American Civil Liberties Union

Smartphones can be a cop's best friend. They are packed with private information like emails, text messages, photos, and calling history. Unsurprisingly, law enforcement agencies now routinely seize and search phones. This occurs at traffic stops, during raids of a target's home or office, and during interrogations and stops at the U.S. border. These searches are frequently conducted without any court order.

Several courts around the country have blessed such searches, and so as a practical matter, if the police seize your phone, there isn't much you can do after the fact to keep your data out of their hands.

Yesterday, the Texas House of Representatives passed the first bill in the nation that would require law enforcement to obtain a probable cause warrant before tracking individuals’ location by collecting their cell phone location data. As Rebecca Robertson, legal and policy director for the ACLU of Texas put it, “By approving this amendment, our legislators would take a significant step to preserve the Fourth Amendment rights of Texas citizens, protecting them from potential unreasonable searches and seizures that could take place entirely outside judicial review.” They would also set a precedent that the rest of the country should be quick to follow.

Yesterday, we filed a complaint with the Federal Trade Commission (FTC) asking the agency to investigate the major wireless carriers for failing to warn their customers about unpatched security flaws in the software running on their phones. These companies—AT&T, Verizon, Sprint and T-Mobile—have sold millions of smartphones to consumers running versions of Google’s Android operating system. Unfortunately, the vast majority of these phones never receive critical software security updates, exposing consumers and their private data to significant cybersecurity-related risks.

Wow.  Sometimes one word says it all.  The New York Times reports that in response to letters from Rep. Edward Markey (D-MA) and Rep. Joe Barton (R-TX), mobile phone providers disclosed that they received approximately 1.3 million law enforcement requests for customer records last year alone. What an extraordinary number: more than a million accounts subject to at least some level of law enforcement investigation just in 2011. As we have discussed elsewhere, beyond what is reported by carriers in these letters, there is absolutely no reporting or tracking regarding how these numbers are handled.  

Even more amazing, as you dig into the article and read the underlying letters it becomes clear that this is actually a vast undercount of the number of Americans who have been affected by this tracking.  Sprint disclosed that it received approximately 500,000 subpoenas in 2011 (a subpoena is a written request for information from law enforcement that isn’t reviewed by a judge) and that “each subpoena typically requested subscriber information on multiple subscribers.” In addition, several carriers disclosed that they sometimes provide all the information from a particular cell tower or particular area.   Metro PCS for example charges:

$50 for Cell Tower Dump per tower for a 2 hour period

$100 for an Area Dump (if you know the location but do not know the cell towers that affect the area) for a maximum of 2 cell towers for a 2 hour period per cell tower search

Everyone whose phone has been used by a particular cell tower over a particular time period—likely hundreds or thousands of people—could have their data examined by investigators.  And these dragnet data requests are on the rise.  Verizon estimates that over the last 5 years it has seen an average increase of 15% annually, and T-Mobile reported increases of approximately 12%-16%.  This has also led to at least some possible abuse; T-Mobile disclosed that in the last three years it has referred two inappropriate law enforcement requests to the FBI.