US phone carriers and wireless surveillance of Americans
Posted on 10 December 2013.
As part of his ongoing investigation into wireless surveillance of Americans by law enforcement, US Senator Edward J. Markey released responses from eight major wireless carriers that reveals expanded use of wireless surveillance of Americans, including more than one million requests for the personal mobile phone data of Americans in 2012 by law enforcement.


This total may well represent tens or hundreds of thousands more actual individuals due to the law enforcement practice of requesting so-called “cell phone tower dumps” in which carriers provide all the phone numbers of mobile phone users that connect with a tower during a specific period of time.

Senator Markey began his investigation last year, revealing 1.3 million requests in 2011 for wireless data by federal, state, and local law enforcement. In this year’s request for information, Senator Markey expanded his inquiry to include information about emergency requests for information, data retention policies, what legal standard - whether a warrant or a lower standard - is used for each type of information request, and the costs for fulfilling requests.

The responses received reveal surveillance startling in both volume and scope:
  • There were approximately 1.1 million federal, state, and local law enforcement requests for cell phone records to wireless carriers in 2012. (The number is an underreporting of requests because Sprint did not provide complete information in its response.) There were 1.3 million requests in 2011.
  • There were approximately 9,000 cell tower dumps reported in 2012 (with not all companies reporting).
  • AT&T, Verizon and Sprint reported 56,400 emergency requests for information (non-911 calls). These requests are self-certified by police with no independent audit.
  • There is a high cost for wireless surveillance. AT&T received $10 million; T-Mobile received $11 million; and Verizon less than $5 million in just 2012 alone.
  • Some wireless companies do not require a warrant for some type of geolocation information. For example, AT&T requires a warrant for real-time but not for historical records and T-Mobile requires only a subpoena for historical records.
  • There is no uniform data retention policy for location information derived from cell towers. Companies reported retaining information from between 6-18 months, while AT&T reported retaining information for up to five years.
  • Some wireless companies are supplying the content of communications without a warrant. AT&T discloses stored texts or voicemails that are older than 180 days old with a subpoena. In contrast, Verizon has a warrant standard for texts (but not necessarily for voicemails). T-Mobile requires a warrant for texts and voicemails.
“As law enforcement uses new technology to protect the public from harm, we also must protect the information of innocent Americans from misuse,” said Senator Markey, a member of the Commerce, Science and Transportation Committee. “We need a 4th amendment for the 21st century. Disclosure of personal information from wireless devices raises significant legal and privacy concerns, particularly for innocent consumers. That is why I plan to introduce legislation so that Americans can have confidence that their information is protected and standards are in place for the retention and disposal of this sensitive data.”

The proposed legislation would:
  • Require regular disclosures from law enforcement on the nature and volume of requests.
  • Curb bulk data information requests such as cell tower dumps that capture information on a large group of mobile phone users at a particular period of time, and require that any request be more narrowly tailored, when possible.
  • Require, in the case of emergency circumstances, a signed, sworn statement from law enforcement authorities after receipt of information from a carrier that justifies the need for the emergency access.
  • Mandate creation of rules by the Federal Communications Commission to limit how long wireless carriers can retain consumers’ personal information. Right now, no such standards exist.
  • Require location tracking authorization only with a warrant when there is probable cause to believe it will uncover evidence of a crime. This is the traditional standard for police to search individual homes.
“If the police want to know where you are, we should know why,” said Senator Markey. “When law enforcement access location information, it as sensitive and personal as searching an individual’s home and should be treated commensurately. ”

The senator sent letters to U.S. Cellular, Sprint Nextel, T-Mobile USA Inc., Leap Wireless Inc./ Cricket Communications, Inc., MetroPCS, Verizon Communications Inc., AT&T, and C Spire Wireless, and a copy of the responses from the wireless carriers can be found here.





Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //