sep 192012
 

Why the iPhone 5 on Verizon and Sprint Won’t Juggle Calls and Data

 

The New York Times / Bits
by Brian X. Chen
September 13, 2012

A lot has changed in Apple’s new iPhone. But with the Verizon Wireless and Sprint versions of the iPhone 5, there’s something that will remain the same from the old model: The phone still won’t be able to place a call and handle data activity over the cellular network at the same time.

Older Verizon and Sprint smartphones on 3G networks were not able to handle simultaneous calls and data because of a limitation in CDMA, the 3G technology that those networks use. But now some Verizon 4G LTE smartphones will let you stay on a phone call while looking up something in an app or checking e-mail. So why not the iPhone 5?

Brenda Raney, a Verizon Wireless spokeswoman, said it was Apple’s decision to design the iPhone 5 so that customers could make voice calls and do Internet activity simultaneously only over Wi-Fi, not over Verizon’s cell network. “The iPhone 5 is designed to allow customers to make voice calls on the Verizon Wireless network and surf the Web on Wi-Fi,” she said in an e-mail. “It was an Apple decision.”

Read the full article at… Direct Link:  http://bits.blogs.nytimes.com/2012/09/13/iphone-5-calls-data/?ref=technology

 

 

 

 

Apr 282012
 

#CISPA, #SOPA, #PIPA and #BigLobbying

Center for Responsive Politics
OpenSecrets.org
By Russ Choma
April 27, 2012
In an era when Republicans and Democrats can agree on almost nothing, one issue in the last three months has been providing common ground: rewriting the rules of the Internet. Privacy and free speech advocates have unleashed a groundswell of outrage as they’ve rushed to rally the public against the measures. But corporate backers of the proposals have fought back hard. 
According to an OpenSecrets.org analysis of the most recent lobbying disclosure information, five of the top ten bills that have been lobbied the most intensely so far this year are Internet-related, and most have bipartisan and industry backing. Major cash is being laid out to push their passage.
The most recent bill to stir things up is the Cyber Intelligence and Sharing Protection Act (CISPA), which would allow private companies to share far more data on users with the federal government in what backers say is an effort to improve cybersecurity. Opponents claim it would severely undermine the privacy rights of many Americans. The bill was passed by the House last night and now faces a tougher battle in the Senate (and the threat of a veto by President Obama).  

A list of companies and organizations that have sent letters of support for the bill to the House Intelligence Committee, where the legislation was created, meshes closely with the list of top lobbying groups so far this year — not to mention groups that lobbied on SOPA and PIPA

For example, AT&T, which sent this letter, spent more money lobbying in the first three months of 2012 than any other single corporation ($7 million, second only to the mega-trade organization Chamber of Commerce, which also lobbied on CISPA though to a lesser extent). The telephone utilities industry as a whole, which includes AT&T and Verizon (which sent this letter) spent $15.3 million in the first quarter of this year, increasing its lobbying expenditures by 35 percent over the previous three months. The total laid out for lobbying by the computer/Internet industry, which includes some of the biggest backers of CISPA, SOPA and PIPA, fell 6 percent in the first quarter — but at $32.1 million, the industry was still the sixth-largest spender on lobbying amont all industries so far in 2012.
It’s hard to assess how much each of these companies spent lobbying Congress specifically on CISPA — or other hot-button Internet bills — because many of these companies have a variety of issues they’re pursuing on Capitol Hill, but are required to report just one dollar amount covering everything. AT&T, for instance, spent its $7 million talking to lawmakers about 121 separate pieces of legislation.
But it’s clear that the lobbying firepower on the other side of the issue is a fraction of what supporters have. One of the most vocal opponents of CISPA is the American Civil Liberties Union – which has spent $507,000 lobbying so far this year, a 28 percent increase from the last three months of 2011. But the group used that money to lobby on 109 different bills, almost as many as AT&T. Another group that has taken a prominent stand against CISPA is the American Library Association, which has spent $54,000 so far this year, spread over 56 different pieces of legislation. 
Another indication of the collective influence of backers of CISPA is the amount of money individuals or PACs affiliated with the organizations have given to key lawmakers on the issue. Last week we reported that the bill’s original sponsor, Mike Rogers (R-Mich.), had received $104,000 from groups that lobbied on the bill. With new campaign finance reports filed since that story, OpenSecrets.org data now shows that Rogers has received at least $175,000 from organizations that have lobbied on the bill. That’s about 15 percent of the total $1.1 million he has reported raising this election cycle. The top two groups: defense contractor SAIC (whose PAC has given Rogers $20,000 this election cycle) and Koch Industries (whose PAC has given Rogers over $14,500.)
Check out all of the donations Rogers has received on our profile of him here, and the entire list of organizations that have lobbied on CISPA here on our profile of the legislation.
Apr 112012
 

 

Anonymous hacks into tech and telecom sites

Two trade association sites that boast members such as Apple, Microsoft, IBM, AT&T, and Verizon come under attack by hackers for supporting cybersecurity legislation.

 

CNET News

by Dara Kerr

 

 

 

Anonymous is certainly making the rounds this week.

First China, now the telecom and tech industry.

The hacker group has claimed responsibility for leading denial-of-service attacks on two technology trade association Web sites, USTelecom and TechAmerica, according to Bloomberg. Anonymous is reportedly lashing out because these organizations support a cybersecurity bill that some members of congress are working to pass.

The attacks began yesterday when users were unable to log onto the sites, reports Bloomberg. USTelecom represents telecom companies, including AT&T, Verizon, and CenturyLink; and TechAmerica’s members include tech companies such as IBM, Microsoft, and Apple.

Both sites say that technicians are working to restore service for their users. Despite the high-profile companies that the sites represent, both organizations told Bloomberg they don’t host any sensitive information.

 The legislation that Anonymous is opposed to is a bipartisan bill referred to as the Rogers-Ruppersberger Cyber Security Bill. The bill is being put forth to “help the private sector defend itself from advanced cyber threats,” according to Rep. Mike Rogers’ Web site.

Both organizations seem undeterred by the attacks. USTelecom President Walter McCormick told Bloomberg that the hacks stifled free speech and Internet norms, while TechAmerica President Shawn Osborne said his organization will continue to support the legislation.

“These types of strong-arm tactics have no place in the critical discussions our country needs to be having about our cybersecurity, they just underscore the importance of them,” Osborne told Bloomberg.

 

Related stories

 

Dara Kerr, a freelance journalist based in the Bay Area, is fascinated by robots, supercomputers and Internet memes. When not writing about technology and modernity, she likes to travel to far-off countries. She is a member of the CNET Blog Network and is not an employee of CNET.

Originally posted at Digital Media

 

Direct Link:  http://news.cnet.com/8301-1009_3-57411619-83/anonymous-hacks-into-tech-and-telecom-sites/

Apr 052012
 

These Are The Prices AT&T, Verizon and Sprint Charge For Cellphone Wiretaps

 

 

FORBES.com

Andy Greenberg

Forbes Staff

April 2, 2012

 

 

 

 

 

If Americans aren’t disturbed by phone carriers’ practices of handing over cell phone users’ personal data to law enforcement en masse–in many cases without a warrant–we might at least be interested to learn just how much that service is costing us in tax dollars: often hundreds or thousands per individual snooped.

Earlier this week the American Civil Liberties Union revealed a trove of documents it had obtained through Freedom of Information Requests to more than 200 police departments around the country. They show a pattern of police tracking cell phone locations and gathering other data like call logs without warrants, using devices that impersonate cell towers to intercept cellular signals, and encouraging officers to refrain from speaking about cell-tracking technology to the public, all detailed in a New York Times story.

But at least one document also details the day-to-day business of telecoms’ handing over of data to law enforcement, including a breakdown of every major carrier’s fees for every sort of data request from targeted wiretaps to so-called “tower dumps” that provide information on every user of certain cell tower. The guide, as provided by the Tucson, Arizona police department to the ACLU, is dated July 2009, and the fees it lists may be somewhat outdated. But representatives I reached by email at Verizon and AT&T both declined to detail any changes to the numbers.

 

Here are a few of the highlights from the fee data.

  • Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target. Sprint’s wireless carrier Sprint Nextel requires police pay $400 per “market area” and per “technology” as well as a $10 per day fee, capped at $2,000. AT&T charges a $325 activation fee, plus $5 per day for data and $10 for audio. Verizon charges a $50 administrative fee plus $700 per month, per target.
  • Data requests for voicemail or text messages cost extra. AT&T demands $150 for access to a target’s voicemail, while Verizon charges $50 for access to text messages. Sprint offers the most detailed breakdown of fees for various kinds of data on a phone, asking $120 for pictures or video, $60 for email, $60 for voice mail and $30 for text messages.
  • All four telecom firms also offer so-called “tower dumps” that allow police to see the numbers of every user accessing a certain cell tower over a certain time at an hourly rate. AT&T charges $75 per tower per hour, with a minimum of two hours. Verizon charges between $30 and $60 per hour for each cell tower. T-Mobile demands $150 per cell tower per hour, and Sprint charges $50 per tower, seemingly without an hourly rate.
  • For location data, the carrier firms offer automated tools that let police track suspects in real time. Sprint charges $30 per month per target to use its L-Site program for location tracking. AT&T’s E911 tool costs $100 to activate and then $25 a day. T-Mobile charges a much pricier $100 per day.

 

 

 

In an emailed statement to me, a Verizon spokesperson told me that the company doesn’t charge police in “emergency cases, nor do we charge law enforcement for historical location information in non-emergency cases.” He added that the company doesn’t “make a profit from any of the data requests from law enforcement.” A Sprint spokesperson sent me a statement saying that the company similarly doesn’t charge law enforcement for data requests in “exigent circumstances.”

“Fees are charged to law enforcement in other circumstances such as court ordered requests and it’s important to note that any fee charged is for recovery of cost required to support these law enforcement requests 24/7,” she writes.

T-Mobile declined to comment, and an AT&T spokesperson referred me to the company’s privacy policy, pointing out a specific line that reads, “We do not sell your personal information to anyone for any purpose.  Period.”

That claim is “simply misleading,” says Catherine Crump, an attorney with the ACLU who coordinated the group’s FOIA project. “That’s a curious definition of ‘sell,’ given that they seem to be charging money for people’s information on a regular basis and handing it over to law enforcement agencies around the country.”

I’ve embedded the Tucson police department document below. The ACLU has created a summary of the very large collection of data it’s obtained here, and the full collection can be found here.

 

Direct Link:  http://www.forbes.com/sites/andygreenberg/2012/04/03/these-are-the-prices-att-verizon-and-sprint-charge-for-cellphone-wiretaps/

 

NSA’s New Data Center And Supercomputer Aim To Crack World’s Strongest Encryption