Mobile phone carriers oppose law requiring warrants for location data

Filed Under: Data loss, Featured, Law & order, Privacy

CTIA logoThe mobile carriers industry trade group, CTIA–The Wireless Association, is objecting to a proposed bill that would require the police to produce a warrant if it wants access to location data on people's mobile phones.

CTIA are calling the legislation "unduly burdensome" to say no to police who arrive without warrants.

The bill in question, California Location Privacy Bill (SB 1434), doesn't stop the carriers from handing over location data, but it does require that police get a warrant first.

The proposed law also states that carriers must publish reports showing the number of disclosures they've made in a given calendar year, including:

  • how many times each wireless provider disclosed information (and how many times it didn't)
  • how many times the carrier contested data demands
  • how many users' data were disclosed.

And this report is to published on the internet by the following April.

On April 12, the CTIA wrote [PDF] to the bill's sponsor, State Senator Mark Leno, saying that CTIA opposes the proposed legislation due to "serious concerns":

"These reporting mandates would unduly burden wireless providers and their employees – who are working day and night to assist law enforcement to ensure the public’s safety and to save lives."

... and that the legislation would "confuse" them.

For example, an issue the carriers would find confusing is the definition of "location information." CTIA say that it is "so sweeping" that it could overlap basic subscriber information:

"Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information. It could place providers in the position of requiring warrants for all law enforcement requests."

Ars Technica's Cyrus Farivar, for one, is confused about why the CTIA is confused.

Here's what he had to say:

"Earlier this month, the ACLU said it received over 5,500 pages from 200 local law enforcement agencies about their tracking policies. The organization concluded that 'while cell phone tracking is routine, few agencies consistently obtain warrants.

Importantly, however, some agencies do obtain warrants, showing that law enforcement agencies can protect Americans' privacy while also meeting law enforcement needs.' In short, it seems like law enforcement can stay within the law, even when it takes the trouble to get a warrant—how is that confusing?"

wireless_warning 170Regarding the cost and labour involved in putting up reports that tell the public how they are releasing our information: well, if it's really all that costly to the poor, cash-strapped wireless providers, perhaps it's time for them to increase the fees they charge law enforcement agencies for the all-you-can-eat buffet of data they provide.

One example, as security and privacy researcher Christopher Soghoian reports, is Sprint, which charges a flat $30/month for electronic surveillance of location/GPS data.

Obviously, they're giving the data away.

Sometimes that's a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant.

For all the other times?

Let's hope the bill passes. It's time for a lot more transparency from the carriers who give our data away, and a great deal more accountability from the agencies who seek it in the first place.

Wireless image courtesy of Shutterstock

, , , , , , ,

You might like

14 Responses to Mobile phone carriers oppose law requiring warrants for location data

  1. Richard · 806 days ago

    "It could place providers in the position of requiring warrants for all law enforcement requests."

    And they think that's a *bad* thing?!

  2. Michael · 806 days ago

    'Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information.'

    If they're having difficulty understanding a basic requirement, what are they doing running a telecomms network? The tax system's even more confusing, so are they refusing to pay taxes also? I'd also be very wary of providing my financial details to any CTIA firm, or recommending them, because anyone that easily confused is a liability.

  3. PlaceMask · 806 days ago

    The reporting requirements provide accountability and transparency. Getting rid of them opens up a can of civil rights worms. I became pretty frustrated with the whole location privacy issue and decided to publish an app that protects my location, audits my device for location leakage, and monitors any changes to my location settings. PlaceMask Location Privacy is available on Google Play (i.e. Android Market) or you can visit our website: http://www.PlaceMask.com

  4. jamie · 806 days ago

    these phone companies obviously do not care about the part of the constitution dealing with unreasonable search and seizures so i hope it ends up with their own personal data being spied on at will and see who complains then

    and too much work to make those reports - BULL

    all they have to do is log each time it is done and then simply print off the reports

    actually easier than the accounting they do to see how much money they steal by cramming bogus charges on bills

  5. John W. Luther · 806 days ago

    The Telecoms want to not be subject to criminal prosecution for all of the times they provide the information without a warrant.

    • John W. Luther · 806 days ago

      I should have said, not be subject to legal liability for providing such information without having been shown a warrant.

  6. Nigel · 806 days ago

    The wireless carriers are caretakers of our privacy. That trust has always been an implicit part of the deal --- something so obvious that it shouldn’t even be in question. And now that the state (which isn't exactly well known for its performance in honoring that privacy) has actually gone and tried to make that trust explicit, they're saying, "Huh? We're confused..."

    So am I. I was under the impression that they actually took privacy at least somewhat seriously.

    What this really does is expose the complete disregard the wireless carriers have had for their customers' privacy all along. Now that there's a chance they might be required to do what they should have been doing as a matter of routine in the first place, they're squealing like stuck pigs.

    And this is supposed to make them look, what...good?

  7. R0nin · 806 days ago

    It's not as simple as you guys make it sound.

    Law-enforcement requests tracking information for a missing child's cell-phone, or a missing hiker's. "Nope, sorry, can't help you. You have to go find a judge, get a warrant, and then come back to us. You say that might make it too late to help them? Ooh, too bad. The ACLU doesn't want us doing it, so..."

    And yes, this would also put the burden on the carrier for determining if the Law-enforcement agency had a proper warrant or not.

    Of course, the ACLU could go after the Law-enforcement agencies to get this kind of info, but they're not as easy a target as a private company, so they're trying to strong-arm them instead. Because, you know, the ACLU never has an agenda. They're always just looking out for you, right?

    Frankly, I find the tone of this article to be biased and condescending in its treatment of the carriers.

    • Richard · 803 days ago

      Did you read the article?

      "Sometimes that's a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant."

  8. Kyle · 806 days ago

    I agree with the above post. I work in a 911 center and can't tell you how many times we have had to call a cell company to help locate someone in trouble. If they have to worry about whether or not a certain situation falls into the guidelines they are going to cover themselves and choose not to do it.

    In the past I had a domestic call where the boyfriend had knocked the girlfriend out and put her in the truck of his car. She wakes up in the truck and luckily had her phone and calls 911. Of course she had no way to know where she was. The only location she could give me was where they lived so I was able to at least dispatch units to the general area of where things started. Kept her on the line to get a vehicle and perp descriptions, trying to keep her calm, while updating police units with any additional information and at the same time calling her cell provider to try and get her location. The cell phone company figured out where she was in less than 10 minutes and units were dispatched across the county from where the incident occurred.

    Luckily officers located the car, pulled the boyfriend over and arrested him at gunpoint. He had all the items in the car that he needed to kill his girlfriend and bury her at the location he was headed to - which was less than 10 minutes from where he was pulled over.

    If we had to get a warrant in this case, this woman would have been dead. While this story sounds extreme this type stuff happens all the time.

  9. Jack · 805 days ago

    After reading the replies to this, I seriously wonder how many people are paying attention. For one, I am a retired Police Officer (USA) and getting a warrant is a pain, but it's one of the protections that keep the people being "run over" by police departments. If it was easy to get, then it wouldn't be worth the paper it's written on. As was mentioned, there is some attribute to get data that would save a life, such as cell tower accessed or GPS data. No one is going to complain if someone is saved! The simple rule should be "Get a Warrant". Most laws don't function perfectly when initially drawn up, like software some tweaks are required. I think, as usual, you hit it on the head.

  10. Mattis · 805 days ago

    AFAIK this would be the first time that handling of geolocation data is really covered by law. If the law passes, which I hope it does, the carriers can no longer share that information "with selected partners and third parties"on their own say-so.
    I am sure the law will generate lots of exposure and heated conversations about who exactly gets the data today and how come they can have it but the constabulary can not.
    Emergency services searching for missing hikers, etc., have always had the privilege of instant access to any needed information to locate missing persons in danger. I don't believe that is an issue here.

  11. iPad 4 Release Date · 649 days ago

    The Telecoms want to not be subject to criminal prosecution for all of the times they provide the information without a warrant.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.