America’s major mobile phone companies received over 1.3 million requests from law enforcement agencies for user information in 2011 alone, and complied with many of them, according to the results of a Congressional investigation published Monday.
Rep. Ed Markey (D-MA), co-chair of the Bipartisan Congressional Privacy Caucus, sent letters to nine of America’s largest wireless carrier companies — including market leaders AT&T, Verizon Sprint and T-Mobile — after reading a report in The New York Times in April declaring that law enforcement requests for cell user data have become “routine” in recent years.
The estimated total number of requests didn’t include T-Mobile, which declined to provide a figure, but said it had received a marked increase in recent years.
“We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests, especially for innocent consumers,” Markey said in a statement published online Monday, along with the revealing responses to his letters he received from the cell companies.
Specifically, the responses sent by the carriers showed a 12 to 16 percent annual increase over the last five years in the number of such requests for user data, the New York Times reported Monday, following up on its earlier article using the new data obtained by Markey.
The requests for user data took the form of various official and quasi-official orders — such as subpoenas, court orders, warrants and “emergency letters,” the latter of which aren’t as difficult to obtain, nor as regulated, as other types of requests.
The carriers defended turning over user data, including location data obtained using built-in GPS devices in cell phones, by stating that they complied with privacy, wiretapping and electronic communications laws.
AT&T, the nation’s largest carrier in terms of subscribers, with over 103 million, responds to an average of 230 “emergency requests,” or “exigent requests,” a day from 8,300 911 call centers across the country, according to the company’s official response to Markey. The company also has over 100 full-time workers working 24/7 on law enforcement requests, according to McKone.
“We are authorized by law to provide location and other information to public safety personnel for the purposes of responding to 911 calls and other emergency circumstances when warranted,” wrote Timothy McKone, AT&T’s executive VP of federal relations, in the letter to Markey, also stating “AT&T takes seriously its responsibilities to simultaneously protect our customer’s privacy while cooperating with law enforcement.”
McKone stated that in 2011, AT&T rejected 965 surveillance orders out of over 260,000 total requests by law enforcement in 2011. But he also pointed out that cell carriers are hardly the ones that capture and turn over cell customer data to law enforcement: Cell towers and third-party apps also respond to law enforcement requests.
Verizon, the nation’s second largest carrier with over 93 million subscribers, said it also received approximately 260,000 requests by law enforcement agencies for information, nearly half of which were subpoenas. Verizon declined to specify how many requests it refused.
Sprint, the nation’s third largest carrier with 56 million subscribers, actually received the most requests of those reported, an average of 500,000 subpoenas per year over the last five years. The company also had the most employees dedicated to responding to law enforcement requests, some 221 total.
As Markey and the New York Times emphasized, until now, there has been no combined public accounting of the pervasiveness of this activity.
The New York Times earlier investigated the practice using a smattering of court documents of local police department requests for information originally obtained by the American Civil Liberties Union.
“Whether they realize it or not, Americans are carrying tracking devices with them wherever they go,” said Christopher Calabrese, an attorney representing the ACLU, in a statement Monday, continuing:
“Today’s new information makes it clear that law enforcement has carte blanche to follow the trail they leave behind. The cell phone data of innocent Americans is almost certainly swept up in these requests. Without clear safeguards and standards for how law enforcement gathers and stores location information, there is a massive privacy gap that leaves all of us vulnerable. It’s time for Congress to get serious about protecting our cell phone data and pass the GPS Act.”
The GPS Act, short for the Geolocation Privacy and Surveillance Act, is a bill co-sponsored by Senator Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-UT) and introduced to the Senate and House in June 2011. The bill would impose tighter restrictions on how and in what instances law enforcement agencies could legally obtain cell user location information, requiring a warrant in all cases exception a few narrowly-defined emergency situations, such as when an officer “reasonably determines,” that there is risk of “immediate danger of death or serious physical injury to any person,” or “conspiratorial activities” relating to national security or “characteristic of organized crime.”
The bill has been read twice and is stalled in committee.
“Law enforcement agencies are looking for a needle, but what are they doing with the haystack?” Markey added in a statement. “We need to know how law enforcement differentiates between records of innocent people, and those that are subjects of investigation, as well as how it handles, administers, and disposes of this information.”