fb-pixelCellphone firms regularly give data to law enforcement - The Boston Globe Skip to main content

Cellphone firms regularly give data to law enforcement

Big providers give authorities records of calls, locations

Senator Edward J. Markey said law enforcement “can be tough on crime and tough on privacy.’’AP/File

WASHINGTON — The nation's largest wireless companies regularly give state and local law enforcement authorities thousands of records of cellphone calls and customer locations gleaned from cellphone towers, part of a dramatic expansion of domestic surveillance to investigate crimes, according to new industry statistics provided to Congress.

Last year alone, law enforcement agencies nationwide accessed individual cellphone records well over a million times, according to data from the eight largest wireless providers.

The three biggest — Sprint, Verizon, and AT&T — also reported that on at least 56,400 occasions they received so-called "emergency" requests from police departments that did not require a warrant or court order.


The heavy reliance on personal cellphone data as an investigative tool — Verizon reported it has seen such requests double in the past five years — is raising new concerns among lawmakers and privacy groups already worried about allegations that the National Security Agency is scooping up the phone calls of innocent Americans in the name of fighting terrorism.

The new data will be released Monday by Senator Edward J. Markey, Democrat of Massachusetts, as part of a two-year effort to determine whether new guidelines are required in the digital age to protect personal privacy.

"There has been a lot of focus on NSA but this is something very different," Markey said in an interview. "These are neighborhood police departments or state police or federal agencies requesting your data. Millions of Americans are having their information swept up in digital dragnets and there are serious questions about how law enforcement handles the information."

AT&T, Verizon, Sprint, and Cricket, one of the smaller wireless carriers, did not respond to requests for comment Sunday afternoon. T-Mobile spokesman Glenn Zaccara told the Globe that the company would consider any new proposed privacy protections.

"We will have to wait and see," he said. "Of course, we will follow any laws enacted."


Earlier, the companies submitted written answers to Markey, saying they are not aware of any abuses of the information they shared.

Law enforcement agencies have reported in recent years that cellphones are proving to be a key tool in the digital age, in which mobile communications devices track not only phone calls but where those calls are made from. Cellphone data help identify possible suspects and ultimately open up new lines of investigation — and thus help solve crimes.

Several law enforcement associations were not immediately available to comment Sunday on the information being released this week.

The extent of the new practice is cause for alarm, said Marc Rotenberg, president of the Electronic Privacy Information Center, an advocacy group in Washington.

"The mass collection of cell tower information by law enforcement agencies poses a real risk to cellphone users," he said. "Police should be able to get necessary information for a particular investigation pursuant to a court order, but that is not the current practice. Instead everything on everybody is routinely turned over."

He said his organization is seeking regulatory changes that would update federal privacy laws.

The information provided to Markey by the cellphone providers was not broken down geographically. Where the volume of law enforcement requests is highest is not known.

The type of information being accessed can be broad, the companies reported, including call histories, where those calls were made — known as "geolocation" — and in some cases even the content of the calls.


AT&T, in its response to Markey, explained that "a request for call detail records may also ask for real-time geolocation and historical cell tower location."

Verizon, in its written response to Markey's staff, explained that the number of law enforcement requests "has approximately doubled in the last five years, a trend that appears to be consistent with the industry in general."

Among the newest tools for law enforcement is to gain access to so-called "cell tower dumps," the broad range of information — such as call histories of users in the vicinity — recorded when mobile phones give off a signal to nearby cell towers. There were at least 9,000 of them in 2012, the eight companies reported, potentially affecting hundreds of thousands of users.

The data allow law enforcement to know all the cell users in a geographic area during a specific period of time, ranging from a few minutes to several hours or even days or weeks. The data can often be useful for law enforcement to track a potential suspect who flees the scene of a crime.

Yet the ability to collect such tower data is relatively new. According to Cricket, one of the smaller wireless carriers, "this capability became available in October 2012."

Markey expressed concern about the number of so-called emergency requests for personal phone information — what law enforcement calls "exigent circumstances" — that do not require a warrant or court order.


In 2012, AT&T said it received 17,900 such requests; Sprint 8,500; and Verizon 30,000, according to the data provided by Markey's office.

"Given that these requests are self-certified by police with no independent audit, this seems ripe for at least some abuse or misuse," according to a report compiled by Markey's staff.

The companies told Markey they have no knowledge of abuses in these cases and expressed confidence in its privacy safeguards.

"If AT&T determines that a particular request does not fit the criteria for an emergency response, the requesting law enforcement agency is advised that the information cannot be provided without legal process," the company wrote to Markey's committee.

It reported that on 800 occasions in 2012, it rejected a surveillance order and rejected subpoenas that were submitted electronically about 500 times.

"AT&T rejects requests for information about customer phone usage when the form of process received is not appropriate for the type of information requested, or when there is a procedural defect that prevents the request from meeting legal requirements," the company explained.

But some of the companies also reported that they do not require warrants for certain types of user "geolocation" data.

For example, T-Mobile does not require a subpoena for historical data on a user's location, only "real-time" location data, while AT&T only requires a warrant for historical location data but not for the "real time'' data.

The companies, in the information provided to Congress, also revealed how they maintain widely divergent standards for retaining personal cellphone information. For example, AT&T retains cell tower locations for subscriber's cellphones and the details of the calls they make for five years, while texts are erased after 72 hours unless a customer pays for the company to store them.


Other companies reported that they keep such information for far less time, between 18 to 24 months. Markey's office noted that Sprint's responses were incomplete.

He said he is drafting legislation that he hopes will strengthen protections governing cellphone data, including requiring law enforcement agencies to disclose the nature and volume of requests; curbing the cell tower "dumps" so that requests are narrowly tailored whenever possible; and requiring a warrant for all geolocation information.

"This is the traditional standard for police to search individual homes. When police access location information, it is equally sensitive and personal and should be treated commensurately," Markey said.

He also wants a new measure requiring that in emergency requests, the authorities have to sign a sworn statement afterward asserting that the circumstances required not waiting for a warrant.

Said Markey: "We can be tough on crime and tough on privacy."

Bryan Bender can be reached at bender@globe.com. Follow him on Twitter @GlobeBender.