Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Cellphones Wireless Networking Your Rights Online

Sprint Revealed Customer GPS Data 8 Million Times 315

An anonymous reader sends along Chris Soghoian's blog entry revealing that Sprint Nextel provided law enforcement agencies with its customers' GPS location information over 8 million times between September 2008 and October 2009. The data point comes from a closed industry conference that Soghoian attended, at which Paul Taylor, Electronic Surveillance Manager at Sprint Nextel, said: "[M]y major concern is the volume of requests. We have a lot of things that are automated but that's just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don't know how we'll handle the millions and millions of requests that are going to come in." Soghoian's post details the laws around disclosure of wiretap and other interception data — one of which the Department of Justice has been violating since 2004 — and calls for more disclosure of the levels of all forms of surveillance.
This discussion has been archived. No new comments can be posted.

Sprint Revealed Customer GPS Data 8 Million Times

Comments Filter:
  • by Dyinobal ( 1427207 ) on Tuesday December 01, 2009 @03:04PM (#30287918)
    Automated tool for locating cells? wow that sounds like an invitation for disaster and abuse. So what happens first, someone hacks it, or it's used in a 1984 style manner? (my guess is the latter has already happened/happening.)
    • by afidel ( 530433 ) on Tuesday December 01, 2009 @03:07PM (#30287970)
      Uh, with 8 million requests in a year I'd say it's already very 1984ish. Wonder if this overrides the '911 only' setting on many handsets?
      • by causality ( 777677 ) on Tuesday December 01, 2009 @03:20PM (#30288170)

        Uh, with 8 million requests in a year I'd say it's already very 1984ish. Wonder if this overrides the '911 only' setting on many handsets?

        The funny thing is, those of us who saw this coming and knew that any sort of GPS capability for which it is technically possible for the phone company to read that GPS data would be abused in this fashion were usually called "paranoid" or "conspiracy nuts". How many examples like this do we need before people are less quick to dismiss what they should be examining as a real possibility?

        • Comment removed based on user account deletion
          • he funny thing is, those of us who saw this coming and knew that any sort of GPS capability for which it is technically possible for the phone company to read that GPS data would be abused in this fashion were usually called "paranoid" or "conspiracy nuts"

            It really doesn't matter that they use GPS. Any transmitting radio device can be tracked. It's just a matter of having the right tools and the training to do so. The question you've got to ask yourself is whether or not the convenience of a cell phone is worth the trade off of the phone company having access to your whereabouts whenever you carry said cell phone with you.

            While that's absolutely true, it's also a less convenient way to track someone. Less convenient than having their handset automatically and periodically broadcast its already-calculated whearabouts to anyone who wants to know. Is either carrying a transmitting radio, or carrying a transmitting radio with GPS perfect? No, that's why I never claimed that it was. Do I prefer that we raise the bar as much as possible for this sort of surveillance, and consider it in terms of "the more effort, training, and

      • Uh, with 8 million requests in a year I'd say it's already very 1984ish.

        What you don't realize is that 7.9 million of those requests were generated by LEO officers trying to keep tabs on their teenage daughters. The other .1 were guys checking up on their wives.

    • by megamerican ( 1073936 ) on Tuesday December 01, 2009 @03:08PM (#30287994)

      Automated tool for locating cells? wow that sounds like an invitation for disaster and abuse. So what happens first, someone hacks it, or it's used in a 1984 style manner? (my guess is the latter has already happened/happening.)

      Your latter guess has been mandated by law since the passage of the 1996 telecommunications act. Your cell phone can be listened to and tracked anywhere within coverage area as long as your cellphone has its battery inserted.

      • by Anonymous Coward on Tuesday December 01, 2009 @03:20PM (#30288168)
        I guess that explains why you can not remove the battery on the iPhone.
      • by TheNarrator ( 200498 ) on Tuesday December 01, 2009 @03:29PM (#30288302)

        Welcome to the Technetronic era!

        The technetronic era involves the gradual appearance of a more controlled society. Such a society would be dominated by an elite, unrestrained by traditional values. Soon it will be possible to assert almost continuous surveillance over every citizen and maintain up-to-date complete files containing even the most personal information about the citizen. These files will be subject to instantaneous retrieval by the authorities.’

        - Zbigniew Brzezinski, Between Two Ages: America’s Role in the Technetronic Era, 1970

        FYI, Zbigniew Brzezinski [wikipedia.org] is one of America's most influential foreign policy strategists.

      • by whterbt ( 211035 ) <m6d07iv02@sneakemail.com> on Tuesday December 01, 2009 @03:47PM (#30288568)

        Your latter guess has been mandated by law since the passage of the 1996 telecommunications act. Your cell phone can be listened to and tracked anywhere within coverage area as long as your cellphone has its battery inserted.

        [citation needed]

      • Re: (Score:3, Interesting)

        by Facegarden ( 967477 )

        ... Your cell phone can be listened to and tracked anywhere within coverage area as long as your cellphone has its battery inserted.

        Uh, really? Even when the phone is powered off? My phone doesn't seem to communicate with the cell towers when its powered off, or else the battery would still die. Are you citing some verifiable resource, or just conspiracy theory? I'm not trying to flame, it just sounds unlikely to me that a powered off cell phone would still be trackable. Of course, if you really don't wanna be tracked, removing the battery is safer, because crazier things have happened, but still, are you sure you're correct?
        -Taylor

    • There is a simple fix for this problem: Someone with law enforcement access needs to log in, look up the numbers for some prominent politicians and CEOs, and start posting their locations on a public site. When we can watch the watchmen, they will restore proper checks and balances (require a warrant or similar).

      I suspect that focusing the spotlight on the roaches at the top will send them scurrying for cover in rapid order.
      • by ae1294 ( 1547521 )

        When we can watch the watchmen, they will restore proper checks and balances (require a warrant or similar).

        That would be nice if it was true but I assure you that important people will get a special private flag on their accounts to prevent terrorists from hacking in and finding where they all are...

    • Well, eight million requests - good grief. Maybe the police has an automated screen scraper tied to a moving map to follow a suspect in real time. Otherwise some copper must really bored and pressing Reload umpteen times a day.
  • Mine, though I seriously doubt all the other major carriers aren't also doing this. Maybe I'll go back to using pre-paid phones plus Google voice to rule them all, Google versus the Feds, who do you trust less?
    • Re: (Score:2, Interesting)

      by xaositects ( 786749 )
      From Sprint's site:

      To make wireless communications possible, our network knows the general location of your phone or wireless device whenever it is turned on. Your wireless device sends out a periodic signal to the nearest radio tower/cell site so that our network will know where to route an incoming communication and how to properly bill for the service. This is necessary to make wireless communications possible. Location information derived from providing our voice service, in addition to being covered

  • by P-38Jbird ( 1087601 ) on Tuesday December 01, 2009 @03:12PM (#30288050)
    As if... So, tell me, how many of these were legal crime fighting uses and how many were just cops checking up on their girlfriends, ect. 8 million. and thet's just Sprint.
    • Isn't it each time you dial 911 that it tries to get a gps lock on you???? I don't know if this is still the case now, but at least, that was the case being made when the law was originally passed to get all the new cell phones sold -- gps-enabled by a certain year.
  • 8 million times? (Score:3, Informative)

    by Culture20 ( 968837 ) on Tuesday December 01, 2009 @03:12PM (#30288058)
    That could easily be 15 people, one "location" revealed per GPS heartbeat for the full year+month. Or a slightly larger number of people tracked for smaller periods of time. No, I didn't read the article, but 8,000,000 sounds ridiculously high for individual requests.
    • by Knara ( 9377 )

      That could easily be 15 people, one "location" revealed per GPS heartbeat for the full year+month. Or a slightly larger number of people tracked for smaller periods of time. No, I didn't read the article, but 8,000,000 sounds ridiculously high for individual requests.

      I suspect this is closer to the truth. Try getting even 100 requests for information out of a telecom, much less 8,000,000 individual requests, even if the tool is somewhat automated.

      • Re: (Score:3, Insightful)

        by chriso11 ( 254041 )

        Errr - since the phone company gets paid every time they provide the data, I doubt they put any roadblocks in the process.

  • by fuzzyfuzzyfungus ( 1223518 ) on Tuesday December 01, 2009 @03:16PM (#30288104) Journal
    Yesterday's unmedicated-schizophrenic black helicopterite conspiracy theory is today's mundane maybe-the-media-will-actually-bother-to-pick-it-up-I-think-we-have-some-space-on-page-six story.
    • And tomorrow's front page headline. The question is whether the headline article will say, "What an outrage; someone should stop this!" or the more likely, "This is why you need to calm down and be good citizens."

      • I suspect that we'll be treated to a facile "debate" on the matter by a largely supine media who, when not overtly groveling for their coveted "access", have let a fetish for "balance" overwhelm any commitment to clear presentation of the truth.

        Your staid, respectable, "serious" journalists will write a bunch of he-said/she-said articles, where bland denials from law enforcement will be taken at face value.

        The only part of this that isn't completely predictable is trying to figure out how right wing s
    • by BobMcD ( 601576 )

      And if the trend is continuing, pause to imagine the unprecedented horrors that await us tomorrow.

  • by Tynin ( 634655 ) on Tuesday December 01, 2009 @03:16PM (#30288110)
    I just don't understand how this could be legal. The fact that Sprint is being open about this seems to suggest that they have done nothing wrong, and this is business as usual. If so, is this standard with other cell providers as well? I could have sworn I've read an article elsewhere, where someone was trying to locate a missing person and contacted the cell provider to have them give them GPS coords and they refused to turn them over without a court order (cannot find it after some searching)... yet they give the police unlimited access without so much as a court provided rubber stamp machine?!
    • by Tynin ( 634655 ) on Tuesday December 01, 2009 @03:29PM (#30288306)
      Sorry for replying to myself. After some more research I found a ruling by the DoJ (discussed on /. here [slashdot.org]) that what Sprint is giving the police is protected by the 4th Amendment and would need a warrant to be issued before providing that data. Yet that isn't happening. I read the article, I'm still not sure how this could be legal.
    • by ManConley ( 1085415 ) on Tuesday December 01, 2009 @04:01PM (#30288806)

      While the Lenihan order [eff.org] and decision did say that the government cannot demand location information without a search warrant, that decision has been appealed by the current administration [irregulartimes.com]. And even if the DOJ loses that appeal, the decision would only apply to a limited section of the country - other courts could decide differently.

      The bigger issue is that electronic communications laws are badly out-of-date. There are so many grey areas and loopholes that Sprint and the DOJ can easily argue with a straight face that GPS records are not protected by the Constitution, are not protected by federal or state law, can be demanded without a search warrant, can even be voluntarily handed over with no process whatsoever, do not have to be logged, and do not require anyone ever to tell the person whose location information was collected that they were tracked. And while the courts often do get it right eventually, that's a really slow battle - we need a better approach than that.

      We (the ACLU) are launching a new campaign, Demand Your dotRights [dotrights.org], to push companies and lawmakers to provide real protections for our personal information. The "Electronic Communication Privacy Act," which is supposed to protect information like GPS records, was passed in 1986(!) - it just doesn't fit any more.

      We hope you will all sign on and join our efforts to push Sprint, lawmakers, and others to respect individual privacy. It clearly won't be an easy battle (seeing how Sprint is actually proud of its "over 8 million GPS record requests served" title), but with enough support, we hope to make a difference - and we could use your help!

    • I bet there's something in the Sprint contract that lets them 'provide information to law enforcement officials in the case of an investigation' or something like it.

      What rights the government doesn't take you can still give away.

    • The article mentions Verizon turning over data as well. They are currently the leader in marketshare in the cell phone market too. I am sure they all do this...

  • I am now really glad I don't have GPS in my cellphone. In fact, I am glad I almost never even have my cellphone with me anymore...
    • by Equuleus42 ( 723 )

      I'm glad I don't have a cell phone.

      • I'm glad I don't have a cell phone.

        I really don't understand that. I mean, are you a criminal doing serious stuff where tracking would matter? Not that this sprint stuff is okay, but i mean, I just don't get people without cell phones. And i've had the why or why not discussion on slashdot enough I don't want to have it again, but still, i just don't get it. I mean, you don't not have it just to avoid tracking, do you?
        -Taylor

    • I am now really glad I don't have GPS in my cellphone. In fact, I am glad I almost never even have my cellphone with me anymore...

      They can still find you to within a couple hundred meters. They use cell triangulation for 911 calls and smartphones with google maps use it with surprising accuracy for a rough fix when GPS is off or out of signal.
      -Taylor

      • I don't know if this is specific to Google maps on Android, but when I have the GPS turned off the wireless triangulation is off by at least a half of a mile every time. Makes me wonder if I get in a car wreck in a ditch if they'd really be able to find me.

        • I don't know if this is specific to Google maps on Android, but when I have the GPS turned off the wireless triangulation is off by at least a half of a mile every time. Makes me wonder if I get in a car wreck in a ditch if they'd really be able to find me.

          Yeah, I'm not sure. It seemed to be better on my windows mobile phone back in the day when i first got it, but that is probably just my perception and not reality. For people seriously trying to avoid being found though, half a mile is still something to worry about though. If the FBI was after someone, that would probably be enough.

          And yeah, i just verified on google maps on android that i get a location accurate to 800 meters, which is pretty much exactly half a mile. It may seem more accurate because whe

  • Warrant required? (Score:5, Interesting)

    by Jon_Hanson ( 779123 ) <jon@the-hansons-az.net> on Tuesday December 01, 2009 @03:32PM (#30288352)
    That's great that they have a web interface to service the law enforcement needs to track people by the GPS in their cell phone. How does the web site verify a valid warrant? Does the web site ask them to hold it up to the screen for verification?
    • Surely warrants have some kind of identifier on them, even if it's just the title. Seems easy enough to require the police to fill in another field with the warrant ID. The defense lawyers can then sort through it all and blow things up at their convenience.

    • Re: (Score:2, Insightful)

      by Wrath0fb0b ( 302444 )

      That's great that they have a web interface to service the law enforcement needs to track people by the GPS in their cell phone. How does the web site verify a valid warrant? Does the web site ask them to hold it up to the screen for verification?

      A warrant is only necessary if the government wants to take something by physical force or wants to search something that is considered private against the consent of the owner. If the cops knock on your door and ask to read your copy of TV Guide, they don't need a warrant if you voluntarily give it to them. Knowing and uncoerced consent (absent any other taint of illegality such as an illegal seizure) always negates the need for a warrant.

      Moreover, as far as the law is concerned, absent a particular contra

      • Re: (Score:3, Insightful)

        by citylivin ( 1250770 )

        You have to agree to be monitored by the police to use a cel phone in the states? and you act like its no big deal!

        You seem to think that they are talking only about GPS enabled phones, but what they are probably talking about is cel phone triangulation, more commonly called GPS-A. To me its pretty scary because the government should not be able to track you without a court ordered warrant! thats called freedom, and it prevents SEVERE abuses of power. Sounds like this info may be archived to a database too.

  • Not just Sprint (Score:3, Informative)

    by mu51c10rd ( 187182 ) on Tuesday December 01, 2009 @03:33PM (#30288368)

    This was interesting:

     

    The first agency within DOJ to respond was the U.S. Marshals Service (USMS), who informed me that they had price lists on file for Cox, Comcast, Yahoo! and Verizon. Since the price lists were provided to USMS voluntarily, the companies were given the opportunity to object to the disclosure of their documents. Neither Comcast nor Cox objected (perhaps because their price lists were already public), while both Verizon and Yahoo! objected to the disclosure.

    I am sure all the major providers are guilty of this. Regardless, I am curious to see if 911 operators are lumped into those requests. Many of them may be dispatch trying to find someone's cell phone from an accident or someone in trouble.

  • I think because of Paul Taylors attitude " and I just don't know how we'll handle the millions and millions of requests that are going to come in."
    Most smart people will gravitate toward other service providers rather than become a statistic picked up by cops just 'cause they're cops and they wanted to."
    When the industry picks up that we want more privacy then we'll get it. Or else.

  • by BobMcD ( 601576 ) on Tuesday December 01, 2009 @04:03PM (#30288836)

    ...I'm willing to take a crack at some amateur number crunching.

    Per billshrink [billshrink.com], Sprint is responsible for 51M out of 268M or so that are in the cell phone market. 8M of those were monitored via data collected via Sprint, and it is unknown whether or how this number scales across the other providers.

    Google [google.com] holds the US population at 304M.

    CNN [cnn.com] has the US prison/probation/parole population at 7.3M.

    Right off the bat, it seems like you have a greater chance of having the government track your GPS data than being actually convicted of a crime. And this assumes the numbers are equal, where they are not.

    7.3M from a total of 304M is 2.4%. The odds of you being a criminal are approximately three in one hundred.

    8M from a total of 51M is 15.6%.

    6.5 times as many people, proportionately, were spied upon by Sprint on behalf of law enforcement.

    Extrapolating that out, something close to 50M people's cell phone data was shared with law enforcement. Looking at the prison population numbers, this means for every criminal in the entire system, something like five were investigated. And that doesn't completely hold up either because those 7.3M aren't cell customers on the one hand, and not every citizen in the US is a member of the market share.

    And this is just the data we know about.

    Again, the math here is almost certainly wrong, but I'm sure some bright slashdot folks can come along and help us with that.

  • What makes Sprint/Nextel think all those requests come from law enforcement?

    It was rumored that the FBI's "carnivore" monitoring system was predominantly utilized by unauthorized third-parties, and there's been considerable speculation that until recently remote wiretaps were being performed predominantly by individuals from overseas (from what I understood from a friend that was an engineer for AT&T, he felt that they were some combination of industrial spies and just plain miscellaneous hackers).

  • by BackcountryLawyer ( 1690870 ) on Tuesday December 01, 2009 @04:54PM (#30289516)
    I am all for privacy, but some of you need to take off the tin foil caps. As a law clerk to a federal magistrate judge, I deal with these things all the time. Allow me to clarify some confusion. When it comes to electronic communications, there are two major tools available to law enforcement: intercepts (like a wiretap) and pen registers/trap and trace devices (pen for short). Intercepts are when you listen to the substantive communication, like the dialog of a phone call. Intercepts constitute a "search" under the 4th Amendment, and therefore require a warrant. Due to public pressure, Congress has heightened the Constitutional warrant requirements for electronic communications, requiring even more from law enforcement. Telephone wiretaps are the most common type of intercept, but they are still relatively rare as they cost approximately $60,000 per month to maintain. Pens record the information provided to the third-party company that is routing the communication, for example the phone number. The Supreme Court ruled that this information is not protected by the 4th Amendment. The Court held that the phone company is free to disclose the information, and you therefore have no expectation of privacy. Agree or not, that is the law. Without 4th Amendment protection, there is no warrant requirement and no need for probable cause. As with wiretaps, however, Congress decided to provided some level of privacy protection even though the Constitution didn't require it. Federal law requires that the information sought will likely be relevant to an ongoing investigation--a rather low standard. It may seem shocking that all this information can be taken by law enforcement, but this is the way it has always been. In any case, even a civil case between two individuals, "private" information like bank records, call records, all sorts of things can be subpoenaed. Electronic information is no different. As far as obtaining user GPS data 8 million times, a pen that seeks GPS data will apply to a particular phone number, but it will not be limited to one sample. If police are tracking the movements of say a drug dealer, attempting to identify his supplier, the GPS data will be polled repeatedly to track his movement. For example, once per half hour for a month would be about 1,440 requests. When this fact is factored into the size of the US population, 8 million seems like much less of a big deal. In the end, the information being obtained without a warrant is all information you freely gave to a third party. Of course that brings up questions with companies like Google, who are third-parties potentially storing all of your personal documents. Whether that information can be obtained without a warrant has not been definitively answered. Ultimately, the question will come down to whether one has an "expectation of privacy," and that decision will be made by the courts.

An adequate bootstrap is a contradiction in terms.

Working...