Ars Technica reported yesterday about a graduate student at Indiana University’s School of Informatics and Computing that has compiled documents and recordings obtained through Freedom of Information Act requests that support that Sprint/Nextel has provided GPS location data about Sprint’s wireless customers to law enforcement over eight (8) million times in just over one year.

The number itself may be misleading, as there does not appear to be any confirmation that this was about eight million different wireless customers, or even eight million separate requests. For example, if the GPS location data refreshes every minute, tracking one individual for 24 hours could account for 1,440 of the aggregate number. There appears to be a mix of approximately 110 Sprint employees and contractors handing these law enforcement requests, so it is possible that the number of requests is as extraordinary as it appears.

But the troubling aspect of this revelation may not be whether the number is eight million wireless customers or eight wireless customers, but rather the access system described in the reports. Apparently, law enforcement can log into a Sprint web portal and obtain the information (for a fee, of course). The ability of law enforcement to obtain the information without showing probably cause has long been decided, and law enforcement can obtain an appropriate court order and the telecommunications companies will typically provide call and text message logs, even GPS data. With this Sprint web portal, it is entirely unclear (and improbable) that law enforcement is obtaining the GPS data with an order. It may be that Sprint is serving this information on is wireless customers without requiring the customary trap & trace order. It is likely that Sprint is able to provide this information about its wireless customers to law enforcement without requiring a warrant (ever read your carrier’s terms and conditions of service?).

AT&T has approximately 81.6 million wireless customers, and Verizon has approximately 89 million wireless customers. Sprint has approximately 48.3 million wireless customers. With AT&T and Verizon having a combined 3.5 times more wireless customers than Sprint (which does not include T-Mobile and the multiple regional carriers), this report does beg the question of how often is customer GPS data provided by all wireless carriers to law enforcement without a warrant. This report also raises the question of how much will these numbers skyrocket when/if other carriers start making access for law enforcement so easy and presumably available without warrant.

You should decide for yourself how much weight should be given to this report, and a response from Sprint may be forthcoming. The report does highlight that customer wireless information is being requested a received by law enforcement in increasing numbers (with Sprint’s web portal possibly being the most accessible yet, resulting in the huge surge in requests).

It is also up to each of us to decide whether the “if I am doing nothing wrong, what do I care,” or the “enough already with Big Brother” response is appropriate. But before you answer the question, think about how that response may change when reports of abuse start emerging (“Well, Mark, my brother-in-law is a cop and he requested and learned for me that according to your GPS data you were not sick on Monday but at the golf course.”)

Give the Ars Technica

article

a read. It is a true eye opener.