Back to News & Commentary

Who Controls Your Texts?

Sandra Fulton,
ACLU Washington Legislative Office
Share This Page
December 6, 2012

Last week the Senate Judiciary Committee overwhelmingly approved with bipartisan support a sweeping update to the Electronic Communications Privacy Act (ECPA). The bill would require law enforcement to obtain a warrant to access all electronic communications, including email, Facebook posts, photos and cell phone communications. It was a long-fought battle and a huge step forward in updating our privacy laws.

Now law enforcement is pushing back. Earlier this week, law enforcement representatives contacted Congress saying they want a provision inserted in the new bill that would require cell phone companies to keep logs on all text message activity. This provision would force companies to keep these records for two years – impacting hundreds of millions of innocent Americans.

Text messaging is an incredibly popular way people communicate, and for a lot of people it is the primary way they use their cell phone. According to Forrester Research, more than 2 trillion text messages were sent in the U.S. in 2011, which breaks down to more than 6 billion daily.

It is unclear whether law enforcement is calling for the retention of the content of the messages or only the transactional data (e.g., To, From, Time Sent), but regardless, the sheer volume of messages would create a massive database of Americans’ personal communications. Transactional information could reveal who you were messaging with, when you interacted, and could even be used to figure out where you both were. And if Congress requires retention of the content as well, then law enforcement would have your entire two-year text message history.

Cell phone providers are not cops. But when they are forced to alter their business practices to serve law enforcement they become an extension of them. A public records request by the ACLU last year found that as of 2010, T-Mobile, AT&T, Sprint, and Nextel did not store any text content of their customers, while Verizon held it for three to five days and Virgin Mobile for 90 days. This mandate would require a massive change to most companies’ business practices – exclusively so law enforcement would have an easy place to go fishing for evidence.

Can you imagine law enforcement telling Gmail that you cannot delete any of your emails for two years? Just in case they needed them?

Nor is it just the police. Once texts have to be saved they can be accessed by lots of other people. Many companies allow easy access to old messages by logging into a user’s account. That means a compromised password could grant a stalker or identity thief access to two years of texts. Divorce lawyers and other civil litigants would also have access. If users lose control over their own messaging, the delete button won’t mean much.

The update to ECPA is a vital step to modernize our privacy laws to protect Americans from electronic surveillance. Government mandates forcing private companies to track and store personal data on Americans take us in the wrong direction. They don’t belong in any reform effort.

Learn more about the Electronic Communications Privcay Act: Subscribe to our newsletter, follow us on Twitter, and like us on Facebook.