More Demands on Cell Carriers in Surveillance
By ERIC LICHTBLAU
WASHINGTON — In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.
The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.
The reports also reveal a sometimes uneasy partnership with law enforcement agencies, with the carriers frequently rejecting demands that they considered legally questionable or unjustified. At least one carrier even referred some inappropriate requests to the F.B.I.
The information represents the first time data have been collected nationally on the frequency of cell surveillance by law enforcement. The volume of the requests reported by the carriers — which most likely involve several million subscribers — surprised even some officials who have closely followed the growth of cell surveillance.
“I never expected it to be this massive,” said Representative Edward J. Markey, a Massachusetts Democrat who requested the reports from nine carriers, including AT&T, Sprint, T-Mobile and Verizon, in response to an article in April in The New York Times on law enforcement’s expanded use of cell tracking. Mr. Markey, who is the co-chairman of the Bipartisan Congressional Privacy Caucus, made the carriers’ responses available to The Times.
While the cell companies did not break down the types of law enforcement agencies collecting the data, they made clear that the widened cell surveillance cut across all levels of government — from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.
AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena. That is roughly triple the number it fielded in 2007, the company said. Law enforcement requests of all kinds have been rising among the other carriers as well, with annual increases of between 12 percent and 16 percent in the last five years. Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.
With the rapid expansion of cell surveillance have come rising concerns — including among carriers — about what legal safeguards are in place to balance law enforcement agencies’ needs for quick data against the privacy rights of consumers.
Legal conflicts between those competing needs have flared before, but usually on national security matters. In 2006, phone companies that cooperated in the Bush administration’s secret program of eavesdropping on suspicious international communications without court warrants were sued, and ultimately were given immunity by Congress with the backing of the courts. The next year, the F.B.I. was widely criticized for improperly using emergency letters to the phone companies to gather records on thousands of phone numbers in counterterrorism investigations that did not involve emergencies.
Under federal law, the carriers said they generally required a search warrant, a court order or a formal subpoena to release information about a subscriber. But in cases that law enforcement officials deem an emergency, a less formal request is often enough. Moreover, rapid technological changes in cellphones have blurred the lines on what is legally required to get data — particularly the use of GPS systems to identify the location of phones.
As cell surveillance becomes a seemingly routine part of police work, Mr. Markey said in an interview that he worried that “digital dragnets” threatened to compromise the privacy of many customers. “There’s a real danger we’ve already crossed the line,” he said.
With the rising prevalence of cellphones, officials at all levels of law enforcement say cell tracking represents a powerful tool to find suspects, follow leads, identify associates and cull information on a wide range of crimes.
“At every crime scene, there’s some type of mobile device,” said Peter Modafferi, chief of detectives for the Rockland County district attorney’s office in New York, who also works on investigative policies and operations with the International Association of Chiefs of Police. The need for the police to exploit that technology “has grown tremendously, and it’s absolutely vital,” he said in an interview.
The surging use of cell surveillance was also reflected in the bills the wireless carriers reported sending to law enforcement agencies to cover their costs in some of the tracking operations. AT&T, for one, said it collected $8.3 million last year compared with $2.8 million in 2007, and other carriers reported similar increases in billings.
Federal law allows the companies to be reimbursed for “reasonable” costs for providing a number of surveillance operations. Still, several companies maintained that they lost money on the operations, and Cricket, a small wireless carrier that received 42,500 law enforcement requests last year, or an average of 116 a day, complained that it “is frequently not paid on the invoices it submits.”
Because of incomplete record-keeping, the total number of law enforcement requests last year was almost certainly much higher than the 1.3 million the carriers reported to Mr. Markey. Also, the total number of people whose customer information was turned over could be several times higher than the number of requests because a single request often involves multiple callers. For instance, when a police agency asks for a cell tower “dump” for data on subscribers who were near a tower during a certain period of time, it may get back hundreds or even thousands of names.
As cell surveillance increased, warrants for wiretapping by federal and local officials — eavesdropping on conversations — declined 14 percent last year to 2,732, according to a recent report from the Administrative Office of the United States Courts.
The diverging numbers suggest that law enforcement officials are shifting away from wiretaps in favor of other forms of cell tracking that are generally less legally burdensome, less time consuming and less costly. (Most carriers reported charging agencies between $50 and $75 an hour for cellphone tower “dumps.”)
To handle the demands, most cell carriers reported employing large teams of in-house lawyers, data technicians, phone “cloning specialists” and others around the clock to take requests from law enforcement agencies, review the legality and provide the data.
With the demands so voluminous and systematic, some carriers have resorted to outsourcing the job. Cricket said it turned over its compliance duties to a third party in April. The outside provider, Neustar, said it handled law enforcement compliance for about 400 phone and Internet companies.
But a number of carriers reported that as they sought to balance legitimate law enforcement needs against their customers’ privacy rights, they denied some data demands because they were judged to be overreaching or unauthorized under federal surveillance laws.
Sometimes, the carriers said, they determined that a true emergency did not exist. At other times, police agencies neglected to get the required court orders for surveillance measures, left subpoenas unsigned or failed to submit formal requests.
C Spire Wireless, a small carrier, estimated that of about 12,500 law enforcement demands it received in the last five years, it rejected 15 percent of them in whole or in part. (Most carriers did not provide figures on rejections.)
At TracFone, another small carrier providing prepaid service, an executive told Mr. Markey that the company “shares your concerns regarding the unauthorized tracking of wireless phones by law enforcement with little or no judicial oversight, and I assure you that TracFone does not participate in or condone such unauthorized tracking.”
T-Mobile, meanwhile, said it had sent two law enforcement demands to the F.B.I. because it considered them “inappropriate.” The company declined to provide further details.
Requests from law enforcement officials to identify the location of a particular cellphone using GPS technology have caused particular confusion, carriers said. A Supreme Court ruling in January further muddled the issue when it found that the authorities should have obtained a search warrant before tracking a suspect’s movements by attaching a GPS unit to his car.
Law enforcement officials say the GPS technology built into many phones has proved particularly critical in responding to kidnappings, attempted suicides, shootings, cases of missing people and other emergencies. But Sprint and other carriers called on Congress to set clearer legal standards for turning over location data, particularly to resolve contradictions in the law.
While the carriers said they always required proper legal orders before turning over nonemergency information, their assurances were somewhat at odds with anecdotal evidence recently gathered by the American Civil Liberties Union from more than 200 law enforcement agencies nationwide.
The reports provided to the A.C.L.U. showed that many local and state police agencies claimed broad discretion to obtain cell records without court orders, and that some departments specifically warned officers about the past misuse of cellphone surveillance in nonemergency situations.
Chris Calabrese, a lawyer for the A.C.L.U., said he was concerned not only about officials gathering phone data on people with no real connection to crimes but also about the agencies then keeping those records indefinitely in internal databases.
“The standards really are all over the place,” Mr. Calabrese said. “Nobody is saying don’t use these tools. What we’re saying is do it with consistent standards and in a way that recognizes that these are tools that really can impact people’s privacy.”
No comments:
Post a Comment