Sophos Cloud Optix
The mobile carriers industry trade group, CTIA–The Wireless Association, is objecting to a proposed bill that would require the police to produce a warrant if it wants access to location data on people’s mobile phones.
CTIA are calling the legislation “unduly burdensome” to say no to police who arrive without warrants.
The bill in question, California Location Privacy Bill (SB 1434), doesn’t stop the carriers from handing over location data, but it does require that police get a warrant first.
The proposed law also states that carriers must publish reports showing the number of disclosures they’ve made in a given calendar year, including:
- how many times each wireless provider disclosed information (and how many times it didn’t)
- how many times the carrier contested data demands
- how many users’ data were disclosed.
And this report is to published on the internet by the following April.
On April 12, the CTIA wrote [PDF] to the bill’s sponsor, State Senator Mark Leno, saying that CTIA opposes the proposed legislation due to “serious concerns”:
"These reporting mandates would unduly burden wireless providers and their employees – who are working day and night to assist law enforcement to ensure the public’s safety and to save lives."
… and that the legislation would “confuse” them.
For example, an issue the carriers would find confusing is the definition of “location information.” CTIA say that it is “so sweeping” that it could overlap basic subscriber information:
"Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information. It could place providers in the position of requiring warrants for all law enforcement requests."
Ars Technica’s Cyrus Farivar, for one, is confused about why the CTIA is confused.
Here’s what he had to say:
"Earlier this month, the ACLU said it received over 5,500 pages from 200 local law enforcement agencies about their tracking policies. The organization concluded that 'while cell phone tracking is routine, few agencies consistently obtain warrants.
Importantly, however, some agencies do obtain warrants, showing that law enforcement agencies can protect Americans' privacy while also meeting law enforcement needs.' In short, it seems like law enforcement can stay within the law, even when it takes the trouble to get a warrant—how is that confusing?"
Regarding the cost and labour involved in putting up reports that tell the public how they are releasing our information: well, if it’s really all that costly to the poor, cash-strapped wireless providers, perhaps it’s time for them to increase the fees they charge law enforcement agencies for the all-you-can-eat buffet of data they provide.
One example, as security and privacy researcher Christopher Soghoian reports, is Sprint, which charges a flat $30/month for electronic surveillance of location/GPS data.
Obviously, they’re giving the data away.
Sometimes that’s a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant.
For all the other times?
Let’s hope the bill passes. It’s time for a lot more transparency from the carriers who give our data away, and a great deal more accountability from the agencies who seek it in the first place.
Wireless image courtesy of Shutterstock
"It could place providers in the position of requiring warrants for all law enforcement requests."
And they think that's a *bad* thing?!
EXACTLY!!!
'Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information.'
If they're having difficulty understanding a basic requirement, what are they doing running a telecomms network? The tax system's even more confusing, so are they refusing to pay taxes also? I'd also be very wary of providing my financial details to any CTIA firm, or recommending them, because anyone that easily confused is a liability.
The reporting requirements provide accountability and transparency. Getting rid of them opens up a can of civil rights worms. I became pretty frustrated with the whole location privacy issue and decided to publish an app that protects my location, audits my device for location leakage, and monitors any changes to my location settings. PlaceMask Location Privacy is available on Google Play (i.e. Android Market) or you can visit our website: http://www.PlaceMask.com
these phone companies obviously do not care about the part of the constitution dealing with unreasonable search and seizures so i hope it ends up with their own personal data being spied on at will and see who complains then
and too much work to make those reports – BULL
all they have to do is log each time it is done and then simply print off the reports
actually easier than the accounting they do to see how much money they steal by cramming bogus charges on bills
The Telecoms want to not be subject to criminal prosecution for all of the times they provide the information without a warrant.
I should have said, not be subject to legal liability for providing such information without having been shown a warrant.
The wireless carriers are caretakers of our privacy. That trust has always been an implicit part of the deal — something so obvious that it shouldn’t even be in question. And now that the state (which isn't exactly well known for its performance in honoring that privacy) has actually gone and tried to make that trust explicit, they're saying, "Huh? We're confused…"
So am I. I was under the impression that they actually took privacy at least somewhat seriously.
What this really does is expose the complete disregard the wireless carriers have had for their customers' privacy all along. Now that there's a chance they might be required to do what they should have been doing as a matter of routine in the first place, they're squealing like stuck pigs.
And this is supposed to make them look, what…good?
It's not as simple as you guys make it sound.
Law-enforcement requests tracking information for a missing child's cell-phone, or a missing hiker's. "Nope, sorry, can't help you. You have to go find a judge, get a warrant, and then come back to us. You say that might make it too late to help them? Ooh, too bad. The ACLU doesn't want us doing it, so…"
And yes, this would also put the burden on the carrier for determining if the Law-enforcement agency had a proper warrant or not.
Of course, the ACLU could go after the Law-enforcement agencies to get this kind of info, but they're not as easy a target as a private company, so they're trying to strong-arm them instead. Because, you know, the ACLU never has an agenda. They're always just looking out for you, right?
Frankly, I find the tone of this article to be biased and condescending in its treatment of the carriers.
Did you read the article?
"Sometimes that's a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant."
I agree with the above post. I work in a 911 center and can't tell you how many times we have had to call a cell company to help locate someone in trouble. If they have to worry about whether or not a certain situation falls into the guidelines they are going to cover themselves and choose not to do it.
In the past I had a domestic call where the boyfriend had knocked the girlfriend out and put her in the truck of his car. She wakes up in the truck and luckily had her phone and calls 911. Of course she had no way to know where she was. The only location she could give me was where they lived so I was able to at least dispatch units to the general area of where things started. Kept her on the line to get a vehicle and perp descriptions, trying to keep her calm, while updating police units with any additional information and at the same time calling her cell provider to try and get her location. The cell phone company figured out where she was in less than 10 minutes and units were dispatched across the county from where the incident occurred.
Luckily officers located the car, pulled the boyfriend over and arrested him at gunpoint. He had all the items in the car that he needed to kill his girlfriend and bury her at the location he was headed to – which was less than 10 minutes from where he was pulled over.
If we had to get a warrant in this case, this woman would have been dead. While this story sounds extreme this type stuff happens all the time.
After reading the replies to this, I seriously wonder how many people are paying attention. For one, I am a retired Police Officer (USA) and getting a warrant is a pain, but it's one of the protections that keep the people being "run over" by police departments. If it was easy to get, then it wouldn't be worth the paper it's written on. As was mentioned, there is some attribute to get data that would save a life, such as cell tower accessed or GPS data. No one is going to complain if someone is saved! The simple rule should be "Get a Warrant". Most laws don't function perfectly when initially drawn up, like software some tweaks are required. I think, as usual, you hit it on the head.
AFAIK this would be the first time that handling of geolocation data is really covered by law. If the law passes, which I hope it does, the carriers can no longer share that information “with selected partners and third parties”on their own say-so.
I am sure the law will generate lots of exposure and heated conversations about who exactly gets the data today and how come they can have it but the constabulary can not.
Emergency services searching for missing hikers, etc., have always had the privilege of instant access to any needed information to locate missing persons in danger. I don’t believe that is an issue here.
The Telecoms want to not be subject to criminal prosecution for all of the times they provide the information without a warrant.