Cops asked wireless carriers for over 1.1 million customer cellphone records in 2012

Wireless carriers told Senator Edward Markey that they received 1.1 million requests for cell phone data information from law enforcement agencies in 2012. The number may appear to be less than the 1.3 million total requests for 2011, but don’t get excited; giving you a comparable answer is not possible, since Sprint – the third largest carrier in the U.S. – chose to give a sneaky answer instead of an actual number of law enforcement requests.

There is enough information, however, for Sen. Markey to tell the Washington Post, “This isn’t the NSA asking for information. It’s your neighborhood police department requesting your mobile phone data. So there are serious questions about how law enforcement handles the information of innocent people swept up in these digital dragnets.”

AT&T and T-Mobile together accounted for over 600,000 documented requests for customer information made by local, state and federal law enforcement. The ACLU’s Catherine Crump added, “AT&T has to employ more than 100 full-time workers to process them.” Verizon Wireless admitted that “police requests for customers’ call records have approximately doubled over the last five years.”

“Have no doubt, police see our mobile devices as the go-to source for information, likely in part because of the lack of privacy protections afforded by the law,” stated Christopher Calabrese, the ACLU’s legislative counsel at the Washington Legislative Office. “Our mobile devices quite literally store our most intimate thoughts as well as the details of our personal lives. The idea that police can obtain such a rich treasure trove of data about any one of us without appropriate judicial oversight should send shivers down our spines.”

Because each mobile carrier answered in a different way, it’s challenging to make a comparable chart of numbers. Yet since customers paying a wireless bill might like to know the number to see how they stack up in regards to privacy and carriers handing over data to LEA, I’ve tried to compare and list them. The image below is a screenshot of Sprint’s reply to Senator Edward Markey’s letter requesting law enforcement requests. It allows you to see the questions, as well to learn how Sprint [pdf] chose to answer without answering.

Sprint Nextel [pdf]: “Sprint has a database system that processes the intake and distribution of law enforcement requests, such as those listed above….Sprint’s systems, however, do not track the number or type of requests using the categories listed above in a manner that makes it possible for Spring to provide detailed information requested in your question….Rather than attempting to provide numbers that are not comparable with other carriers, Sprint would be happy to meet with you and your staff in person to discuss the numbers of requests and the manner in which they are retained.”

Having seen Sprint’s reply, here are what the other seven wireless carriers reported as:

Requests for information from law enforcement:

Verizon Wireless [pdf]: about 270,000; AT&T [pdf]: 297,500; T-Mobile [pdf]: 297,350; US Cellular [pdf] 20,588; C Spire [pdf]: 2,350; and Cricket Communications / Leap Wireless [pdf]: 59,000.

Subpoenas for call detail records

Verizon Wireless: 135,000

AT&T: a total of 135,300 with 133,000 of those being historical call detail records.

T-Mobile: “While TMUS maintains records on each individual request, TMUS currently does not track requests according to all the categories.” Take this for T-Mobile’s answer to each unless indicated otherwise.

Warrants for location information

Verizon Wireless: 30,000 warrants or orders for location information.

AT&T reported a geolocation total of 77,800, further broken down as 31,000 for cell tower location; 46,800 for real-time geolocation.

Cell tower dumps

Verizon Wireless: 8% of 30,000

AT&T specified cell tower dump searches: 600

From cellphone carriers’ replies, the total (not counting the non-answer from Sprint) was “approximately 9,000 tower dumps reported in 2012.”

Stored text messages

Verizon Wireless: 12,000 demands.

AT&T: AT&T lumped voicemail and text message content together for a total of 4,200.

Voicemails

Verizon Wireless: 70 warrants.

AT&T: see above lumped total of 4,200.

Pen registers / traps and traces

Verizon Wireless: 5,000 requests to assist.

AT&T lumped pen registers / traps and traces / wiretap together as 2,300.

Wiretapping

Verizon Wireless: 1,000 requests to assist.

AT&T had a separate column for “wiretapping” noted as 500.

T-Mobile: 3,000 wiretap requests.

Legal demands for customers’ ‘data’

Verizon Wireless: 6,000 legal demands for ‘data’ such as linking ‘IP address used by a customer at a specific time with his or her name.’

AT&T called this “packet data surveillance” with a total of 1,200.

For each type of usage, how long do mobile carriers store records?

Verizon Wireless: “In general, we retain these records for one year , although subscriber information and customer bills are retained for longer periods and text message content has generally been retained for less than a week.”

AT&T: Historical cell tower location and call detail records are both stored for 5 years; 14 days for voicemail; 30 days for enhanced voicemail; 14 days for visual voicemail (Android, Windows, Blackberry); 30 days for Apple visual voicemail. Text messages are not stored after they are delivered to the recipient. No ability to retrieve and report web browsing activity on individual subscribers. Subscriber info is retained for the “length of time the customer is active, plus 7 years.”

T-Mobile:

Sprint: “Sprint’s standard retention period for law enforcement requests is 18 months.”

Keep in mind that each company answered a bit differently, so it wasn’t as straightforward as giving a single number to each question. Also, not all LEA requests require a warrant and these numbers do not include the data cops can collect on their own through the use of devices like the Stingray; it acts like a fake cell tower to which mobile phones connect.

USA Today reported that at least 25 police departments own a $400,000 Stingray. Of 125 police agencies in 33 states, “one in four law-enforcement agencies have used a tactic known as a ‘tower dump,’ which gives police data about the identity, activity and location of any phone that connects to the targeted cellphone towers over a set span of time, usually an hour or two. A typical dump covers multiple towers, and wireless providers, and can net information from thousands of phones.”

“To turn everybody’s telephone data to the police unrelated to any suspicion of crime, I think it’s an unreasonable search and seizure,” said Jay Bender, a First Amendment attorney who represents WLTX. He also told Reason, “I don’t think that’s permitted by the Constitution.” Well neither do I, but apparently someone forgot to hand out a copy of the Constitution to the cops.

Lastly, the New York Times reported that “in November, shareholders of AT&T and Verizon Communications sent resolutions to the two companies demanding that they publish regular reports on how they share customer information with the government for surveillance efforts. Now AT&T has issued a response: It’s none of your business.”

Like this? Here’s more posts:

• Hollywood’s anti-piracy propaganda turned into K-12 curriculum in California
• How Microsoft invented, or invisibly runs, almost everything
• Microsoft cybersecurity report warns users about the evils of clinging to XP
• Drivers beware: Roadblocks where cops collect ‘voluntary’ blood and saliva samples
• Microsoft fails to mention Skype in promises to protect users from NSA surveillance
• 300-pound crime-predicting mobile robot: Crime-preventing precog or ‘R2D2’s evil twin’?
• Porn-surfing corporate bosses infect networks, then keep data breaches a secret
• Targeted attacks spotted in the wild exploiting Windows XP zero-day
• LG Smart TV spying, owner claims his USB filenames posted on LG servers
• 6 agencies under DHS rule still using Windows XP: IG finds DHS cybersecurity holes
• LG Smart TV spying whiplash: LG removes Smart Ad video and changes statement

Follow me on Twitter @PrivacyFanatic