Wireless carriers have experienced an “explosion” in surveillance over the last five years. Carriers have responded to at least 1.3 million demands for “subscriber data” during the last year and have been “turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests,” according to Eric Lichtblau of the New York Times.
Lichtblau, who reported on the illegal wiretapping of Americans with James Risen in 2005 and won a Pulitzer Prize, reports, “AT&T alone now responds to 230 emergency requests a day nationwide — triple the number it fielded in 2007.” He adds, “Law enforcement requests of all kinds have been rising quickly among the other carriers as well, with annual increases of 12 percent to 16 percent in the last five years. Sprint led the way last year, reporting more than 500,000 law enforcement requests for data.”
The data comes from Congressman Ed Markey’s inquiry. Markey did not think the ongoing surveillance would be this “massive.” He told Lichtblau “‘digital dragnets’ threaten to compromise the privacy of many customers,” and “there’s a real danger” that line has already been crossed.
The American Civil Liberties Union’s Chris Calabrese, who is quoted in the NYT report, notes the story calls attention to “how prevalent this practice has become with so little oversight.” There is “really no set standard for how this information should be accessed.” Congress has not set any standards for collecting personal location data. “Given that we’re all carrying portable tracking devices with us all the time,” Calabrese adds, “we think it’s important that law enforcement get a probable cause search warrant before they get that kind of location information.”
The Times story references the use by police agencies of requests for cell tower “dumps” of data on “subscribers who were near a tower during a certain period of time,” which may yield “hundreds or even thousands of names.” Calabrese explains that this is striking because of the number of innocent people affected by this kind of request.
“You’re talking about getting the location of hundreds of thousands of people as part of a routine investigative practice,” he notes. “You’re really learning a lot of information. We don’t know what’s happening with that information. We don’t know where it’s going. And we don’t know what else might be done with it.”
The huge amount of data being collected is likely being indefinitely stored, which raises another set of questions like how long the information is being kept in a system by agencies and what is being done with data in the aftermath of investigations. Calabrese contends this gathered information on people, who aren’t part of an investigation, should be deleted. The information should only be used for the “specific purpose” for which it was collected. However, it is not clear that data isn’t being kept for future use, as the public knows has happened with information collected and stored in large databases in a national security context.
Another aspect of surveillance that should be further scrutinized is the designation of requests as “police emergencies” to force cell carriers to hand over data. 9-1-1 calls, according to Calabrese, are police emergencies where carriers automatically give location data. That makes up a “fraction of the emergency requests.” The other part is law enforcement calls where they claim they have a good faith belief that “somebody’s life or limb is threatened” and they need this information in order to track their whereabouts. Given how National Security Letters (NSLs) have been abused, it is worth taking a closer look at to see if law enforcement is hyping situations to obtain data.
Back in April, the ACLU released records from local and state law enforcement agencies showing how agencies often use cell phone tracking even if they do not have a warrant or probable cause to engage in such surveillance. The records showed some agencies would obtain “historical cell tracking data” when the data was “relevant and material,” a standard that ACLU staff attorney Catherine Crump called “really low” because “virtually anything can be relevant.” (This is why, to reduce privacy violations, law enforcement agencies should be required to get a probable cause warrant and, as Crump explained, “get a judge to agree there is probable cause, because a judge is a neutral party.”)
Part of Lichtblau’s story highlights the costs private companies are incurring from requests for data. Because “federal law allows the companies to be reimbursed for their ‘reasonable’ costs for providing a number of surveillance operations,” companies send bills to law enforcement agencies. AT&T billed law enforcement for nearly three times as much in reimbursements, collecting “$8.3 million last year compared to $2.8 million in 2007,” a jump in billing that was similar with other companies.
A number of companies maintained they are losing money when helping law enforcement with surveillance. The small carrier, Cricket, for example, “received 42,500 law enforcement requests last year” and complained about “frequently” not being “paid on the invoices it submits.”
This issue over reimbursements raises a couple questions. Calabrese comments it is to the “carrier’s credit that they have been forthcoming” about the level of tracking. It’s worth asking: Are all companies, even the large cell carriers, having difficulty obtaining reimbursements? Are they over-billing law enforcement? Is there some tension over this, enough that they would be more open to sharing legal concerns over the practice so that they could use public scrutiny as leverage to force law enforcement to better handle reimbursements?
These questions are worth asking because the private companies have little to fear in the courts. Courts would likely be unwilling to penalize private companies for complying with law enforcement, even if their compliance was illegal. On top of that, retroactive immunity was granted to telecommunication companies through the FISA Amendments Act. When it comes to using data to investigate run-of the mill crimes, financial crimes or even national security-related crimes, companies don’t really need to be transparent to protect against successful lawsuits. So, are the carriers forthcoming because surveillance operation costs are cutting into profits?
Unmentioned in Lichtblau’s story is the fact that Senator Al Franken, in May, sent an inquiry similar to Markey’s to the Justice Department. He asked for answers to the following questions:
1. How many requests have been filed with carriers in the last 5 years?
2. How many individuals were affected?
3. What legal standard do you use?
4. How much does DOJ pay to offset the carriers’ expenses for filling these requests?
The Department does not maintain records for ordinary criminal investigations of the total number of requests for location information or the total number of requests with which carriers complied. The Department also does not comprehensively track cost information from wireless carriers.
This is one of the clearer indications that there is virtually no oversight of location tracking. (But, at least the DoJ did not suggest they could not provide requested data, which might raise privacy concerns, because it would violate the privacy of US citizens.)
As a remedy, the ACLU advocates the GPS Act be passed in Congress.
Calabrese concludes, “We really need to see these orders for location to be judicially approved. They need to be more standard—the same way wiretap orders are collected by judges after they issue the order and sent along to a central location so they can be compiled into a wiretap report. We really need something like that for location orders and other types of warrant standards—getting text messages or listening to your voicemail—all those things should be under judicial scrutiny with a warrant and then reported to a central location so we can all understand how much is going on.”
His conclusion is even more critical when one considers the overlap between requests for data from social media companies on users. It was recently reported US police are behind most requests to Twitter for data. Both requests to social media companies and cell carriers take place without any meaningful oversight. Except for a recent Supreme Court ruling on GPS tracking that acknowledged law enforcement agencies need warrants to track suspects’ movements, there has been little to no effort on the part of the federal government to provide transparency or oversight to ensure location tracking follows standards that protect the civil liberties of citizens.