Sen. Edward Markey, D-Mass., plans to soon introduce legislation that will restrict the bulk collection of Americans’ cellphone data by United States law enforcement agencies.
“We need a 4th Amendment for the 21st century,” he said. “Disclosure of personal information from wireless devices raises significant legal and privacy concerns, particularly for innocent consumers.”
Eight major U.S. wireless carriers’ responses to a questionnaire from the senator show they received more than 1 million requests from federal, state and local law enforcement for Americans’ personal mobile phone data.
The carriers also reported 9,000 requests for cellphone tower dumps: the provision of all the phone numbers of mobile device owners who connect to a tower during a specified period of time.
“There is currently a lack of clarity about whether warrantless requests for cellphone records is legal, based both in a recent Third Circuit court ruling on the subject as well as the broad implication of the Supreme Court’s decision in U.S. v. Jones in 2012,” Jake Laperruque, fellow on privacy, surveillance and security at the Center for Democracy and Technology, told the E-Commerce Times.
“The fact that this surveillance is operating on such a broad scale absent [legal clarity] is highly worrisome.”
What Sen. Markey Learned
Some carriers did not fully respond to Sen. Markey’s questions. Sprint did not provide complete information about the number of law enforcement requests for cellphone records, and some companies did not respond to questions about cell tower dumps.
AT&T, Verizon and Sprint reported more than 56,000 emergency requests for information that were not based on 911 calls. Those requests are self-certified by police and are not audited independently.
Wireless carriers have varying policies for retaining cell tower data. Some retain it for six to 18 months; AT&T keeps it for up to five years.
Some wireless companies do not require a warrant for certain types of geolocation information, and some even supply the content of communications without requiring a warrant. For example, AT&T discloses stored texts or voice mail messages that are more than 180 days old.
Taxpayers reimburse carriers for turning over data to law enforcement. T-Mobile got US$11 million for this purpose last year; AT&T was paid $10 million; and Verizon Wireless received around $5 million.
The Markey Cure
Sen. Markey’s planned legislation will require law enforcement to regularly disclose the nature and volume of their requests.
It will curb bulk data information requests such as those for cell tower dumps and require that requests be more narrowly tailored when possible.
In emergencies, law enforcement must provide a signed, sworn statement justifying the need for emergency access to data.
The legislation will require the U.S. Federal Communications Commission to limit how long wireless carriers can hold on to consumers’ personal data.
Law enforcement must get a warrant for location-tracking authorization only when there is probable cause to believe such tracking will uncover evidence of a crime.
There’s Gotta Be a Law
It won’t be easy to apply hard-and-fast rules in this area.
Cell tower dumps helped the FBI arrest the so-called “High Country Bandits,” who had conducted 16 armed bank robberies in several states between 2009 and 2010.
The Bureau had to sift through more than 150,000 numbers to find one number that was linked to one of the robbers. Was it justified in getting all those numbers in order to arrest one person? Isn’t that reminiscent of the NSA’s justifications for its bulk collection of cellphone data?
“If it is in regard to personal information such as voice mails or texts, then a warrant should be required,” Jim McGregor, principal analyst at Tirias Research, told the E-Commerce Times. “In the case of cell tower dumps, very strict guidelines and warrants should be required, and these should be used as a last resort.”