They know who you called last summer

If you secretly suspected that nifty mobile device in your pocket was spying on you, your paranoia has just been richly rewarded.

As the New York Times reports, a Congressional inquiry into cell phone surveillance reveals that U.S. law enforcement agencies requested data from wireless carriers more than 1.3 million times last year — or nearly 500 times the number of wiretaps approved over the same period.

[ Also on InfoWorld: Cringely names the 10 worst tech screwups of 2012 (so far). | For a humorous take on the tech industry’s shenanigans, subscribe to Robert X. Cringely’s Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld’s Tech Watch blog. ]

That number is way larger than anyone expected. But the actual number of people spied on might be even higher, says the Times:

Because of incomplete record-keeping, the total number of law enforcement requests last year was almost certainly much higher than the 1.3 million the carriers reported to [Senator] Markey. Also, the total number of people whose customer information was turned over could be several times higher than the number of requests because a single request often involves multiple callers. For instance, when a police agency asks for a cell tower “dump” for data on subscribers who were near a tower during a certain period of time, it may get back hundreds or even thousands of names.

More interesting numbers in that Times story: AT&T got an average of 700 requests a day, or roughly triple the number it received five years ago. About a third of those requests were deemed “emergencies” — such as location tracking to find someone who’s gone missing or is suicidal — and thus did not require a subpoena or other court order to be filled. Sprint, meanwhile, received nearly 1,500 requests every day.

Not all of these requests were filled, though most of the wireless carriers declined to name how many they rejected. One provider — tiny C Spire Wireless — said it kicked back 15 percent of the requests it received, and T-Mobile said it referred two police requests to the FBI after deeming them “inappropriate.”

By the way, all this tracking isn’t cheap. Wireless companies are allowed to pass the expense of doing data searches onto taxpayers. AT&T billed us $8.3 million for the privilege of letting Johnny Law paw through our call records and texts, for example.

What this report makes clear is that mobile data requests are becoming as routine as full body frisks and Miranda warnings for law enforcement. What isn’t clear are the rules law enforcement agencies are following when they make these requests, which are likely to vary wildly from one jurisdiction to the next.

For example, what constitutes an “emergency request,” and who gets to decide? Based on this report, it seems like that’s up to the lawyers at the wireless firms. I can see a future where the number of police requests continues to climb, and wireless carriers will simply comply with all requests because it’s easier and cheaper.

What happens to this information after the cops request it? How is it stored and for how long? Data retention policies for wireless companies range from a few days to seven years; what kind of policies do the cops have?

How can we find out if our mobile data has been requested? What can we do to expunge it if it gets into the public record? I doubt most local police departments have any kind of process around this.

Under what circumstances can the cops obtain a cell tower dump, and what happens to the privacy of all the mobile subscribers who happened to be near that tower but are not under suspicion? Or does mere proximity to an alleged criminal act now constitute suspicion?

I also want to know how many of these requests were for location data, and in what circumstances; how many were for calling records; and how many were for the content of texts or other mobile data, such as Web surfing histories or address books. The report raises many more questions than it answers.

There’s always been an uneasy balance between ensuring our individual liberties while giving the cops the tools they need to protect us — or at least, punish offenders after the fact. It’s a problem that’s only been exacerbated by technology, starting with the rotary phone.

But now the cops no longer need to break into your house and plant listening devices, or even sit in an unmarked van down the street watching your front door. If they want to spy on you, they can just go to your wireless company. And there’s virtually nothing any of us can do to stop them.

Who will protect us from the people we pay to protect us? Weigh in below or email me: cringe@infoworld.com.

This article, “They know who you called last summer,” was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely’s Notes from the Field blog, and subscribe to Cringely’s Notes from the Underground newsletter.