Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records

Federal, state, and local law enforcement requested about 1.3 million cell phone records from wireless carriers in 2011. It's the first time cell phone carriers have reported on the staggering surveillance numbers. Millions of innocent Americans are having their privacy invaded via the dragnet requests.

Holy *bleep*! Federal, state, and local law enforcement requested about 1.3 million cellphone records from wireless carriers in 2011 . . . and that doesn't count T-Mobile since the company failed to give numbers. "I never expected it to be this massive," said Rep. Edward Markey about the mobile surveillance numbers after he and Rep. Joe Barton sent letters to mobile carriers asking about cellphone tracking by law enforcement. What's being hovered up by the law? To name but a few: text messages, geo-location tracking information, wiretaps and "cell tower dumps," which provide all mobile phone numbers that connected with the tower during a specific time period. Responses are in from AT&T, C Spire, Leap and Cricket, MetroPCS, Sprint, T-Mobile, Tracfone, U.S. Cellular and Verizon; it is the first time cellphone carriers have reported on the staggering surveillance numbers.

"Everyone whose phone has been used by a particular cell tower over a particular time period - likely hundreds or thousands of people - could have their data examined by investigators. And these dragnet data requests are on the rise," the ACLU said. "The numbers don't lie: location tracking is out of control."

To handle these extensive levels of surveillance that often violate Americans' privacy, the ACLU points at the mobile carrier letters, which state, "AT&T has more than 100 full-time employees assigned just to handle law enforcement requests, Verizon has 70, and Sprint has a whopping 226. That's a lot of people power devoted solely to surveillance."

Is AT&T your mobile carrier? The company admitted [PDF] to an average of over 700 requests daily and about 230 were "regarded as emergencies that do not require the normal court orders and subpoena." In 2011, AT&T received about 260,400 requests for customer information: 131,400 criminal subpoenas, 49,700 orders/warrants, 65,500 exigent (urgent) PSAP requests, and 13,800 non-PSAP exigent requests. It rejected 965 surveillance orders. The company wants to "keep these numbers in perspective," and added that "AT&T serves over 103,200,000 wireless customers." Additionally, it "has not encountered any misuse of cellphone tracking by police departments."

Sprint replied [PDF] that "each subpoena typically requested subscriber information on multiple subscribers and last year alone we estimate that Sprint received approximately 500,000 subpoenas from law enforcement." In the last five years, Sprint said it received about 52,029 court orders for wiretaps, 77,519 court orders for installation of a pen register/trap and trace device, and 196,434 court orders for location information. The company "is not aware of law enforcement personnel using their own tracking equipment and does not cooperate with law enforcement involved in any such activities."

Verizon Wireless said [PDF] it received about "260,000 requests for customer information from law enforcement" in 2011. Roughly half of those requests were subpoenas and the other half were warrants and orders "generally for phone bill information, wiretaps, pen registers, traps and traces, text message information and location information or emergency requests." Law enforcement requests for customer information jumped up about 15% yearly for the last five years, but Verizon maintains, "We do not cooperate with police departments in the use of their own tracking equipment."

T-Mobile replied [PDF] with what seems like a non-answer answer: "While T-Mobile does not disclose the number of requests we receive from law enforcement annually, the number of requests has risen dramatically in the last decade with an annual increase of approximately 12-16%." Perhaps the company believes it does not need to answer to Congress since it maintains "the requests for customer information from law enforcement agencies may relate to a variety of matters including national security, drug activities, murders, thefts, kidnappings and terrorism, to name a few." However, T-Mobile admitted to identifying two inappropriate law enforcement requests for cellphone tracking in the last three years and claims to have "referred the matters to the FBI." There were also "several instances in which persons posed" as cops and tried unsuccessfully to get customer info.

C Spire received [PDF] about 12,500 requests from police and estimated that it denied 15% "either in whole or in part."

Leap and Cricket reported [PDF] that law enforcement requests from customer information has grown from 24,000 in 2007 to 42,500 in 2011.

MetroPCS replied [PDF] that it received fewer than 12,000 requests per month from January 2006 through May 2012.

Tracfone said [PDF] it is a "reseller of wireless service," so it "does not have access to its underlying carriers' networks and is unable to fulfill law enforcement requests for customer device location real-time tracing of phone calls and text messages, or full-scale wiretapping."

U.S. Cellular responded [PDF] that it has received "over 103,000 requests" spread out over the past five years.

"We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers," said Rep. Markey, senior member of the Energy and Commerce Committee and co-Chair of the Congressional Bi-Partisan Privacy Caucus. "Law enforcement agencies are looking for a needle, but what are they doing with the haystack? We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.