1,300,000 Reasons Why Mobile Phone Users Can’t Expect Privacy

The new equation of modern life is simple: Use a mobile phone, give up any expectation of privacy. Cell phone carriers last year responded to some 1.3 million demands for information from law enforcement – and it’s a safe bet that plenty of the people caught up in those investigations were just average Joes.

Imagine you’re a teacher talking to a parent about his kid’s misbehavior in the classroom. To save time, the busy dad uses his mobile phone to discuss ways to discipline the rowdy child.

Now, to make this ordinary teacher-parent conversation more interesting, lets pretend the FBI believes the dad is a drug kingpin. Suddenly, the innocent teacher who is just doing her job becomes a part of a federal investigation. Why? Because the suspect used his cell phone.

That’s just one example of the privacy risks average Americans face today as law enforcement demands information on thousands of wireless subscribers each day. AT&T, Sprint, T-Mobile, Verizon Wireless and five other carriers collectively responded last year to 1.3 million demands for information stemming from local investigations into street crimes, financial crimes and intelligence investigations at the state and federal level, according to letters sent in response to a congressional inquiry.

Why So Much Data?

While cell phone surveillance has been used for some time in police work, very few people outside of the carriers knew how much information police were gathering. “I never expected it to be this massive,” Rep. Edward J. Markey told The New York Times. The Massachusetts Democratic requested the reports from the carriers, which had never been asked for such an accounting. The reports were released this week.

The carriers did not provide a breakdown of the information handed over to law enforcement – usually without any notification to the customers involved. However, carriers regularly collect and store on each subscriber the phone numbers called and received, the numbers used to send and receive text, how often email is checked or the Internet is accessed, and the subscriber’s location.

The Impact on Average Americans

While everyone agrees that the information can be useful in investigating suspected criminals, much of the data collected by law enforcement turns out be on people who are not involved in any criminal activity. That’s because police agencies often seek data on subscribers who were near a cell tower during a certain period of time. Such cell tower “dumps” can include hundreds or even thousands of names.

“This is very likely touching the average American,” said Jim Dempsey, vice president of public policy for the Center for Democracy and Technology. “Once you cross the million threshold, this is no longer a small possibility that your data is being scooped up.”

The assumption is law enforcement will separate drug dealers and terrorists from the dry cleaners, pizza delivery guys and schoolteachers. “But then again [the police might] say, ‘Wait a minute, drug dealer, schoolteacher? Maybe the schoolteacher is selling drugs to the kids,’ ” Dempsey said in painting a possible scenario. “ ‘Let’s check out the schoolteacher. Let’s go to the school and ask the principal.’ Suddenly, it is impacting innocent people.”

Why Privacy Is Threatened

Privacy rights advocates are not opposed to police gathering cell phone data in criminal investigations. What they decry is the lack of checks and balances to protect the innocent.

For one thing, law enforcement does not need court approval to collect mobile phone usage information. A prosecutor, the FBI or Drug Enforcement Administration need only issue a subpoena. And law enforcement can avoid even the subpeona requirement simply by declaring an emergency. The FBI in 2007 was widely criticized for improperly using emergency letters to gather thousands of records on phone numbers in counterterrorism investigations.

In their reports to Congress, carriers complained of muddled laws and said they sometimes refused to hand over data when their own legal departments suspected police were overstepping their bounds. But should it be left up to mobile phone companies to be the gatekeepers of privacy rights?

What Can Be Done?

If we don’t think mobile carriers are the right entities to make privacy decisions, Congress needs to update current laws to take into account advances in technology.

For example, wiretapping by police requires court approval because the information gathered is in real time. With cell phone data, the information is stored, so police need only a subpoena. In addition, there are no laws governing what happens to the data once it is in the hands of police, who do not have to reveal what they’ve collected and what they’ve done with the information.

“One of the real concerns that we have about electronic communications in general is there’s no requirement for any kind of transparency into how many requests were made or how the information is used, stored and shared,” said Chris Conley, technology and civil liberties attorney for the American Civil Liberties Union of Northern California.

More Information Needed

Not having that information makes it difficult for privacy rights advocates to determine what legal changes to lobby for. “It’s very hard for us to have an informed dialogue with our government, with our lawmakers, if we don’t know what’s going on,” Conley said.

Remember, last year’s 1.3 million demands for information do not represent the actual number of people affected. Each request could involve a few to even thousands of mobile phone subscribers. With so many innocent people’s phone records getting scooped up by police, the privacy implications are huge.

“This is absolutely something that affects everyone,” Conley said. “Even if you don’t think you have anything to hide, you don’t necessarily want [police] to share your religious and political activities, attending a labor rally, going to a clinic for a health concern or playing hooky from work to go to a ballgame.”

The bottom line is there are lots of activities that people prefer to keep private, and current law and practice offer little recourse to ensure that they are protected.