Like NSA, local police sweep up cellphone data of innocents, report says

Federal, state, and local law enforcement agencies asked wireless carriers for 'cell tower data dumps' at least 9,000 times in 2012, as part of their investigative work, a US senator reports. His push is to buttress privacy protections for cellphone users in America.

Local and federal law enforcement officers each year request thousands of “cell tower dumps” that include details about many calls not relevant to the crime being investigated, a congressional inquiry has found.

Cellphone call data have long been available to police investigators seeking to determine suspects' whereabouts at the time of a crime, as well as to establish their associations with other callers. But cell tower dumps – in which telecommunications companies hand over to law enforcement agencies large quantities of calling data from one or more towers, most of it belonging to innocents – are raising new questions about how to balance crime-fighting with privacy protection for Americans.

In 2012, federal, state, and local law enforcement officials made at least 1.1 million requests for cellphone records to wireless carriers. At least 9,000 of those requests were for cell tower dumps, according to the inquiry by the office of Sen. Edward Markey (D) of Massachusetts.

Each cell tower data dump can include data from multiple towers representing thousands of individuals calls – meaning that the number of individuals whose call data was scrutinized was much larger than 1 million, the inquiry found. The practice is also fairly widespread. About 1 in 4 law enforcement agencies has used the "tower dump" tactic, a separate USA Today report concluded.

Government monitoring of such call data has been at the forefront of a national debate over privacy ever since this spring, when it became clear that the National Security Agency has been vacuuming the world for phone call metadata. On Monday, it was disclosed that this NSA-gathered trove includes about 5 billion cellphone call records collected overseas each day, including some from Americans’ calls.

While US lawmakers have floated several new bills to curb intelligence agencies' use of phone-call metadata, including geolocation data, much less attention has fallen on domestic law enforcement agencies' use of the same kinds of call data records.

“As law enforcement uses new technology to protect the public from harm, we also must protect the information of innocent Americans from misuse,” said Senator Markey, in a statement Monday. “Disclosure of personal information from wireless devices raises significant legal and privacy concerns, particularly for innocent consumers.”

Much of the cellphone metadata collected by the towers is currently available without a search warrant. Some wireless companies require a warrant for some types of geolocation information, while others do not, the Markey report found. For instance, AT&T requires a warrant for real-time records but not for historical records, and T-Mobile requires only a subpoena for historical records, the report said.

“AT&T takes its responsibilities to protect the privacy of its customers while also fulfilling its legal responsibilities seriously,” Timothy McKone, executive vice president for federal relations at the company, wrote in an October response to the Markey survey. “AT&T’s policies require appropriate legal basis for responses to law enforcement requests for information.”

As for T-Mobile, the company said in its letter to Markey that it “provides customer information to law enforcement agencies only where legally permitted or required to do so.”

Undergirding many current corporate and law enforcement policies is the view that the law permits police to gather such data because cellphone users have no reasonable expectation of privacy concerning such data. That’s based on Smith v. Maryland, a 1979 US Supreme Court decision that affirmed the ability of police to target cellphone data to track a suspect’s location, even in the absence of a warrant. There was no Fourth Amendment violation, the high court found.

But technology and high-speed computer analysis of massive amounts of calling data – especially when combined with other data about individuals – now constitute an invasion of privacy by government authorities that needs to be addressed with updated laws, some legal experts argue.

“Have no doubt, police see our mobile devices as the go-to source for information, likely in part because of the lack of privacy protections afforded by the law,” Christopher Calabrese, legislative counsel at the ACLU’s Washington legislative office, said in a statement Monday. “Our mobile devices quite literally store our most intimate thoughts as well as the details of our personal lives. The idea that police can obtain such a rich treasure trove of data about any one of us without appropriate judicial oversight should send shivers down our spines.”

Telecom carriers AT&T, Verizon, and Sprint reported 56,400 emergency requests for cell-call information (non-911 calls), according to their letters to Markey's office in response to a survey of eight carriers.

“These requests are self-certified by police with no independent audit,” the report notes. There is also “no uniform data retention policy for location information derived from cell towers,” Markey’s office found. Companies reported keeping such data for six to 18 months, while AT&T reported retaining its information for as many as five years.

Markey is crafting legislation to address these issues. His bill would require law enforcement agencies to routinely disclose the nature and volume of such requests; curb bulk data information requests such as cell tower dumps; require law enforcement authorities to produce, in cases of “emergency” requests for data, a sworn statement justifying the need for emergency access.

The new measure, Markey says, would also require the Federal Communications Commission to set a limit for how long wireless carriers can keep consumers’ personal information. No such standards exist currently. It would also require that location-tracking authorization happen only when a warrant is obtained that establishes there is probable cause that location-tracking will uncover evidence of a crime.

“If the police want to know where you are, we should know why,” Markey said in the statement. “When law enforcement [officials] access location information, it is as sensitive and personal as searching an individual’s home and should be treated commensurately.”