Feeds

US law enforcement phone snooping on the rise

John Law made 1.3 million rat-on requests in 2011

The essential guide to IT transformation

An inquiry by Congressional Representative Edward Markey (D-Mass) has revealed that the number of requests wireless carriers receive from US law enforcement for information about their customers has increased steadily, but just how often the police use mobile phones to track individuals' whereabouts remains unclear.

Markey, who is co-chair of the Congressional Bi-partisan Privacy Caucus, launched his inquiry in response to an article that appeared in The New York Times on 1 April 2012, which claimed that hundreds of US local police departments have been aggressively tracking citizens' mobes, often "with little or no court oversight."

"We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers," Markey said in a statement. "Law enforcement agencies are looking for a needle, but what are they doing with the haystack? We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information."

To that end, Markey sent letters dated 2 May 2012 to nine American mobile carriers, including AT&T, C Spire Wireless, Cricket Communications, MetroPCS, Sprint Wireless, T-Mobile, TracFone Wireless, U.S. Cellular, and Verizon Wireless. All of the carriers responded by the end of that month, and Markey made the responses public on his website on Monday.

According to the information Markey received, federal, state, and local law enforcement agencies issued some 1.3 million requests for phone records to US wireless carriers in 2011.

Most of the carriers reported that the number of requests from law enforcement had increased each year for the past five years. Verizon estimates it has seen about 15 per cent annual growth, while T-Mobile reckoned 12 to 16 per cent.

Aggressive law enforcement isn't the only explanation for such numbers, however. Cricket Communications noted that the number of requests it received had increased by 77 per cent since 2007, but that this figure was in keeping with the growth of its subscriber base.

All of the carriers queried said they considered whether law enforcement had obtained a warrant before responding to a request, as the law requires.

All of the carriers said they distinguished between emergency and non-emergency situations when considering requests. In general, carriers are quicker to comply with law enforcement requests when "exigent circumstances" are present, such as when someone's life is in immediate danger.

Several of the carriers said they did collect fees to make up for the cost of complying with surveillance requests, but most were quick to note that they were not entitled to actually profit from services to law enforcement. AT&T says it does not believe the fees it currently charges cover its actual costs.

All of the carriers denied actively marketing their provision of information to law enforcement as a feature of their services, but all said they complied with any valid requests as required by law.

When asked directly, most of the carriers replied that they were "unaware" of any misuse of mobile phone surveillance by law enforcement.

At the same time, all of them admitted that they had rejected some requests, most often due a legal procedural reason. A subpoena might have been submitted without a signature, for example, or a subpoena may have been used when some other legal process was required for that specific case.

As to the issue of the extent to which law enforcement has been using individuals' mobes to track their whereabouts, though, the information Markey obtained is murky at best. While many requests are for simple voice calling or SMS records, others demand more, and whether and how to comply with those requests is not always clear.

Sprint was surprisingly candid on this matter. "There is no statute that directly addresses the provision of location data of a mobile device to the government," its letter to Markey's office explains. "Given the importance of this issue and the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel."

But even if Congress takes action, any information obtained from audits of wireless carrier data may show only the tip of the iceberg of mobile-phone tracking.

As AT&T points out in its letter to Markey's office, carriers aren't the only potential sources for location data on mobile phone users. Third-party app makers might also gather location data, either from the phone's GPS receiver or from Wi-Fi–hotspot or cell-tower mapping.

"The information from these sources is not available to or obtainable from AT&T (or any other carrier)," AT&T's letter explains, "but can be every bit as detailed and comprehensive as any carrier information."

Just how many times law enforcement may have requested information from these other sources, who they might be, and how many times they complied with requests, remains unknown. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
Pedals and wheel in that Google robo-car or it's off the road – Cali DMV
And insists on $5 million insurance per motor against accidents
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.