More frequently than ever, wireless carriers are giving personal information of their users to governments, sometimes even voluntarily. Congressman Ed Markey of Massachusetts’ 7th Congressional District reported that just last year, major phone companies received 1.3 million requests from the government to obtain user’s private data. Hundreds of thousands of those court orders and subpoenas had no warrant.
While most wireless carriers have no legal choice and have to succumb to these requests, they can actually limit what private user data they give away to law enforcement and other organizations. To curb the sudden increase of mobile device reconnaissance, here’s what wireless carriers can do:
Reduce the amount of data stored, and delete earlier
If private information isn’t there, governments can’t mandate a phone company to hand it over. Wireless carriers can delete user information right away if they no longer need it, or they can even go the extra mile and not store data altogether.
According to a data retention times chart from the Department of Justice, major wireless carriers store data variously. Some calls are stored for around seven years, text messages are stored for at most one week, and pictures are stored until a user’s contract expires.
In contrast, Sonic.net, an internet provider based in Northern California has a policy to retain data for a maximum of two weeks. The duration is just right for serving emergency requests from law enforcement without keeping user Internet history for longer periods.
Wireless carries should look for expiration dates as well, according to Lee Tien, an attorney for Electronic Frontier Foundation. “Carriers have an economic interest in maintaining records like billing data. But the real question is whether there’s a sweet spot where they could reduce the amount of information and time they hold it that works for both the subscribers’ privacy and for their business,” he said.
Coordinate with other carriers and establish the minimum cooperation standard
There is great variety in how various wireless providers deal with law enforcement requests. For example, Cricket, a major phone carrier, is the only one documented to prevent law enforcers from obtaining data from users accessing a particular cell tower over a certain time, so called “tower dumps.”
All wireless carriers should stop offering tower dumps as well, because this prevents random users from being treated as criminal suspects. In addition, all should be legally required to come up with best practices on limiting what user data to share to the government. It removes the surveillance confusion that is happening right now. Phone company lawyers should discuss with each other and learn about each other’s arguments for limiting information turn over.
Let users know their data is being used
National security letters, subpoenas, court orders, and wiretaps sometimes use gag orders to keep companies from informing users their data is being requested for use by the government. As such, users won’t have the ability to dispute what is being done to their personal information.
Companies such as Calyx, Sonic.net and Twitter, have gone against these gag orders in court. There are instances wherein they were successful at informing users regarding the matter. On the other hand, wireless carriers have been unable to take similar stands for their users.
According to Julian Sanchez, a research fellow for Cato Institute, “…they could be challenging them not to say we want to immediately reveal this, but to at least have an expiration date. Two years from now, or five years from now, it has to be possible for them to say ‘we’ve gotten this many national security letters demanding this much information. Carriers need to be willing to step up and spend a little money to limit these gags that persist long after investigations are closed.”
Go against anti-privacy legislations
Phone companies should lobby against U.S. laws allowing government organizations to access their user personal information.
For example, Digital Process, a group that is joined by Microsoft, Facebook, Apple and Google, has advocated the need to change the Electronic Communications Privacy Act. Their goal is to keep the government from tracking user locations via mobile and Internet services and inhibiting it from using stored data. Among all telecommunications companies, AT&T is the only one participating in this group.