T-Mobile’s Transparency: “Other,” and Granularity to Come on National Security Reports

I think CNet is correct to point out the most amazing thing from T-Mobile’s transparency report released yesterday: somehow, T-Mobile is getting a lot more legal requests than its bigger rivals — though I suspect that’s because pre-paid/contract-less cell phones are a much larger part of its business, and therefore it probably does more business with potential law enforcement targets (for example, both Tsarnaev brothers were using T-Mobile pre-paid phones the day of the attack, and Tamerlan had been since his return from Russia, and the taxi driver busted via the phone dragnet also used T-Mobile).

But I’m interested in three more things about this report. First, as with Amazon, I’m interested that this report comes just after USA F-ReDux rolled out new ways for providers to report national security requests. That offers one possible explanation for why these two companies waited to release their reports.

On a very related note, T-Mobile not only chose to use one of the newfangled reporting options, but it suggested it might be able to do more granular reporting in the future.

Providers are authorized by statute to report the national security requests in one of three ways. T-Mobile has chosen to report a combined total of national security requests for this reporting period, and may be able to report more granular information in the future. To the extent we are permitted to report this information in the aggregate, it must be in bands of 250 increments.

I’ll have to think about why this might be (but remember the initial agreement required a 2-year wait before reporting new requests, so that may be part of it). But I find T-Mobile’s optimism they’ll be able to report more in the future curious.

Then, finally, there is T-Mobile’s “other” category, for which they had 11,105 requests in 2013 and only 8,760 last year (every other category, except national security reporting, has been growing at an alarming clip). T-Mobile explains this category this way:

This may include requests to preserve information pursuant to 18 USC § 2704, requests for T-Mobile information (not customer information), requests pursuant to The Fair and Accurate Credit Transactions Act of 2003, and any other request that does not match a category above.

Given that T-Mobile uses AT&T’s backbone, I think it quite likely it gets a lot of preservation orders, because the FBI will frequently know immediately about T-Mobile traffic, but take some time for legal process on the actual account (indeed, I think that may have happened with the Tsarnaevs, given the way DOJ obscured whether it got T-Mobile information or AT&T information first). It’s also possible other providers don’t distinguish here, and only report the ultimate order or warrant that the information gets preserved for.

That said, there’s a lot of these requests (and the decline is rather curious, given how quickly everything else has gone up).

One more thing. Remember that the current dragnet order may have added another provider. If so, T-Mobile is one of the most likely candidates.