Cellphone carriers flooded by surveillance requests
Cellphone carriers reported responding to more than a million surveillance requests last year from law-enforcement agencies at local, state and federal levels. Politicians are considering legislation that would seek to balance law-enforcement efforts with users' privacy.
The New York Times
WASHINGTON — Cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber data last year from law-enforcement agencies seeking text messages, caller locations and other information in the course of investigations.
The data, which come in response to a congressional inquiry, document an explosion in cellphone surveillance in the past five years, with wireless carriers turning over records thousands of times a day in response to police emergencies, court orders, law-enforcement subpoenas and other requests.
The cellphone carriers' reports also reveal a sometimes uneasy partnership with law-enforcement agencies, with the carriers frequently rejecting demands that they considered legally questionable or unjustified.
The information represents the first time data have been collected nationally on the frequency of cell surveillance by law enforcement. The volume of the requests reported by the carriers — which most likely involve several million subscribers — surprised even some officials who have closely followed the growth of cell surveillance.
"I never expected it to be this massive," said Rep. Edward Markey, a Massachusetts Democrat who requested the data from nine carriers, including AT&T, Sprint, T-Mobile and Verizon, in response to an article in April in The New York Times on law enforcement's expanded use of cell tracking.
While the cell companies did not break down the types of law-enforcement agencies collecting the data, they made clear that the widened cell surveillance cut across various levels of government — from run-of-the-mill street crimes handled by local police departments to financial crimes and intelligence investigations at the state and federal levels.
AT&T alone now responds to 230 emergency requests a day nationwide — triple the number it fielded in 2007, the company told Markey. Law-enforcement requests of all kinds have been rising quickly among the other carriers as well, with annual increases of 12 percent to 16 percent in the last five years. Sprint led the way last year, reporting more than 500,000 requests.
In 2006, phone companies that cooperated in the Bush administration's secret program of eavesdropping on suspicious international communications without court warrants were sued, and ultimately were given immunity by the courts.
The next year, the FBI was widely criticized for improperly using emergency letters to the phone companies to gather records on thousands of phone numbers in counterterrorism investigations that did not involve emergencies.
Under federal law, the carriers said they generally required a search warrant, a court order or a formal subpoena to release information about a subscriber. But in cases that law-enforcement officials deem an emergency, a less formal request is often enough. Moreover, rapid technological changes have blurred the lines on what is legally required to get data — particularly the use of GPS systems to identify the location of cellphones.
Markey and other Democrats are considering legislation that they say would more clearly draw the line between giving the authorities the technological tools they need and protecting the privacy of the public.
"At every crime scene, there's some type of mobile device," said Peter Modafferi, chief of detectives for the Rockland County District Attorney's Office in New York, who also works on investigative policies and operations with the International Association of Chiefs of Police. The need for the police to exploit that technology "has grown tremendously, and it's absolutely vital," he said.
Law-enforcement officials say the GPS technology in many phones has proved particularly critical in responding to kidnappings, cases of missing individuals and other emergencies.
The surging use of cell surveillance was reflected in the bills the wireless carriers reported sending to law-enforcement agencies to cover their costs in some of the tracking operations. AT&T, for one, said it collected $8.3 million last year compared with $2.8 million in 2007, and other carriers reported similar increases.
Federal law allows the companies to be reimbursed for "reasonable" costs for providing a number of surveillance operations. Still, several companies maintained that they lost money on the operations, and Cricket, a small wireless carrier that received 42,500 law-enforcement requests last year, complained that it "is frequently not paid on the invoices it submits."
Because of incomplete record-keeping, the total number of law-enforcement requests last year was likely higher than the 1.3 million the carriers reported to Markey.
Also, the total number of people whose customer information was turned over could be several times higher than the number of requests because a single request often involves multiple callers.
For instance, when a police agency asks for a cell-tower "dump" for data on subscribers who were near a tower during a certain period of time, it may get back hundreds or thousands of names.
As cell surveillance increased, warrants for wiretapping by federal and local officials — eavesdropping on conversations — declined 14 percent last year to 2,732, according to a recent report from the Administrative Office of the United States Courts.
The diverging numbers suggest that law-enforcement officials are shifting away from wiretaps in favor of other forms of cell tracking that are generally less legally burdensome, less time-consuming and less costly. (Most carriers reported charging agencies between $50 and $75 an hour for cellphone tower "dumps.")
To handle the demands, most cell carriers reported employing large teams of in-house lawyers, data technicians, phone "cloning specialists" and others around the clock to take requests from law-enforcement agencies, review the legality and provide the data.
Some carriers have resorted to outsourcing the job. Cricket said it turned over its compliance duties to a third party in April. The outside provider, Neustar, said it handled law-enforcement compliance for about 400 phone and Internet companies.
But a number of carriers reported they denied some data demands because they were judged to be overreaching or unauthorized under federal surveillance laws.
Sometimes, the carriers said, they determined that a true emergency did not exist. At other times, police agencies neglected to get the required court orders for surveillance measures, left subpoenas unsigned or failed to submit formal requests.
C Spire Wireless, a small carrier, estimated that it rejected 15 percent of all law-enforcement demands in whole or in part, while AT&T said it rejected about 18 requests each week.
T-Mobile, meanwhile, said it had sent two law-enforcement demands to the FBI because it considered them "inappropriate." The company declined to provide further details.
Requests from law-enforcement officials to identify the location of a particular cellphone using GPS technology have caused particular confusion, carriers said.
A Supreme Court ruling in January further muddled the issue when it found that the authorities should have obtained a search warrant before tracking a suspect's movements by attaching a GPS unit to his car.
Anecdotal evidence recently gathered by the American Civil Liberties Union from more than 200 law-enforcement agencies nationwide showed that many local and state police agencies claimed broad discretion to obtain cell records without court orders, and that some departments specifically warned officers about the past misuse of cellphone surveillance in nonemergency situations.