Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Monday, 16 December 2013
Warrant Not Required: Police Demand Your Cellular Data
It turns out that NSA agents aren't the only ones after your personal information. It probably comes as no surprise that law enforcement is also interested in information about individuals. So much so that law enforcement agencies have filed nearly a million requests for information in a single year.
We know this from inquiries made by Massachusetts Senator Edward Markey, which were published on his website. It includes replies from all the major carriers: AT&T, T-Mobile, Cricket, CSpire, Sprint, US Cellular, and Verizon. Taken all together, there were at least 946,288 requests for information from law enforcement last year. This is a low figure, since Sprint declined to respond publicly and some carriers—like Verizon—could only provide estimates.
What Kind of Information?
The kind of information, how it was obtained, and the circumstances surrounding the disclosures vary wildly. One of the main focuses of Senator Markey's questioning focused on so-called "cell tower dumps." This includes the record of all cellphone users who have connected to a designated cell tower, or towers, during particular times. In their response to Senator Markey, AT&T said that the average time frame was one hour and 20 minutes.
While there are clear differences, this sounds an awful lot like the full-spectrum information sucking that recently put the NSA in the headlines. Other information included location data, actual wire-taps, voicemails, and text messages among others. Many of the wire-tap requests were a product of our old friend CALEA.
Most of the wireless carriers take pains to emphasize that they are merely following the letter of the law. Many of the requests they fill are the results of subpoenas and court orders signed by judges. However, there are exceptions where law enforcement has merely to prove that the information is needed under "emergency circumstances." No warrant, apparently, required.
Blame ECPA
Law enforcement is able to obtain this information through a 1986 piece of legislation called the Electronic Communications Privacy Act, or ECPA. The law allows police to obtain electronic communications that are older than 180 days without a warrant.
Gregory Nojeim,Senior Counsel at the Center for Democracy and Technology, explained the rather topsy-turvy nature of the current ECPA legislation. Under the law, police can use subpoenas to obtain less sensitive data, and detailed information like email logs requires a court order. "For content, though, ECPA permits law enforcement access without any judicial authorization in many circumstances, and that needs to change because content is such sensitive information," Nojeim told SecurityWatch.
"Have no doubt, police see our mobile devices as the go-to source for information, likely in part because of the lack of privacy protections afforded by the law," said ACLU's legislative counsel Christopher Calabrese in a press release
"The idea that police can obtain such a rich treasure trove of data about any one of us without appropriate judicial oversight should send shivers down our spines," said Calabrese.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment