Slashdot Mirror
Sprint Revealed Customer GPS Data 8 Million Times
An anonymous reader sends along Chris Soghoian's blog entry revealing that Sprint Nextel provided law enforcement agencies with its customers' GPS location information over 8 million times between September 2008 and October 2009. The data point comes from a closed industry conference that Soghoian attended, at which Paul Taylor, Electronic Surveillance Manager at Sprint Nextel, said: "[M]y major concern is the volume of requests. We have a lot of things that are automated but that's just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don't know how we'll handle the millions and millions of requests that are going to come in." Soghoian's post details the laws around disclosure of wiretap and other interception data — one of which the Department of Justice has been violating since 2004 — and calls for more disclosure of the levels of all forms of surveillance.
Uh, with 8 million requests in a year I'd say it's already very 1984ish. Wonder if this overrides the '911 only' setting on many handsets?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Automated tool for locating cells? wow that sounds like an invitation for disaster and abuse. So what happens first, someone hacks it, or it's used in a 1984 style manner? (my guess is the latter has already happened/happening.)
Your latter guess has been mandated by law since the passage of the 1996 telecommunications act. Your cell phone can be listened to and tracked anywhere within coverage area as long as your cellphone has its battery inserted.
If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
As if... So, tell me, how many of these were legal crime fighting uses and how many were just cops checking up on their girlfriends, ect. 8 million. and thet's just Sprint.
I just don't understand how this could be legal. The fact that Sprint is being open about this seems to suggest that they have done nothing wrong, and this is business as usual. If so, is this standard with other cell providers as well? I could have sworn I've read an article elsewhere, where someone was trying to locate a missing person and contacted the cell provider to have them give them GPS coords and they refused to turn them over without a court order (cannot find it after some searching)... yet they give the police unlimited access without so much as a court provided rubber stamp machine?!
I guess that explains why you can not remove the battery on the iPhone.
Uh, with 8 million requests in a year I'd say it's already very 1984ish. Wonder if this overrides the '911 only' setting on many handsets?
The funny thing is, those of us who saw this coming and knew that any sort of GPS capability for which it is technically possible for the phone company to read that GPS data would be abused in this fashion were usually called "paranoid" or "conspiracy nuts". How many examples like this do we need before people are less quick to dismiss what they should be examining as a real possibility?
It is a miracle that curiosity survives formal education. - Einstein
The true 1984 will come, when all your health records will be known to the Federal Government so that it can monitor both the health care you are getting and whether you are complying with the mandate to carry health insurance.
It sure is "Orwellian" and it is true... Republicans may have skirted some laws (although no more than Democrat Roosevelt did, when arresting thousands of Americans of Japanese, German, or Italian origin) in their "war on terror", but to establish a true Big Brother, a nation needs an Illiberal in office...
Or it needs to have one party, the Statist Party. This party has two factions; one is called the Democrats while the other is called the Republicans. Their value to the Statist Party is derived from maximizing small, petty differences and minimizing fundamental similarities. I'll explain one such similarity.
Traditionally, the Democrats/Leftists prefer personal freedoms at the expense of economic freedoms, while tradtionally the Republicans/Rightists prefer economic freedoms at the expense of personal freedoms. This is the case even though a freedom, once restricted, is never made unrestricted again. So the parties take turns being in power, and while there they implement their particular brand of restrictions. When the other party reacquires power, they further implement their brand of restrictions without lifting those enacted by the party that was previously in power. This guarantees that over time, you end up with less freedom and eventually end up with a total police state. This is only one technique in use. The notion that over generations of time, no one in those parties would have noticed this and decided to change it is absurd. Therefore there can be nothing accidental about it.
The important thing about this system is that it appears to provide choice to the electorate. The electorate must remain convinced that their votes matter and might really change the system, or else they lose all incentive to participate in the system and accept it as valid. This is necessary because the British have already tried to control this region by brute force and overt authority and were not successful; therefore something more deceptive is needed.
It is a miracle that curiosity survives formal education. - Einstein
That's great that they have a web interface to service the law enforcement needs to track people by the GPS in their cell phone. How does the web site verify a valid warrant? Does the web site ask them to hold it up to the screen for verification?
Remember who signed that into law the next time you hear someone try to tell you that Democrats are actually better than Republicans.
And remember who controlled both the House and the Senate when that law was passed by both houses the next time you hear someone try to tell you that Republicans are actually better than Democrats.
Oh and let's look at who actually voted against the act here: Notice how only 1 Republican voted against it in the Senate while 4 Democrats did. And how it wasn't voted against by a single Republican in the House while 15 Democrats did. Even the abstainers don't paint the Republicans in a good light on this one. Only 1 Rep abstained in the Senate while 2 Dems did while 4 Dems in the House abstained while 0 Reps did. And before I get labeled a Liberal or a Democrat, I'm a centrist who votes for the Libertarians.
You are paranoid, a conspiracy nut and have a highly inflated self-image if you honestly think that anyone in the government gives a flying fuck about what you're doing.
If I exceed the speed limit by 10 mph and a traffic cop notices, at that moment someone in the government has chosen to give a fuck about what I am doing. Therefore, it doesn't take much to meet this definition you have given, and that's assuming an honest cop and honest state legislators. I don't even want to know what kind of extralegal problems dishonest cops and corrupt officials could cause with impunity.
It is a miracle that curiosity survives formal education. - Einstein
It also requires knowing where somebody is at, else you'll be triangulating Baltimore when the suspect is over in Philly.
You'd know that anyway. The cellular network is broken up into zones to lessen the load on the paging channel. Pages are the way that the network locates your phone for incoming calls, pings, SMS, etc. If you had one giant nationwide paging zone then you'd have far too many paging requests to handle. So they break the network up into zones and at a minimum are always going to know which zone your phone is located in. In a rural area these zones might stretch for quite a distance but in more urban areas they tend to be smaller, as more phones equals more paging traffic.
The minute your phone makes/receives a call or SMS they know which tower it's on. From that point forward it's child's play to locate the customer. You don't even need to do triangulation either. At a minimum you can figure out which sector of the tower they are on -- that will narrow down their location to a 120 degree slice of the tower's coverage. With GSM you can use the timing advance to figure out their range from the tower, in 550 meter segments. I believe there's also a way to compute the distance from the tower in CDMA networks without needing to do triangulation.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
You think the cops are watching YOU? What are you doing that makes you so paranoid?
That's cute, quaint, and outdated. It used to be that the state had limited resources and therefore, of economic necessity, it could only focus its manpower and its surveillance capability on what it considered to be the most dangerous/influential dissidents. That has been the case, historically.
Technologies like automated GPS and massive databases have changed the game. The more technology advances, the cheaper it becomes to surveil more and more people. A state that would have had to focus its efforts on the 50 most dangerous dissidents 100 years ago can now use those same resources to monitor hundreds or thousands. Over time, that becomes more and more the case. You now have modern governments with plenty of manpower, nearly unlimited funding (thanks to deficit spending), and high technology which can efficiently keep tabs on millions of people at once. The more this is the case, the less unusual you have to be to stand out from the crowd and attract unwanted attention and scrutiny. We are quickly heading towards a future where even expressing a slightly unpopular political opinion can get you noticed whether or not you are informed of this fact.
Think of all the people who have committed no crimes, have not even been accused of a crime, yet end up on the "no-fly" list for no apparent reason and are not allowed to find out why. Right here in America, the "land of the free." Then consider that this list is special because its existence is publically acknowledged and its use appears to be relatively limited.
It is a miracle that curiosity survives formal education. - Einstein
The subject at hand outrages Illiberal slashdotters because the government's law enforcers find it "too easy" to get GPS-data about their suspects (the subset of suspects, who are also Sprint customers) from Sprint. The "health insurance rant" is related to that, because people with self-consistent beliefs ought to be even more outraged, by the government's attempts to learn about each citizen's (suspected of anything or not) health care, linked precisely to their financial information.
That's what links the two topics fairly closely. I hope, I was able to address your concern.
Didn't you promise to leave for Canada in 2004? What happened — the door slammed you too hard on your way out?..
In Soviet Washington the swamp drains you.
While the Lenihan order and decision did say that the government cannot demand location information without a search warrant, that decision has been appealed by the current administration. And even if the DOJ loses that appeal, the decision would only apply to a limited section of the country - other courts could decide differently.
The bigger issue is that electronic communications laws are badly out-of-date. There are so many grey areas and loopholes that Sprint and the DOJ can easily argue with a straight face that GPS records are not protected by the Constitution, are not protected by federal or state law, can be demanded without a search warrant, can even be voluntarily handed over with no process whatsoever, do not have to be logged, and do not require anyone ever to tell the person whose location information was collected that they were tracked. And while the courts often do get it right eventually, that's a really slow battle - we need a better approach than that.
We (the ACLU) are launching a new campaign, Demand Your dotRights, to push companies and lawmakers to provide real protections for our personal information. The "Electronic Communication Privacy Act," which is supposed to protect information like GPS records, was passed in 1986(!) - it just doesn't fit any more.
We hope you will all sign on and join our efforts to push Sprint, lawmakers, and others to respect individual privacy. It clearly won't be an easy battle (seeing how Sprint is actually proud of its "over 8 million GPS record requests served" title), but with enough support, we hope to make a difference - and we could use your help!
I love it! You get an informative mod and I get a troll one for saying the exact same thing. Moderator hypocrisy seems to be on full display today, doesn't it?
No, actually I was refuting your attempt at painting the passage of the act as if it was the fault of the Democrats and the Republicans were totally clear and innocent. The Republicans supported it 100% in the House and by a 96.2% margin in the Senate. The only reason it made it to the desk of Clinton to begin with was through their support of the act.
I am all for privacy, but some of you need to take off the tin foil caps. As a law clerk to a federal magistrate judge, I deal with these things all the time. Allow me to clarify some confusion. When it comes to electronic communications, there are two major tools available to law enforcement: intercepts (like a wiretap) and pen registers/trap and trace devices (pen for short). Intercepts are when you listen to the substantive communication, like the dialog of a phone call. Intercepts constitute a "search" under the 4th Amendment, and therefore require a warrant. Due to public pressure, Congress has heightened the Constitutional warrant requirements for electronic communications, requiring even more from law enforcement. Telephone wiretaps are the most common type of intercept, but they are still relatively rare as they cost approximately $60,000 per month to maintain. Pens record the information provided to the third-party company that is routing the communication, for example the phone number. The Supreme Court ruled that this information is not protected by the 4th Amendment. The Court held that the phone company is free to disclose the information, and you therefore have no expectation of privacy. Agree or not, that is the law. Without 4th Amendment protection, there is no warrant requirement and no need for probable cause. As with wiretaps, however, Congress decided to provided some level of privacy protection even though the Constitution didn't require it. Federal law requires that the information sought will likely be relevant to an ongoing investigation--a rather low standard. It may seem shocking that all this information can be taken by law enforcement, but this is the way it has always been. In any case, even a civil case between two individuals, "private" information like bank records, call records, all sorts of things can be subpoenaed. Electronic information is no different. As far as obtaining user GPS data 8 million times, a pen that seeks GPS data will apply to a particular phone number, but it will not be limited to one sample. If police are tracking the movements of say a drug dealer, attempting to identify his supplier, the GPS data will be polled repeatedly to track his movement. For example, once per half hour for a month would be about 1,440 requests. When this fact is factored into the size of the US population, 8 million seems like much less of a big deal. In the end, the information being obtained without a warrant is all information you freely gave to a third party. Of course that brings up questions with companies like Google, who are third-parties potentially storing all of your personal documents. Whether that information can be obtained without a warrant has not been definitively answered. Ultimately, the question will come down to whether one has an "expectation of privacy," and that decision will be made by the courts.
So when I can keep all of my money because the rightists abolish income tax but I can't marry my partner because we're the same gender and their magic book says that's not allowed... how exactly is that personal freedom?