Mobile carriers responded to a staggering 1.3 million law enforcement requests last year for subscriber information, including text messages and phone location data, according to data provided to Congress.
The revelation marks the first time figures have been made available showing just how pervasive mobile snooping by the government has become in the United States.
The companies said they were working around the clock and charging millions in fees to keep up with ever-growing demands. At least one of the carriers urged Congress to clarify the law on when probable-cause warrants were required to divulge customer data.
Nine mobile phone companies forwarded the data as part of a Congressional privacy probe brought by Rep. Edward Markey, (D-Massachusetts), who co-chairs the Congressional Bi-partisan Privacy Caucus.
The number of Americans affected each year by the growing use of mobile phone data by law enforcement could reach into the tens of millions, as a single request could ensnare dozens or even hundreds of people. Law enforcement has been asking for so-called “cell tower dumps” in which carriers disclose all phone numbers that connected to a given tower during a certain period of time.
So, for instance, if police wanted to try to find a person who broke a store window at an Occupy protest, it could get the phone numbers and identifying data of all protestors with mobile phones in the vicinity at the time — and use that data for other purposes.
“We cannot allow privacy protections to be swept aside with the sweeping nature of these information requests,” Markey said in a statement. Markey divulged the data Monday, a day after leaking it to The New York Times.
The carriers have refused for years to make clear to Americans how much data they keep and for how long — or how often — and under what standards — data is turned over to authorities. The newly released data shows that the police have realized the country has moved to an age when most Americans carry a tracking device in their pockets, leaving a bread crumb trail of their every move and electronic communication.
Verizon, the nation’s largest carrier, did not provide a clear breakdown as did AT&T, but said it also received about 260,000 requests last year, and added that the numbers are growing at a rate of about 15 percent annually.
Oddly, the third largest carrier, Sprint said it has received nearly double what each of the top two reported: 500,000 requests last year. Finally, the last of the top four carriers, T-Mobile, declined to divulge how many requests it gets. But it said in the last decade, the numbers have increased by up to 16 percent annually.
Overall, the companies said they respond to tens of thousands of emergency requests annually when authorities ask for data claiming there is an imminent threat of death or serious injury. Sprint, for example, said it handles those via fax from law enforcement.
The figures come as Twitter and Google have also reported a major uptick in the number of government demands for user-information data. Twitter, for example, said it received more requests for data in the first half of this year than all of last year. The United States was responsible for the bulk of the requests.
The carriers said they responded to police emergencies, subpoenas and other court orders. They did not clearly say how many times they responded to probable-cause warrants. That’s because much of Americans’ mobile-phone data is not protected by the Fourth Amendment.
“AT&T does not respond to law enforcement without receipt of appropriate legal process,” Timothy McKone, an AT&T vice president, wrote Markey as part of the congressional inquiry. “When the law requires a warrant for disclosure of customer usage information, AT&T requires that a warrant be required — as is also the case for court orders, subpoenas or any other form of legal process.”
McCone said the company employs more than 100 full-time staffers and “operates on a 24/7 basis for the purpose of meeting law enforcement demands.”
All the while, the Justice Department employs a covert internet and telephone surveillance method known as pen register and trap-and-trace capturing. Judges sign off on these telco orders when the authorities say the information is relevant to an investigation. No probable cause that the target committed a crime — the warrant standard — is necessary.
Pen registers obtain non-content information of outbound telephone and internet communications, such as phone numbers dialed, and the sender and recipient (and sometimes subject line) of an e-mail message. A trap-and-trace acquires the same information, but for inbound communications to a target.
According to a separate report, from 2004 to 2009, the number of those have more than doubled to 23,895. The Justice Department has failed to report figures for 2010 and 2011. The American Civil Liberties Union has sued the Justice Department, seeking the records.
What’s more, the government asserts, and judges are sometimes agreeing, that no warrant is required to obtain so-called cell-site data which identifies the cell tower to which the customer was connected at the beginning of a call and at the end of the call. Such location data can be collected by mobile phone companies whenever a phone is turned on, making it possible for police to obtain, without probable cause, a detailed history of the movement of a phone.
Sprint said sometimes it’s hard for the company to know whether it is being properly served, and that the legal standard of whether a probable-cause warrant was needed is unclear.
“Given the importance of this issue, the competing and at times contradictory legal standards, Sprint believes Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel,” Voyan McCann, a Sprint vice president, wrote Markey.