The Sevenfold Increase in Emergencies at AT&T
In its response to Ed Markey’s questions about law enforcement requests for cellphone data, AT&T attributed the growing number of requests it gets to its expanding customer base.
To keep these numbers in perspective, AT&T serves over 103,200,000 wireless customers (in 2007, by contrast AT&T served just over 70,000,000 wireless customers).
But that can’t explain the entire increase: only one category of request–requests like orders and warrants requiring court oversight–has gone up at or below the 47% increase in AT&T’s customer base. All other categories have increased at a faster pace.
What’s particularly striking is how many more non-PSAP (that is, non 911 call) exigent requests AT&T has gotten: a more than sevenfold increase.
Now, AT&T doesn’t explain how it treats such requests legally or practically. By comparison, US Cellular cites the language from 18 USC 2518(7)–including language permitting the release of information for “conspiratorial activities threatening the national security interest”–in its exigent request section (see Exhibit 1, page 1); that law requires requestors to submit paperwork for the order or warrant within 48 hours. Sprint cites 18 USC 2702(c)(4) explicitly, which doesn’t include the time limit; but Sprint imposes one itself, even while emphasizing providing this information is voluntary.
For example, Section 2702(c)(4) of the SCA permits Sprint to comply with law enforcement requests in emergency situations when Sprint believes there is an emergency involving danger of imminent death or serious physical injury. In those circumstances, our processes require law enforcement to fax in a form which we use to authenticate the law enforcement requestor and to help verify that an appropriate emergency exists. After being satisfied that the statutory requirements have been met, the Sprint analyst will comply with the request but only for 48 hours, providing law enforcement with sufficient time to obtain appropriate legal processes. To be clear, in these particular circumstances, providing information to law enforcement is not required and Sprint could decide that it will not comply with these emergency requests. Sprint has determined, though, that on balance it is in the interest of our customers and members of the general public who may be at risk to comply with emergency requests, particularly since they often involve very serious life-threatening situations such as kidnapping, child abduction and carjacking.
AT&T doesn’t cite the law directly, but its description matches 2702(c)(4) and therefore would not legally require a follow-up application. Verizon cites 2702(c)(4) explicitly.
Note that this means AT&T, Verizon, and Sprint are treating cell location as a record, not content. Sprint provides this–sort of–explanation for it.
Nonetheless, there are circumstances, which are outlined in the applicable statutes, where information can be disclosed to law enforcement with the consent of the customer or in certain emergency situations. In those cases, Sprint still requires appropriate documentation, and although it may not be a legal demand, per se, it is legally permissible for Sprint to provide the information under the statute, as discussed herein.
[snip]
Sprint has business records that contain information on the location of a wireless device based on that device’s proximity to nearby cell towers. The information in Sprint’s records is often referred to as “historic” or “stored” location as it is customer information of a historic nature that is stored by Sprint for its own business purposes. For example, Sprint uses this information for certain billing, taxing, network troubleshooting and capacity planning purposes. Sprint also has the capability to determine the location of a cell phone in real time by using GPS technology.
The location information contained in Sprint’s business records is not basic subscriber information as defined by the statute but is information Sprint has relating to its customers’ mobile device usage. Consequently, a court order based on “specific and articulable facts” is required prior to disclosure of that information to law enforcement.
[snip]
There is no statute that directly addresses the provision of location data of a mobile device to the government.
The explanation doesn’t really say whether it treats a GPS reading as a stored record or not–probably because that’s where this interpretation gets dicey.
Sprint goes on to suggest Congress provide some clarity about this cell location data. (It also note the government interprets the law to require the cell company to provide not just the target caller location, but also the “location of associates on a call with the target.”)
Not so AT&T, which seems to be giving this information out like candy in the name of exigent circumstances. And unlike Sprint, it’s not clear AT&T (or Verizon) imposes any requirements on how long such emergencies can last.
But then, it’s not just AT&T. The government, too, seems to want to declare a permanent state of emergency so it can get all our cell data anytime it wants.
Update: Transcription error fixed per joberly.
Update: Table corrected per Anchard.
Nixon is rolling over in the grave knowing he was born too early. It’s fun to know that Marshal Law has been silently declared on the citizen of Main Street in the freedom loving country called Amerika. Then on to at&t has always held a special place in the hearts of the masters and now being owned by the texans sbc what could be better.
Oh look it’s a drone here to protect the freedoms of the elite.
Time for more Rum
Have the Feds removed that dedicated switcher they installed in the SF AT&T offices back in the W admin yet? I don’t think so. NSA reportedly is recording and archiving all electronic communications it can for future reference. I answer the phone with “NSA is still listening and so is Rupert Murdoch” and will continue to do so until I’m convinced that Big Brother and Corporate Brother aren’t eavesdropping.
@gmoke: Was it ever installed?
@EW: text reads by “contrast AT&T served just over 70,000 wireless customers” but the table shows 70 million. But you are correct that the 13,000 non-PSAP requests serviced is the most dramatic relative increase in the table. It’s been a steady absolute increase, too, with 2008=3,500; 2009=5,500 and 2010=8,500. The AT&T letter to Cong. Markey also says that non-PSAPs are generated by law enforcement, but not 911 call-centers. If I understand their May 29 letter, the non-PSAPs are different than subpoena and warrant requests.
@joberly: The 70,000 was my transcription error–70,000,000 is correct.
Non-PSAPs are when a prosecutor says, “I need Joe the Kidnapper’s location right away, he might kidnap again” and goes to the cell company to get it.
Thing is, the numbers make it likely there are more than kidnappers being tracked, and if the govt never has to apply for a court order, then the telecom will never know whether their representations about Joe the Kidnapper were honest.
@emptywheel: I think your numbers in the third column need adjusting, or the header/title does. The numbers as they stand are the relative size of 2011 requests vs. 2007 requests. To make them the % increase, you would need to subtract 100 from each of them.
@Anchard: Ah, right. Fixed it. Thanks.
Cell phone location data is absolutely “content”.
Location data tells the surveillance state where the phone is within the range of a basketball jump shot. It can reveal more than the phone’s spot location. It can reveal the flow of the phone’s location, just as your car’s gps system reveals it. That such data permits merchants to target messages to cell phone users as they meander through a shopping complex is only the least intrusive use of that location data.
A drone-fired missile is equivalent to a sniper’s bullet. Cell phone location data is the equivalent of a trench-coated g-man following your footsteps. It is more insidious. Flow data provides detailed routes of travel that make pattern recognition software providers ecstatic. From it, they can “predict” the activity and movement of the phone – meaning its individual user – and those phones associated with it, whose the location data the government also demands and gets from service providers. Most of it without a warrant. But hey, if you haven’t done anything wrong, you have nussink to fear.
I see. Well, nobody wanted to know that corporations collect most of the data, and run most of, and the most sophisticated of, the algorithms on most Americans. It would ruin all that good ol’ civil rights lawyer libertarian yee hah feel good empathy for the heroes of the courtroom ’cause they argued on the side of the corporate right to do that when it all started, and thought all that European concern for privacy and a human right to forget was misplaced. Keep on censoring, guys.
EOH
“But hey, if you haven’t done anything wrong, you have nussink to fear.”
Present company excluded…I walk away from anyone who uses any form of this comment to justify an oppressive society.
@klynn:
The “comment” is originally a quote from the East German STASI. Like most “comments”, “sayings” and “old saws” of its type, it originates from somewhere.
My favorite is the etymology of the bumpersticker “Kill ’em all, let God sort ’em out.”, which shows up on macho SUVs with NRA stickers and mixed militia stars and bars paraphenalia and such. It comes from an order issued by Arnaud Amalric, a Catholic Bishop in command of the Albigensian Crusade, “Kill them all, God will recognize his own (Caedite eos. Novit enim Dominus qui sunt eius),” after which between 12,000 and 20,000 Cathars, men, women, and children were slaughtered at Béziers, in one night. So those bozos are actually celebrating one of the more well known genocidal atrocities in history during the transition from the crusades to the Inquisition with their bumperstickers.
@klynn: Precisely.
@ondelette: Well, I see you have – Shockingly! (not) – decided to attack the one blog that has, at least for ever since I recall reading it, been on the cutting edge of understanding and reporting the incestuous relationship between government and private/corporate cut outs and proxies.
Your singular ability to attack the people who actually support the concepts you purport to care about, is beyond remarkable. It is, literally, astounding. You are an unrepentant and presumptuous jerk. In spite of the fact you have useful commentary, you simply are incapable of being anything but a jackass.
That, Ondelette, just doesn’t cut it.