The U.S. government submitted more than one million requests for data to U.S. cellular firms in 2010, with only a tiny fraction refused or pushed back, according to data collected by one senator.
U.S. Senator Edward Markey (D-MA) on Monday released the details of the major U.S. cell carriers on his website, which detail how many requests for call records — such as numbers dialed, location data, and contents of communication.
In some cases there were warrants, sometimes just a subpoena. Sometimes nothing at all.
Here's the breakdown.
T-Mobile received 297,350 requests [PDF] from the federal government in 2012, including 3,000 wiretap requests. About 29 percent of all requests were declared "emergency" circumstances, which imminently threaten life or property.
The company also said while it doesn't store device geolocations, it holds cell site data for six months. It holds call detail records for 7-10 years, but doesn't store data requests, such as information on website addresses visited by customers.
Verizon received approximately 270,000 requests during 2012 [PDF] from 135,000 subpoenas, including about 1,000 court-ordered wiretap requests, and 5,000 trap-and-trace requests. It also received 6,000 legal demands for data, which link an IP address to a customer's name. About 11 percent of all requests were considered "emergency" requests.
The largest U.S. carrier by customer base said it does not provide real-time location information to law enforcement. The firm said it retains records for up to one year. When data is requested, Verizon charges a "reimbursement" fee for wiretaps and data retrieval.
AT&T received 297,500 requests for data during 2012 [PDF], with just less than half involving wiretaps or call detail records, which is held for five years. In one-quarter of all cases, this included historical or real-time geolocation of customer devices, which is held for five years.
The second largest U.S. cell service said it denied 1,300 requests during the year, but because the company doesn't track all records it said this figure is "understated."
Sprint said while it received government data requests, it does not track the number unlike other firms. It did say it implemented approximately 17,400 wiretaps and 22,000 trap-and-trace devices. It also provided real-time or precise location information around 67,000 times.
The company, which is now more-than-half owned by Japanese cell giant Softbank, said it holds data for 18 months for law enforcement purposes. It also said it charges, like other firms, to access its cell record database for legal warrants and subpoenas.
All companies were neither able to confirm or deny whether it had received a Section 215 request under the Patriot Act, which requires the company to hand over "all tangible" business records.
While U.S. firms are disallowed from disclosing whether they have received a Section 215 request, Apple recently (and legally) said it had not yet been handed such a request. This "warrant canary" allows for those watching in future to determine whether it has been served such a broad-ranging request.
Also, interestingly, there were about 9,000 cell tower "dumps" (that we know of — some firms did not respond or disclose) that allows law enforcement to see all the cell devices using that particular tower within a specific time range. It's not clear what happens with that data.
But according to Markey, this isn't the National Security Agency asking for this information. "It’s your neighborhood police department requesting your mobile phone data," he told the Washington Post. "So there are serious questions about how law enforcement handles the information of innocent people swept up in these digital dragnets."
Doesn't make it any less scary though, does it?