Feeds

US law enforcement phone snooping on the rise

John Law made 1.3 million rat-on requests in 2011

High performance access to file storage

An inquiry by Congressional Representative Edward Markey (D-Mass) has revealed that the number of requests wireless carriers receive from US law enforcement for information about their customers has increased steadily, but just how often the police use mobile phones to track individuals' whereabouts remains unclear.

Markey, who is co-chair of the Congressional Bi-partisan Privacy Caucus, launched his inquiry in response to an article that appeared in The New York Times on 1 April 2012, which claimed that hundreds of US local police departments have been aggressively tracking citizens' mobes, often "with little or no court oversight."

"We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers," Markey said in a statement. "Law enforcement agencies are looking for a needle, but what are they doing with the haystack? We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information."

To that end, Markey sent letters dated 2 May 2012 to nine American mobile carriers, including AT&T, C Spire Wireless, Cricket Communications, MetroPCS, Sprint Wireless, T-Mobile, TracFone Wireless, U.S. Cellular, and Verizon Wireless. All of the carriers responded by the end of that month, and Markey made the responses public on his website on Monday.

According to the information Markey received, federal, state, and local law enforcement agencies issued some 1.3 million requests for phone records to US wireless carriers in 2011.

Most of the carriers reported that the number of requests from law enforcement had increased each year for the past five years. Verizon estimates it has seen about 15 per cent annual growth, while T-Mobile reckoned 12 to 16 per cent.

Aggressive law enforcement isn't the only explanation for such numbers, however. Cricket Communications noted that the number of requests it received had increased by 77 per cent since 2007, but that this figure was in keeping with the growth of its subscriber base.

All of the carriers queried said they considered whether law enforcement had obtained a warrant before responding to a request, as the law requires.

All of the carriers said they distinguished between emergency and non-emergency situations when considering requests. In general, carriers are quicker to comply with law enforcement requests when "exigent circumstances" are present, such as when someone's life is in immediate danger.

Several of the carriers said they did collect fees to make up for the cost of complying with surveillance requests, but most were quick to note that they were not entitled to actually profit from services to law enforcement. AT&T says it does not believe the fees it currently charges cover its actual costs.

All of the carriers denied actively marketing their provision of information to law enforcement as a feature of their services, but all said they complied with any valid requests as required by law.

When asked directly, most of the carriers replied that they were "unaware" of any misuse of mobile phone surveillance by law enforcement.

At the same time, all of them admitted that they had rejected some requests, most often due a legal procedural reason. A subpoena might have been submitted without a signature, for example, or a subpoena may have been used when some other legal process was required for that specific case.

As to the issue of the extent to which law enforcement has been using individuals' mobes to track their whereabouts, though, the information Markey obtained is murky at best. While many requests are for simple voice calling or SMS records, others demand more, and whether and how to comply with those requests is not always clear.

Sprint was surprisingly candid on this matter. "There is no statute that directly addresses the provision of location data of a mobile device to the government," its letter to Markey's office explains. "Given the importance of this issue and the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel."

But even if Congress takes action, any information obtained from audits of wireless carrier data may show only the tip of the iceberg of mobile-phone tracking.

As AT&T points out in its letter to Markey's office, carriers aren't the only potential sources for location data on mobile phone users. Third-party app makers might also gather location data, either from the phone's GPS receiver or from Wi-Fi–hotspot or cell-tower mapping.

"The information from these sources is not available to or obtainable from AT&T (or any other carrier)," AT&T's letter explains, "but can be every bit as detailed and comprehensive as any carrier information."

Just how many times law enforcement may have requested information from these other sources, who they might be, and how many times they complied with requests, remains unknown. ®

3 Big data security analytics techniques

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.