Mobile Operators Responded To An Astounding 1.3 Million Requests For Subscriber Info

from the you-have-no-privacy dept

We've talked for a while about just how often law enforcement seeks information from mobile operators -- often without getting any actual warrant -- knowing that it was astounding. But after an article from a few months ago in the NY Times noting that it was both routine and a big business for mobile operators, who charge law enforcement for each request, Rep. Ed Markey asked all of the major mobile operators just how often they get requests from law enforcement for subscriber info, and discovered that last year they responded to an astounding 1.3 million requests for subscriber info -- including location info, text messages and other data. And, apparently, this number likely undercounts the true size, because it notes that there was "incomplete record-keeping" in some cases. Oh yeah, and also, this just requests, not individuals -- a single request might include multiple people whose information was being sought. So, an awful lot of people were spied on this way.

Not surprisingly, the number of requests continues to rise drastically, with AT&T admitting that it had seen a tripling in requests in the last five years. As the report notes:
AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena.... Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.
This isn't a huge surprise, but does raise significant questions about how reasonable these information trawling operations are. Do we honestly believe that law enforcement needed all of that info? This seems like a case where, of course, if the info is easy to get, law enforcement wants it. But is that reasonable?

And, telcos have little incentive to stand up for the rights of their users. They actually make money from these kinds of requests:
AT&T, for one, said it collected $8.3 million last year compared with $2.8 million in 2007, and other carriers reported similar increases in billings.
For a company that large, this isn't a major cash cow, but it is something. It's unclear how carefully the telcos review the request. At least one (smaller) telco, C Spire Wireless, reported that it had rejected about 15% of the requests, but most of the other operators didn't provide any info on rejections (and it makes you wonder if they ever rejected any requests at all).

None of this is surprising. When such a tool is available, it's almost impossible for it not to be abused. It's just too easy for law enforcement to snoop on anyone's location or text messages, and they can't resist doing so. It seems like telcos (1) could be a lot more transparent about this. While Google and Twitter both have voluntarily opened up to provide data on law enforcement requests, the only reason this info became public from the mobile operators was because of Markey's request. On top of that, it seems that the rules concerning an individual's privacy rights should also be a lot clearer, to give the telcos more ammo to push back against bogus requests.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed markey, law enforcement, location data
Companies: at&t, c spire wireless, sprint


Reader Comments

Subscribe: RSS

View by: Thread


  1. icon
    Josh King (profile), 10 Jul 2012 @ 6:49am

    How it Really Works

    A little perspective here: back in the late 90's, I worked for the largest wireless carrier in the SF Bay Area. One of my responsibilities was overseeing requests from law enforcement. Now, it's been 15 years, but I don't have any reason to believe the substance of what goes on here has changed:

    1. We had a copious set of procedures that we followed for different kinds of requests - which come from every imaginable branch of law enforcement at the federal, state, county and municipal level.

    2. We pushed back on law enforcement all the time. Every day. It's not hard to do.

    3. Most of the time, information is only provided in response to a subpoena or court order. The egregious stuff - wiretaps, contents of communications, etc. - isn't provided unless very specific procedures are followed by law enforcement, including specific types of court orders.

    4. The exception to this is the "emergency" requests where a warrant is not required. These are always location information - phone records can wait for an order or subpoena, and contents of communications must have an order. Law enforcement typically wants this info to follow up on a crime in progress; we dealt with it in several kidnapping cases. Again, we would routinely push back on law enforcement if it sought too much info or it wasn't emergent and very time-limited.

    5. We only charged law enforcement for setting up wiretaps and pen registers (which again, we only did with a very specific type of court order) because those involved real costs to us each time. We viewed the rest - my time and the time of my subpoena compliance folks - as a cost of doing business. It appears from the NYT article that this remains the practice for carriers.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.