Police tell Congress they want every Americans text messages.
AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to capture and store Americans' confidential text messages, according to a proposal that will be presented to a congressional panel today.
The law enforcement proposal would require wireless providers to record and store customers' SMS messages -- a controversial idea akin to requiring them to surreptitiously record audio of their customers' phone calls -- in case police decide to obtain them at some point in the future.
"Billions of texts are sent every day, and some surely contain key evidence about criminal activity," Richard Littlehale from the Tennessee Bureau of Investigation will tell Congress, according to a copy (PDF) of his prepared remarks. "In some cases, this means that critical evidence is lost. Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking."
Littlehale's recommendations echo a recommendation that a constellation of law enforcement groups, including the Major Cities Chiefs Police Association, the National District Attorneys' Association, and the National Sheriffs' Association, made to Congress in December, which was first reported by CNET.
They had asked that an SMS retention requirement be glued onto any new law designed to update the 1986 Electronic Communications Privacy Act for the cloud computing era -- a move that would complicate debate over such a measure and erode support for it among civil libertarians and the technology firms lobbying for a rewrite.
Today's hearing before a House Judiciary subcommittee chaired by Rep. Jim Sensenbrenner (R-Wisc.) is designed to evaluate how ECPA should be upgraded. CNET reported yesterday that the Justice Department is proposing that any ECPA changes expand government surveillance powers over e-mail messages, Twitter direct messages, and Facebook direct messages in some ways, while limiting it in others. A Google representative is also testifying.
While the SMS retention proposal could open a new front in Capitol Hill politicking over electronic surveillance, the concept of mandatory data retention is hardly new. The Justice Department under President Obama has publicly called for new laws requiring Internet service providers to record data about their customers, and a House panel approved such a requirement in 2011.
Wireless providers' current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.
An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps "text message content on their servers for 3-5 days." And: "Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days"
During a criminal prosecution of a man for suspected murder of a 6-year-old boy, police in Cranston, R.I., tried to obtain copies of a customer's text messages from T-Mobile and Verizon. Superior Court Judge Judith Savage said at the time that, although she was "not unfamiliar with cell phones and text messaging," she "was stunned" to learn that providers had such different policies.
The Internet Association, an industry group that includes the search giant, Facebook, eBay and Amazon.com, said it "strongly supports" updating the ECPA. "An email in your inbox deserves the same legal protections as a letter in your mailbox," the association said in a statement.
Littlehale also proposed that any attempt to update ECPA include revised "emergency" language that would allow police to demand records from providers without search warrants in some cases. Chris Calabrese, legislative counsel for the ACLU, says he's skeptical about expanding emergency access. "Emergency can't be a magic word," he says. "Emergencies have to be documented subsequently to a judge the same way we would with a wiretap."
Calabrese goes on to say: “The ACLU has said that there should always be a warrant for e-mail, to me, this is one of those things that is a core constitutional value. We’ve always said that we protect communications with a warrant, whether it was physical mail 150 years ago, telephone calls 40 years ago, or e-mail today.”
Excerpts from court opinion in Rhode Island murder case:
"Sgt. Gates sent a letter to T-Mobile in advance of obtaining the warrant for the T-Mobile phone records to ask the service provider to preserve the information that he expected to request by the warrant. T-Mobile produced the requested information on October 20, 2009, and the records show that Defendant's use of the T-Mobile cell phone was almost exclusively for text messaging. The results also reveal that T-Mobile does not store, and has no capacity to produce, the content of subscriber text messages....
"Unlike T-Mobile, Verizon was able to produce records with text messaging content in them. The content of the LG cell phone matches the photographs taken on October 4, 2009 by Det. Cushman, including a text message which reads, 'Wat if I got 2 take him 2 da hospital wat do I say and dos marks on his neck omg,' which is the message that Sgt. Kite testified to having seen that morning....
"Sprint/Nextel responded on October 13, 2009. It produced two preserved text messages, both of which were unrelated to this case, and no voice mail messages."
According to Elana Tyrangiel, the acting Assistant Attorney General for the Office of Legal Policy, current ECPA regulations regarding access to a citizen’s electronic files — more specifically, the guidelines for filing a subpoena or attaining a search warrant — are in need of an update.
Tyrangiel said in her written testimony that ECPA regulations “may have made sense in the past” but “have failed to keep up with the development of technology, and the ways in which individuals and companies use, and increasingly rely on, electronic and stored communications.”
According to Tryangiel, an email that is older than 180 days — opened or unopened — requires a subpoena. An email that is younger than 180 days and has been opened requires a search warrant. An email that is younger than 180 days and is unopened requires a subpoena.
Retrieving text messages would likely require similar levels of legal authorization.
To obtain a search warrant, probable cause must be established by an independent judge. Search warrants allow investigators to extract desired information directly from service providers’ databases.
http://news.cnet.com/8301-13578_3-57575039-38/cops-u.s-law-should-require-logs-of-your-text-messages/
http://dailycaller.com/2013/03/22/experts-to-congress-us-law-should-require-logs-of-billions-of-private-text-messages-emails/
Pen registers and D-orders also under fire:
Besides Tyrangiel’s Tuesday testimony, the House’s Subcommittee on Crime, Terrorism, Homeland Security, and Investigations also fielded written testimony. The subcommittee asked questions of the Tennessee Bureau of Investigation, a law professor from the George Washington University Law School, and Google’s director of law enforcement.
Tyrangiel also articulated “there are a number of other parts of the statute that may merit further examination during any process updating and clarifying the statute.”
Specifically, she cited problems with how law enforcement has used other electronic records, which include pen registers, “D-orders,” and other tools. But the justice department wasn't totally in favor of making all digital communications more private. Tyrangiel suggested that accessing "to" and "from" addressing information should be made easier for law enforcement.
"Congress could consider modernizing the SCA so that the government can use the same legal process to compel disclosure of addressing information associated with modern communications, such as e-mail addresses, as the government already uses to compel disclosure of telephone addressing information. Historically, the government has used a subpoena to compel a phone company to disclose historical dialed number information associated with a telephone call, and ECPA endorsed this practice. However, ECPA treats addressing information associated with e-mail and other electronic communications differently from addressing information associated with phone calls. Therefore, while law enforcement can obtain records of calls made to and from a particular phone using a subpoena, the same officer can only obtain 'to' and 'from' addressing information associated with e-mail using a court order or a warrant, both of which are only available in criminal investigations. This results in a different level of protection for the same kind of information (e.g., addressing information) depending on the particular technology (e.g., telephone or e-mail) associated with it. Congress could consider updating the SCA to set the same standard for addressing information related to newer technologies as that which applies in traditional telephony."
In other words, while the Justice Department appears open to eliminating some parts of the law that are blatantly ridiculous (the 180 days bit), it also seems to want to lower the standard for accessing header information via a simple subpoena.
http://arstechnica.com/tech-policy/2013/03/finally-feds-say-cops-access-to-your-e-mail-shouldnt-be-time-dependant/
Congressman reverses on law enforcement-backed law requiring storage of text messages and more:
While Rep. Jim Sensenbrenner, a Wisconsin Republican, originally indicated that he agreed with a law enforcement-backed data retention proposal to be attached to a revised version of the Electronic Communications Privacy Act (ECPA), his aides now say that he misspoke.
Below is the full opening statement of Chairman F. James Sensenbrenner, Jr. from the hearing. You can view the full hearing on CSPAN here.
Sensenbrenner is a noted crusader for widespread government surveillance based on an absurd fear of terrorism and has been unrelenting in his fight against privacy.
This has most recently been shown in his apparent backing of a data retention requirement to be added to the ECPA which was endorsed by various law enforcement organizations and the U.S. Department of Justice.
The Department of Justice also sought to expand government surveillance powers in some ways to cover everything from text messages to e-mails, Twitter direct messages, Facebook messages and more while limiting it in some minor ways.
However, aides later told CNET that “their boss had misspoke and was talking about data preservation in response to law enforcement requests — not about a new data retention proposal.”
An anonymous source close to the situation told CNET that the reversal came in response to pressure from lobbyists who support ECPA reform.
“I have long opposed data retention and do not believe that any ECPA reform package should include such a mandate,” Sensenbrenner said in a subsequent statement. “Data retention requires a provider to retain information about the Internet use of all of its customers. A data retention mandate raises privacy concerns because it affects all users, not just bad actors.”
The statements made by Sensenbrenner earlier in the day had some major players including Apple, Facebook, Google and Twitter quite concerned.
Unsurprisingly, it wasn’t so much due to the massive privacy problems inherent in such data retention but because “if the data retention mandate is attached to the ECPA reform bill, it will amount to a poison pill that will doom the legislation,” according to CNET.
This type of reversal is hardly surprising coming from Sensenbrenner. In 2006 Sensenbrenner drafted data retention legislation and just two days later backed away from it.
According to Nate Cardozo, an Electronic Frontier Foundation staff attorney, data retention shouldn’t even be considered ECPA reform.
“ECPA reform is about bringing the statute into line with the Fourth Amendment, and there’s no reason to trade retention requirements in exchange for ensuring existing constitutional rights,” Cardozo said.
The American Civil Liberties Union similarly opposes data retention along with the Center for Democracy and Technology.
“The ACLU has always opposed mandatory data retention,” said Chris Calabrese, legislative counsel for the ACLU. “We have no plans to revisit that policy.”
“CDT wouldn’t support a bill with a data retention mandate,” said Mark Stanley, a spokesman for the Center for Democracy and Technology.
http://endthelie.com/2013/03/19/congressman-reverses-on-law-enforcement-backed-law-requiring-storage-of-text-messages-and-more/#axzz2O07X54hi