Law enforcement and other government bodies, it seems, aren’t shy about asking for or demanding data about users from wireless carriers. In an article Monday morning, the New York Times highlighted some of the statistics about this activity, based on data several companies provided to U.S. Congressman Ed Markey (D-MA) in response to a letter from his office on the issue. All told, wireless providers fielded about 1.3 million requests for user data last year although, as the article points out, the number was almost certainly much higher due to lax record-keeping.
If you’re concerned about privacy, this should be kind of scary. There’s some solace in the fact that most providers claim they deny requests they feel are overbroad or unauthorized, but they comply with most and the numbers are rising. A couple of carriers, including Verizon and T-Mobile, noted user-data request increases in the 15 percent per-year range. Further, as some companies explain in their responses to Rep. Markey, many requests ask for information on numerous parties or location data that might identify everyone who pinged off a particular tower.
Here’s a little chart I made comparing the estimated number of requests for user data from wireless providers in 2011 to that of Google. I also threw in Twitter’s recently released number from the first half of 2012, which, at a mere 679, doesn’t even show up on the chart.
Here’s a breakdown of requests in 2011 just by the carriers that provided information for last year, although all numbers are estimates because (1) some providers just provided estimates and (2) they weren’t entirely clear in differentiating between types of requests. Sprint, for example, claimed more than 300,000 court orders for wiretaps, pen register/trap and trace devices, and location information over the past five years, but also noted “approximately 500,000 subpoenas from law enforcement” last year alone.
Several providers were a little more vague than others. MetroPCS claimed “an average of fewer than 12,000 requests per month from January 2006 through May 2012.” Cricket said requests grew steadily “from a low of approximately 24,000 in 2007 to a high of approximately 42,500 in 2011.” C Spire claimed approximately 12,500 requests over the past five years, while T-Mobile declined to release any numbers. Here is AT&T’s rather detailed breakdown.
Aside from the numbers, the Times article also notes varying degrees of consistency with which law-enforcement agencies go about requesting user data in accordance with federal surveillance laws. Of course, this isn’t made any easier with ever-changing technologies and data sources, such as GPS, that begin to blur the lines between mere requests for user data and suspect surveillance that the Supreme Court recently declared unconstitutional without a warrant.
It’s yet another reason that Congress needs to get its Fourth Amendment act in order, redrafting outdated legislation to account for new technologies not even considered when many laws about data privacy were written decades ago. In the case of data such as that stored with cloud service providers or wireless carriers, that might mean focusing laws on the type of data authorities hope to access rather than where it’s located — a variable that changes with each new wave of technology.
Given the right case, maybe the Supreme Court will spur Congress to act and offer enhanced protection to everything we’re all but forced to share digitally. In United States v. Jones, the case mentioned above, Justices Alito and Sotomayor both wrote concurring opinions expressing their discomfort with how easily authorities can access digital data stored with service providers. As of 2010, many wireless providers were storing user data for years.
Sotomayor called the third-party doctrine “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” adding that she “would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.”
Feature image courtesy of Shutterstock user Johan Swanepoel.