Wow. Sometimes one word says it all. The New York Times reports that in response to letters from Rep. Edward Markey (D-MA) and Rep. Joe Barton (R-TX), mobile phone providers disclosed that they received approximately 1.3 million law enforcement requests for customer records last year alone. What an extraordinary number: more than a million accounts subject to at least some level of law enforcement investigation just in 2011. As we have discussed elsewhere, beyond what is reported by carriers in these letters, there is absolutely no reporting or tracking regarding how these numbers are handled.
Even more amazing, as you dig into the article and read the underlying letters it becomes clear that this is actually a vast undercount of the number of Americans who have been affected by this tracking. Sprint disclosed that it received approximately 500,000 subpoenas in 2011 (a subpoena is a written request for information from law enforcement that isn’t reviewed by a judge) and that “each subpoena typically requested subscriber information on multiple subscribers.” In addition, several carriers disclosed that they sometimes provide all the information from a particular cell tower or particular area. Metro PCS for example charges:
$50 for Cell Tower Dump per tower for a 2 hour period$100 for an Area Dump (if you know the location but do not know the cell towers that affect the area) for a maximum of 2 cell towers for a 2 hour period per cell tower search
Everyone whose phone has been used by a particular cell tower over a particular time period—likely hundreds or thousands of people—could have their data examined by investigators. And these dragnet data requests are on the rise. Verizon estimates that over the last 5 years it has seen an average increase of 15% annually, and T-Mobile reported increases of approximately 12%-16%. This has also led to at least some possible abuse; T-Mobile disclosed that in the last three years it has referred two inappropriate law enforcement requests to the FBI.
At least some of this volume comes because the legal standard for government access to location information is very unclear. The ACLU gathered a great deal of information about this problem from our nationwide FOIA, but for the lawyers who are interested, Sprint does a very good job of explaining why the standard is so muddy on the 3rd page of its letter. I won’t reprint it here (it’s two very long paragraphs) but most of what you need to know is at the beginning and the end:
There is no statute that directly addresses the provision of location data of a mobile device to the government. … Given the importance of this issue and the competing and at times contradictory legal standards, Sprint believes that Congress should clarify the legal requirements for disclosure of all types of location information to law enforcement personnel.
Fortunately there are two bipartisan bills in Congress (one in the House and one in the Senate) that do just that, by requiring law enforcement to secure a warrant based on probable cause before obtaining location information. They are both called the GPS Act and you can urge your member of Congress to support them here.
Justice Sotomayor stated it eloquently in the recent Supreme Court case US v Jones:
GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. … Awareness that the Government may be watching chills associational and expressive freedoms. And the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse.
Rep. Markey and Rep. Barton and all the phone companies that responded—AT&T, Verizon, Sprint, T-Mobile, MetroPCS, Cricket, U.S. Cellular, Tracfone and C Spire—deserve a great deal of credit for bringing the scope of this problem to light. The numbers don’t lie: location tracking is out of control. Congress needs to rein it in (again GPS Act: here!).
***Updated version correctly citing 1.3 million requests, not 1.2 million.***