Cellphones are the spies in our pockets, gathering information about whom we befriend, what we say, where we go, and what we read. That’s why Sen. Edward Markey, D-Mass., recently asked the nation’s major cellphone companies to disclose how frequently they receive requests from law enforcement for customer call records—including the content of communications, numbers dialed, websites visited, and location data. Sometimes police have a warrant, sometimes they don’t.
Seven companies provided information in response to the inqury. The letters Markey received, which were covered today in the Boston Globe, Washington Post, and New York Times, show that the quantity of requests for these records is staggering. T-Mobile and AT&T together received nearly 600,000 requests for customer information in 2012. AT&T has to employ more than 100 full-time workers to process them. And police demand for our call records is growing rapidly, with requests to Verizon doubling in the last five years.
It used to be impossible for law enforcement agents to monitor all of the people all of the time, but now our cellphone carriers do it for them. The contents of the communications aren’t even necessary for law enforcement to glean insight into you. The carriers also know whom you call and text, and they hold on to that information for years. These records reveal your social network and hint at the nature of those connections. The relationship you have with someone you text repeatedly at 2 a.m. is not the same as the relationship you have with someone you call once a week on Sunday afternoons.
The companies keep records of where you have traveled in the past and can track you in real time—so law enforcement can do it, too. In some ways having a police officer track you in real time electronically is even worse, because you never know when it’s happening. Historical records can be even more sensitive than real-time tracking, stretching back for months or even years, and reveal your daily routine and every deviation from it.
While this mass aggregation of data about each of us is troubling, it would be a lot less worrisome if our electronic privacy laws had kept pace with technology. But they have not. Congress has failed to meaningfully update the rules since 1986, and so the legal standards the government is using are far too lax. It’s been clear since the 1800s that the Fourth Amendment requires law enforcement agents to get a warrant to read postal mail. Email shouldn’t be any different. Unfortunately, according to the companies’ letters, some of them appear to be handing over the content of our digital communications without a warrant. AT&T discloses stored texts or voicemails that are older than 180 days old with a subpoena—no court supervision or probable cause required. In one bright spot, T-Mobile requires a warrant for texts and voicemails.
The letters also show that in its search for evidence about a handful of guilty people, law enforcement often obtains the data of hundreds or thousands of innocent people. For example, through a technique known as “tower dumps,” law enforcement agents can see all of the cellphones using a particular tower in a given time range. There were approximately 9,000 tower dumps reported in 2012 (with not all companies reporting). What happens to that data? Could it be used for future investigations? No one really knows, because there are no clear policies in place, and the people whose data is turned over are never notified.
It’s long past time for Congress to update our electronic privacy laws. For starters, it should raise the standards law enforcement must meet to access cell phone records. The content of communications and location data should always require a warrant. The standard for getting data on who you call and when should also be raised, as it currently only requires “relevance” to an investigation.
No one denies that there are times when access to cell phone records is appropriate. We all want the bad guys to get caught. But we also want to make sure the innocent aren’t needlessly targeted, and the best way to achieve the right balance is to require law enforcement agents to go to court and get a warrant.
If you agree, you can tell the White House here that you think the decades-old Electronic Communications Privacy Act (ECPA) is in dire need of an update. There are proposals in Congress that would help, particularly bipartisan ECPA reform introduced by Sens. Patrick Leahy, D-Vt., and Mike Lee, R-Utah, and Reps. Kevin Yoder, R-Kan., and Jared Polis, D-Colo., that would require law enforcement agents to get a warrant based on probable cause to access the content of communication. While not a complete fix, it’s a substantial improvement on the current situation.
Can you hear us now, telecommunications companies?