Orwell Rolls In His Grave
Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year
Feds ‘Pinged’ Sprint GPS Data 8 Million Times Over a Year
Sprint Nextel provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009, according to a company manager who disclosed the statistic at a non-public interception and wiretapping conference in October.
The manager also revealed the existence of a previously undisclosed web portal that Sprint provides law enforcement to conduct automated “pings” to track users. Through the website, authorized agents can type in a mobile phone number and obtain global positioning system (GPS) coordinates of the phone.
The revelations, uncovered by blogger and privacy activist Christopher Soghoian, have spawned questions about the number of Sprint customers who have been under surveillance, as well as the legal process agents followed to obtain such data.
...
But he said that a single surveillance order against a lone target could generate thousands of GPS “pings” to the cell phone, as the police track the subject’s movements over the course of days or weeks.
...
He cites a telecom attorney named Al Gidari who claimed at a talk last year that each of the major wireless carriers received about 100 requests a week for customer-location data. At 100 requests a week for each of the top four wireless carriers, the total should be around 20,000 requests a year.
...
There are four circumstances under which law enforcement agents can use the Sprint website and obtain GPS data: 1) under the authority of a court order; 2) to track the location of a customer who has made a 911 call; 3) in an emergency situation, such as tracking someone lost in the wilderness or trying to locate an abducted child or hostage; 4) with a customer’s consent.
...
In the case of court orders, Taylor said agents are required to provide Sprint with the order, after which the company provisions the law enforcement account to allow an agency to track the targeted phone number. Court orders cover a 60-day period, and agents can do automated pings to obtain real-time GPS data every three minutes throughout that 60-day period
You should note that 8m divided by 20k is 400 pings per request. There are 1440 minutes each regular day so 480 pings per day per request are allowed. This means that law enforcement is capturing almost a days worth of GPS data per request.
Do you want to bet that AT&T and all the other wireless operators have a similar system? While this is a shocking headline, the numbers aren't horrible. This is what is shocking, "authorized agents can type in a mobile phone number and obtain global positioning system (GPS) coordinates of the phone";
What is amazing is the potential for abuse. The phone companies, I'm sure, don't just allow access to your present location right now but have a historical record of where you were. What kind of access do law enforment agents have to that data as well?