Service Providers Could Provide More Cellphone Privacy

Congress released reports from mobile carriers earlier this month that showed companies like AT&T Inc. (NYSE: T), Verizon Communications Inc. (NYSE: VZ) and Sprint Corp. (NYSE: S) responded to more than 1.3 million demands for subscriber information from law enforcement during 2011. (See the letters from Congressman Ed Markey and carrier responses here.)

So just what, exactly, can law enforcement -- and this includes local police, as well as state and federal police agencies looking into such things as financial crimes and intelligence issues -- learn about the everyday consumer without a warrant?

Quite a lot, according to Hanni M. Fakhoury, a staff attorney with the Electronic Frontier Foundation .

“Under federal law, law enforcement can obtain ‘record or other information pertaining to a subscriber to or customer of such service,’” Fakhoury says. “This does not include ‘content’ or the actual written or oral communications occurring by the customer, such as phone calls, voice mails, text messages or emails.”

But here’s a list of what it does include:

  • Name
  • Address
  • Local and long-distance telephone connection records
  • Records of session times and durations
  • Length of service (including start date)
  • Types of service utilized
  • Telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address
  • Means and source of payment for such service (including any credit card or bank account number)

According to Fakhoury, such information is used to figure out who a particular person is. “And cell site location data allows the government to trace a person's movements, both in the past and in real time or prospectively,” he says. “This helps law enforcement find and track individuals suspected of committing crimes, as well as connect individuals to crimes. So if they can show a particular phone number was near the scene of a robbery, law enforcement can deduce the person may have been the robber.”

What about the innocent people who have nothing to do with those crimes but whose cellphone information is obtained as part of the sweep? Fakhoury says one of the ways innocent people often are implicated is by "data dumps."

“The police can go to a cellphone provider and ask for all of the data stored on a specific cellphone tower over a certain period,” he says. “Obviously this would capture all the data of all the people who connected to the tower, regardless of whether they are suspected of a crime or not.

For their part, wireless providers aren’t exactly putting up a huge fight on behalf of the consumers who pay their bills. Quite the opposite, in fact.

In this excellent article by Catherine Crump, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology Project, she discusses how Sprint developed a website for the police to more conveniently access the information they wanted, after law enforcement requested more than 8 million pieces of information over a 13-month period.

Fakhoury could not come up with an example of mobile carrier that has not provided the information when asked. “I can't begin to know what all the carriers do, but my understanding is they are almost always helpful and there is little provider opposition,” he says. “That being said, the providers should be demanding law enforcement comply with the law and expect the police to use the correct legal process to get records, including requiring a warrant for content and a subpoena for other forms of data.”

Although awareness of this issue is increasing, Fakhoury says consumers should educate themselves about what law enforcement can obtain from their devices and take measures to protect themselves, including:

  • Be aware of the information your phones -- and the providers -- are collecting. Many smartphone apps have access to contacts or tracking a user's location without the consumer's knowledge. Consumers should figure out what their phone is doing and take steps to protect their privacy by limiting which apps have access to location (by turning it off) or uninstalling apps that are privacy invasive.
  • Learn what information your mobile provider turns over to law enforcement and consider switching if you are uncomfortable with the provider’s practices.
  • Password-protect your phone and encrypt the data on it to prevent law enforcement from accessing it the event of arrest. Law enforcement may still be able to obtain data from the providers, but at least it won't be able to read messages, alter or delete data immediately.
  • Limit the types of sensitive information you keep on your phone.

An obvious opportunity exists here for wireless service providers. While law enforcement agencies and California Governor Jerry Brown are all for warrantless searches of mobile phones, consumers, by and large, are not. Wireless carriers should use this as an opportunity to build on their relationship with their consumers. The alternative may result in the kind of loss of popularity currently reserved for those in the cable industry.

— Denise Culver, Special to Light Reading

Page 1 / 2   >   >>
shygye75 12/5/2012 | 5:27:01 PM
re: Service Providers Could Provide More Cellphone Privacy

The information that government agencies are requesting seems to be only a subset of what service providers are collecting and using in their efforts to extract more revenue from their customer base. So what's the big deal?

DCITDave 12/5/2012 | 5:27:01 PM
re: Service Providers Could Provide More Cellphone Privacy

I wonder how small cells will make this "data dump" issue worse. Or better. Anyone have an idea?

DCITDave 12/5/2012 | 5:27:00 PM
re: Service Providers Could Provide More Cellphone Privacy

Are they? My billing situation at AT&T suggests that it thinks I'm three different people, so I'm confident they are years away from using data to sell me stuff.

Most of the time I don't think this sort of stuff is a big deal, provided law enforcement is actually looking for something specific.

But getting a data dump from a tower is dragnet surveillance and that sort of thing undermines our privacy and, by extension, freedom of speech and assembly.

shygye75 12/5/2012 | 5:26:59 PM
re: Service Providers Could Provide More Cellphone Privacy

Mobile phones are now tracking devices, whether users know that or want to admit it. We are just at the very beginning of how all this is going to play out. I'm afraid our smartphones are smarter than we are.

DCITDave 12/5/2012 | 5:26:59 PM
re: Service Providers Could Provide More Cellphone Privacy

True. But in the case of policing, even if the technology allows for snooping, that doesn't justify dragnet surveillance of private citizens.


joset01 12/5/2012 | 5:26:59 PM
re: Service Providers Could Provide More Cellphone Privacy

They could make it worse for sure, they allow the carrier to track you within in feet and to a specific floor. This capability has so far been demonstrated in child tracking and other safety apps, largely by the small cell vendors themselves, but the capability is definitely there.

shygye75 12/5/2012 | 5:26:58 PM
re: Service Providers Could Provide More Cellphone Privacy

But isn't that what cops are supposed to do? Patrol cars basically are surveillance vehicles when they aren't being deployed to fetch doughnuts.

DCITDave 12/5/2012 | 5:26:57 PM
re: Service Providers Could Provide More Cellphone Privacy

Cops in patrol cars should not be doing license plate and record look-ups and other data-fetching unless they have a reason to suspect that someone is doing something unlawful.

But the x factor here is that, in my opinion, most cops aren't helping the citizens they've sworn to serve. Their main function is to be revenue collection agents for their respective cities.

That's why you see speed traps outside of affluent neighborhoods vs. a crackdown on uninsured motorists. There's more revenue in one than in the other.

But in theory, cops should only need data when they need to investigate something specific. Otherwise, they should leave us alone.

Flook 12/5/2012 | 5:26:57 PM
re: Service Providers Could Provide More Cellphone Privacy

This is small stuff. Author James Bamford had article in Unwired on the DoD/NSA new $2 billion data center being built in Utah. They'll have access to all communications/transactions.

shygye75 12/5/2012 | 5:26:57 PM
re: Service Providers Could Provide More Cellphone Privacy

Just to circle back, of course mobile operators are going to share their collected data with government agencies. That will make it easier for them to also share this data with other entities, for commercial reasons. You're much more likely to be intruded on by Arby's than by Deputy Fife.

Page 1 / 2   >   >>
Sign In