• United States



Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records

Jul 09, 20125 mins
AT&TData and Information SecurityMicrosoft

Federal, state, and local law enforcement requested about 1.3 million cell phone records from wireless carriers in 2011. It's the first time cell phone carriers have reported on the staggering surveillance numbers. Millions of innocent Americans are having their privacy invaded via the dragnet requests.

Holy *bleep*! Federal, state, and local law enforcement requested about 1.3 million cellphone records from wireless carriers in 2011 . . . and that doesn’t count T-Mobile since the company failed to give numbers. “I never expected it to be this massive,” said Rep. Edward Markey about the mobile surveillance numbers after he and Rep. Joe Barton sent letters to mobile carriers asking about cellphone tracking by law enforcement. What’s being hovered up by the law? To name but a few: text messages, geo-location tracking information, wiretaps and “cell tower dumps,” which provide all mobile phone numbers that connected with the tower during a specific time period. Responses are in from AT&T, C Spire, Leap and Cricket, MetroPCS, Sprint, T-Mobile, Tracfone, U.S. Cellular and Verizon; it is the first time cellphone carriers have reported on the staggering surveillance numbers.

“Everyone whose phone has been used by a particular cell tower over a particular time period – likely hundreds or thousands of people – could have their data examined by investigators. And these dragnet data requests are on the rise,” the ACLU said. “The numbers don’t lie: location tracking is out of control.”

To handle these extensive levels of surveillance that often violate Americans’ privacy, the ACLU points at the mobile carrier letters, which state, “AT&T has more than 100 full-time employees assigned just to handle law enforcement requests, Verizon has 70, and Sprint has a whopping 226. That’s a lot of people power devoted solely to surveillance.”

Is AT&T your mobile carrier? The company admitted [PDF] to an average of over 700 requests daily and about 230 were “regarded as emergencies that do not require the normal court orders and subpoena.” In 2011, AT&T received about 260,400 requests for customer information: 131,400 criminal subpoenas, 49,700 orders/warrants, 65,500 exigent (urgent) PSAP requests, and 13,800 non-PSAP exigent requests. It rejected 965 surveillance orders. The company wants to “keep these numbers in perspective,” and added that “AT&T serves over 103,200,000 wireless customers.” Additionally, it “has not encountered any misuse of cellphone tracking by police departments.”

Sprint replied [PDF] that “each subpoena typically requested subscriber information on multiple subscribers and last year alone we estimate that Sprint received approximately 500,000 subpoenas from law enforcement.” In the last five years, Sprint said it received about 52,029 court orders for wiretaps, 77,519 court orders for installation of a pen register/trap and trace device, and 196,434 court orders for location information. The company “is not aware of law enforcement personnel using their own tracking equipment and does not cooperate with law enforcement involved in any such activities.”

Verizon Wireless said [PDF] it received about “260,000 requests for customer information from law enforcement” in 2011. Roughly half of those requests were subpoenas and the other half were warrants and orders “generally for phone bill information, wiretaps, pen registers, traps and traces, text message information and location information or emergency requests.” Law enforcement requests for customer information jumped up about 15% yearly for the last five years, but Verizon maintains, “We do not cooperate with police departments in the use of their own tracking equipment.”

T-Mobile replied [PDF] with what seems like a non-answer answer: “While T-Mobile does not disclose the number of requests we receive from law enforcement annually, the number of requests has risen dramatically in the last decade with an annual increase of approximately 12-16%.” Perhaps the company believes it does not need to answer to Congress since it maintains “the requests for customer information from law enforcement agencies may relate to a variety of matters including national security, drug activities, murders, thefts, kidnappings and terrorism, to name a few.” However, T-Mobile admitted to identifying two inappropriate law enforcement requests for cellphone tracking in the last three years and claims to have “referred the matters to the FBI.” There were also “several instances in which persons posed” as cops and tried unsuccessfully to get customer info.

C Spire received [PDF] about 12,500 requests from police and estimated that it denied 15% “either in whole or in part.”

Leap and Cricket reported [PDF] that law enforcement requests from customer information has grown from 24,000 in 2007 to 42,500 in 2011.

MetroPCS replied [PDF] that it received fewer than 12,000 requests per month from January 2006 through May 2012.

Tracfone said [PDF] it is a “reseller of wireless service,” so it “does not have access to its underlying carriers’ networks and is unable to fulfill law enforcement requests for customer device location real-time tracing of phone calls and text messages, or full-scale wiretapping.”

U.S. Cellular responded [PDF] that it has received “over 103,000 requests” spread out over the past five years.

“We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers,” said Rep. Markey, senior member of the Energy and Commerce Committee and co-Chair of the Congressional Bi-Partisan Privacy Caucus. “Law enforcement agencies are looking for a needle, but what are they doing with the haystack? We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information.”

Like this? Here’s more posts:
  • The more you encrypt, the more the government breaks into your cloud
  • You’re REALLY doing it wrong!
  • Track the trackers with Collusion: Interview with Mozilla’s Ryan Merkley
  • Microsoft ‘sorry’ for raunchy Windows Azure video with dancing girls, bad sexual lyrics
  • High tech car theft: 3 minutes to steal keyless BMWs
  • Hacker claims to have breached & backdoored antivirus software firm Trend Micro
  • The Future of Drone Surveillance: Swarms of Cyborg Insect Drones
  • NSA claims it would violate Americans’ privacy to say how many of us it spied on
  • Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
  • Windows 8 technology shift: The coming end of Win32 apps
  • Going Dark in the Golden Age of Cyber-Surveillance?

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.