So just what, exactly, can law enforcement -- and this includes local police, as well as state and federal police agencies looking into such things as financial crimes and intelligence issues -- learn about the everyday consumer without a warrant?
Quite a lot, according to Hanni M. Fakhoury, a staff attorney with the Electronic Frontier Foundation .
“Under federal law, law enforcement can obtain ‘record or other information pertaining to a subscriber to or customer of such service,’” Fakhoury says. “This does not include ‘content’ or the actual written or oral communications occurring by the customer, such as phone calls, voice mails, text messages or emails.”
But here’s a list of what it does include:
- Name
- Address
- Local and long-distance telephone connection records
- Records of session times and durations
- Length of service (including start date)
- Types of service utilized
- Telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address
- Means and source of payment for such service (including any credit card or bank account number)
According to Fakhoury, such information is used to figure out who a particular person is. “And cell site location data allows the government to trace a person's movements, both in the past and in real time or prospectively,” he says. “This helps law enforcement find and track individuals suspected of committing crimes, as well as connect individuals to crimes. So if they can show a particular phone number was near the scene of a robbery, law enforcement can deduce the person may have been the robber.”
What about the innocent people who have nothing to do with those crimes but whose cellphone information is obtained as part of the sweep? Fakhoury says one of the ways innocent people often are implicated is by "data dumps."
“The police can go to a cellphone provider and ask for all of the data stored on a specific cellphone tower over a certain period,” he says. “Obviously this would capture all the data of all the people who connected to the tower, regardless of whether they are suspected of a crime or not.
For their part, wireless providers aren’t exactly putting up a huge fight on behalf of the consumers who pay their bills. Quite the opposite, in fact.
In this excellent article by Catherine Crump, a staff attorney with the American Civil Liberties Union’s Speech, Privacy and Technology Project, she discusses how Sprint developed a website for the police to more conveniently access the information they wanted, after law enforcement requested more than 8 million pieces of information over a 13-month period.
Fakhoury could not come up with an example of mobile carrier that has not provided the information when asked. “I can't begin to know what all the carriers do, but my understanding is they are almost always helpful and there is little provider opposition,” he says. “That being said, the providers should be demanding law enforcement comply with the law and expect the police to use the correct legal process to get records, including requiring a warrant for content and a subpoena for other forms of data.”
Although awareness of this issue is increasing, Fakhoury says consumers should educate themselves about what law enforcement can obtain from their devices and take measures to protect themselves, including:
- Be aware of the information your phones -- and the providers -- are collecting. Many smartphone apps have access to contacts or tracking a user's location without the consumer's knowledge. Consumers should figure out what their phone is doing and take steps to protect their privacy by limiting which apps have access to location (by turning it off) or uninstalling apps that are privacy invasive.
- Learn what information your mobile provider turns over to law enforcement and consider switching if you are uncomfortable with the provider’s practices.
- Password-protect your phone and encrypt the data on it to prevent law enforcement from accessing it the event of arrest. Law enforcement may still be able to obtain data from the providers, but at least it won't be able to read messages, alter or delete data immediately.
- Limit the types of sensitive information you keep on your phone.
An obvious opportunity exists here for wireless service providers. While law enforcement agencies and California Governor Jerry Brown are all for warrantless searches of mobile phones, consumers, by and large, are not. Wireless carriers should use this as an opportunity to build on their relationship with their consumers. The alternative may result in the kind of loss of popularity currently reserved for those in the cable industry.
— Denise Culver, Special to Light Reading
The information that government agencies are requesting seems to be only a subset of what service providers are collecting and using in their efforts to extract more revenue from their customer base. So what's the big deal?