March 19, 2024

Soghoian: 8 Million Reasons for Real Surveillance Oversight

If you’re interested at all in surveillance policy, go and read Chris Soghoian’s long and impassioned post today. Chris drops several bombshells into the debate, including an audio recording of a closed-door talk by Sprint/NexTel’s Electronic Surveillance Manager, bragging about how easy the company has made it for law enforcement to get customers’ location data — so easy that the company has serviced over eight million law enforcement requests for customer location data.

Here’s the juiciest quote:

“[M]y major concern is the volume of requests. We have a lot of things that are automated but that’s just scratching the surface. One of the things, like with our GPS tool. We turned it on the web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone. So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don’t know how we’ll handle the millions and millions of requests that are going to come in.

— Paul Taylor, Electronic Surveillance Manager, Sprint Nextel.

Chris has more quotes, facts, and figures, all implying that electronic surveillance is much more widespread that many of us had thought.

Probably, many of these surveillance requests were justified, in the sense that a fair-minded citizen would think their expected public benefit justified the intrusiveness. How many were justified, we don’t know. We can’t know — and that’s a big part of the problem.

It’s deeply troubling that this has happened without significant public debate or even much disclosure. We need to have a discussion — and quickly — about what the rules for electronic surveillance should be.

Comments

  1. If goverments of China and Russia can do it, why not U.S?

  2. “Probably, many of these surveillance requests were justified…” Oh really? *Many* of the million spy events in a month? Do you really believe that? Many of a million is easily a hundred thousand. Do you really believe 100k could be justified?

    Anyway, we need to find a carrier that has committed not to cooperate with big brother so we can give them our business and make Spring and ATT starve.

  3. What is nearly as disturbing as the contents of the article itself is his update this afternoon indicating that he had to take down his links to the recordings of the conference. Copyright, as so often in these cases, was used as the club to suppress information, rather than for a legitimate purpose. (IANAL, but I don’t understand who it was claimed held the copyright, since the recording was made by Soghoian himself.)

  4. We need to have a discussion — and quickly — about what the rules for electronic surveillance should be.

    If you’re a John LeCarré fan, then you recognize the phrase: “Moscow rules”.

    Just assume you’re in Moscow…. Moscow, Russia, pal.

  5. I don’t think the number of pings or of people represented by 8 mm requests is the real issue here. I believe the REAL issue is to ask just WHY should any government be permitted to get any data on you or me without a court order.

    There is a natural right to privacy, and if you deny that then you must think bathroom cameras are OK or that filming your and your spouse during love-making is OK. There is a natural limit to the amount of intrusion that can be justified by the word ‘security’, because the intrusion itself represents a lack of security from the intruders, and which they justify by alleging a danger from some third party who isn’t spying on you. It is my opinion that this kind of invasion of privacy is beyond the natural limit, and should therefore be stopped.

  6. Since this is just 8 million queries to Sprint (an American phone company, at last check), I highly doubt it. I’m wondering if they don’t make similar requests to other phone companies, meaning the number would be much higher.

  7. Hiawatha Bray says

    Just got off phone with a Sprint spokesman. He says the 8 million requests are just the pings sent out by the phones under surveillance. Phones ping constantly when they’re switched on, so a phone that’s under surveillance could crank out thousands of pings. He also said that Sprint does not provide location data without a court order. I’ll keep an ear open for more info.

    • RealityBites says

      Yeah and if you believe that I have a couple hundred bridges to sell you.
      What’s even more comical is you posted the BS……

      It’s ok Pollyanna they wouldn’t misuse your information, just like the hyena pack won’t eat the baby gazelle… Wake up!!!!!

  8. I was planning to link to Chris’s work, but Ed beat me to it. I agree that the 8 million number is shocking and newsworthy, and I agree with the first commenter that we’ll probably learn that the number masks a lot of important detail. I bet we’ll learn that this is the case of a Sprint employee bragging behind closed doors to what he thought was a friendly audience and puffing up the number in the process.

    The number I most want to know is the number of people who were the subject of Sprint’s data dump. Tens? Hundreds? Thousands? Whatever the number, Chris has made news today, but the size of the number will suggest how much news we’re talking about.

    If this interests you and you can make it to Boulder, Colorado this Friday, you can hear Chris (and many other interesting people) talk about law enforcement surveillance in person at a conference I am hosting on Reforming Internet Privacy Law.

  9. Hi Prof. Felten

    Those numbers that spokes-drone is telling there, do you reallly beleive that it is 8 000 000 surveillance requests that lead to an actual ‘snooping’ event?

    Does each ‘request’ lead to an active surveillance?

    How many of those 8 000 000 ‘requests’ are only page views and not really a request? Does this spokes-drone even know the difference when spouting off those numbers?

    Final question: Does this 8 000 000 numbers come only because it is so much easier to use that web page tool than to actually file those requests with the carrier themselves? How much would that number change if that web page tool was not there? Any ballpark figures?

    • It’s possible that the Sprint guy was just bragging or inflating the numbers. But what does it say that company officials want to puff up the number of times they released customer data?

      Note, too, that this isn’t the only large number in Chris’s post. To get the whole picture, read his post.

    • Every single request is not just illegal it is being requested by a CRIMINAL.

      It’s time to round the real criminals up and start taking our country back from the KGB clones with US flags on their lapel.