According to a graduate student’s research into the spying policies of major U.S. telecommunications companies, at a recent security conference a Sprint surveillance manager told a group of onlookers that half of all police requests include the target’s text messages.
Half of millions — including some 8 million automated, web-based requests for GPS location, all in just over a year’s time.
The revelation was made by Indiana University grad Christopher Soghoian, as part of his PhD dissertation published Dec. 1, 2009.
He attributes the stunning number to Paul Taylor, an Electronic Surveillance Manager with Sprint Nextel, who was speaking recently at the Washington, D.C. International Securities Systems conference, otherwise known as ISS World.
“Looking around at the name badges pinned to the suits milling around the refreshment area, it really was a who’s who of the spies and those who enable their spying,” he wrote. “Household name telecom companies and equipment vendors, US government agencies (both law enforcement and intel). Also present were representatives from foreign governments — Columbia, Mexico, Algeria, and Nigeria, who, like many of the US government employees, spent quite a bit of time at the vendor booths, picking up free pens and coffee mugs while they learned about the latest and greatest surveillance products currently on the market.”
According to Soghoian, it was during the telecom service providers roundtable discussion that Taylor dropped the bombs.
“[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface,” he said in an audio recording that has since been removed due to alleged copyright violation. “One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement.”
“He’s talking about the wonderful automated backend Sprint runs for law enforcement, LSite, which allows investigators to rapidly retrieve information directly, without the burden of having to get a human being to respond to every specific request for data,” added Julian Sanchez at the Cato Institute. “Rather, says Sprint, each of those 8 million requests represents a time when an FBI computer or agent pulled up a target’s location data using their portal or API. (I don’t think you can Tweet subpoenas yet.) For an investigation whose targets are under ongoing realtime surveillance over a period of weeks or months, that could very well add up to hundreds or thousands of requests for a few individuals. So those 8 million data requests, according to a Sprint representative in the comments, actually ‘only’ represent ‘several thousand’ discrete cases.”
Taylor continued: “Two or three years ago, we probably had less than 10% of our requests including text messaging. Now, over half of all of our surveillance includes SMS messaging.”
He added that his team, which handles all of Sprint’s police requests, is 110 people strong.
“It’s useful to keep in mind that, as Sprint spokesman Matt Sullivan [said], ‘every wireless carrier has a team and a system’ through which police can access GPS data,” noted a follow-up report by Talking Points Memo. “Sprint is the company unlucky enough to find itself the focus of scrutiny, but it reportedly controls just 18% of the U.S. wireless market, making it the third largest carrier.”
GPS location “likely outnumber[s] all other forms of surveillance request,” Soghoian added.
Sprint has over 47 million customers in the U.S.
Distributors for new software that allows parents to spy on their children’s text messages say they are still hopeful, as they try to get approval for their product.
The software, which allows parents to see every text message their child sends and receives, was due to be on sale in August, but the earliest it will now be available is early next year.
Civil libertarians and technology experts have deep concerns about the privacy implications of the product.
Device Connections is the Australian agent for the US software and its managing director, Geoff Sondergeld, says that since its introduction in America it has caught a number of paedophiles.
‘It’s been very successful in both a law enforcement point of view as well as a consumer point of view,” he said.
“Since March 2008, which was the initial trial, using the product the guys in the US have convicted 171 paedophiles.”
Mr Sondergeld held talks yesterday with Federal Communications Minister Stephen Conroy and said the Minister was enthusiastic about the product.
“Cyber safety and the overall cyber safety plan that the Federal Government has is obviously a key component of Mr Conroy’s portfolio,” he said.
New South Wales Nationals Senator John Williams is also a supporter of the software, called My Mobile Watchdog.
“I’m a dad of three – my children have grown up, the oldest is 20 years old – but we want the best for our children,” he said.
“We don’t want people out in our society that are not going to be good for our children, people who are going to send them pictures or emails or access to pornography.
“We don’t want our kids being subject to that and when parents are paying the phone bill for the minor, they have a right to lay down the rules.”
Mr Sondergeld says his company is ensuring the software does not impinge on any communications or privacy laws.
“All the parties involved are fully aware that the product is being monitored, so the child receives an alert every 24 hours to say that the phone is being monitored,” he said.
“In terms of the Privacy Act and and the Telecommunications Act, we’ve held discussions with the Privacy Commission as well as the Attorney-General’s department so they’re fully aware of the product and their applicability to those pieces of legislation.”
He says that while nothing is confirmed yet, he anticipates that the product will be available in Australia by early next year.
But Geordie Guy from Electronic Frontiers Australia has told ABC Radio’s PM program that the software may contravene current Australian law.
“We have in Australia the Telecommunications Interception Amendment Act, which basically points out that this is wire-tapping,” he said.
“While it’s difficult to imagine that the police would take a complaint from a 12-year-old child seriously, if they rang up and said ‘you need to do something about my parents tapping my phone’ the act is quite clear that that is what it is, it’s section 7 of the Act.”
Mr Guy says both parents and the software distribution company could be considered in breach of the law.
“Theoretically it would be up to a judge, but the parents would be at risk of breaking the law.
“Also the company which sells the devices may find that they are in breach of section 7C of the Act, which makes it an offence to enable someone to wire tap without a warrant.”