Sprint Served Customer GPS Data To Cops Over 8 Million Times

An Indiana University grad student has made public an audio recording of a Sprint employee who describes how the company has given away customer GPS location data to cops over 8 million times in less than a year. Ars technica reports that “law enforcement [officers] could log into a special Sprint Web portal and, without ever having to demonstrate probable cause to a judge, gain access to geolocation logs detailing where they’ve been and where they are.” Update: Sprint says the 8 million figure refers to individual pings of GPS data, and that the number of individuals involved is in the thousands.

You might be upset to know that Sprint is giving away this info so freely, but Ars points out that cops don’t need to show probable cause to get an order to access info on your physical location, they just need a pen register/trap & trace order. What’s more interesting, they point out, is that the volume of requests that Sprint claims it served sounds incredibly high to have all been backed by pen register/trap & trace orders.

Before you dismiss that as too tinfoil-hat sounding, note these two points that the graduate student and ars technica make:

  • there’s no reliable public info on the current scope and volume of this type of surveillance, partially because some companies aren’t publishing the data despite laws requiring them to do so; and
  • without reliable reporting, there’s no easy way to determine whether or not the courts are truly involved in all of these requests.

Sprint’s law enforcement web portal is part of their Electronic Surveillance group, and judging by the audio recordings referenced in the ars technica article, the group is poised to grow even larger as more requests come in and they automate more surveillance systems to release data automatically to law enforcement.

Sadly, nobody seems too interested in reining in the potential abuse. And you could try going to another carrier, but it’s not solely a problem with Sprint. As ars technica’s John Stokes writes,

I’ve been reporting on this exact metadata/surveillance issue for years now, and it just gets worse. The stressed, jobless, indebted public doesn’t care, and Congress doesn’t either. If I’m still on this beat in 5 years, I’m sure I’ll still be rewriting this same story for the thousandth time.

“Sprint fed customer GPS data to cops over 8 million times” [ars technica] (Thanks to Ilya!)

Comments

Edit Your Comment

  1. AcceleratedDragon says:

    Wow 8 million, those judges who approved those subpoenas must have logged a lot of hours.

  2. milrtime83 says:

    Sprint has already released a partial explanation. http://www.dslreports.com/shownews/Sprint-Defuses-GPS-Privacy-Media-Bomb-105786

    “The comments made by a Sprint corporate security officer during a recent conference have been taken out of context by this blogger. Specifically, the ‘8 million’ figure, which the blogger highlights in his email and blog post, has been grossly misrepresented. The figure does not represent the number of customers whose location information was provided to law enforcement, as this blogger suggests.

    Instead, the figure represents the number of individual ‘pings’ for specific location information, made to the Sprint network as part of a series of law enforcement investigations and public safety assistance requests during the past year. It’s critical to note that a single case or investigation may generate thousands of individual pings to the network as the law enforcement or public safety agency attempts to track or locate an individual.”

    • Cant_stop_the_rock says:

      That sounds more plausible. Hopefully Chris updates the article to include this information.

    • H3ion says:

      Well, that makes me feel a lot better. Instead of 8 million, it may only be one million. Is there anything in Sprint’s contract with its customers that indicates that Sprint will divulge this information? Do the phones on Sprint’s network have the ability to turn off this “feature?”

      • Cant_stop_the_rock says:

        I believe GPS in cell phones is mandated by law for 911, and Sprint doesn’t need your permission if they’re obeying a court order, they have to do it.

        • bonzombiekitty says:

          Note: I work for a company that deals in this sort of thing.

          Yes and no. GPS (or more specifically AGPS) is not mandated to be present on the phones. Rather, the E911 mandate states that cell phone companies need to be able to locate people within a certain radius a certain percentage of the time. Some companies use AGPS to accomplish this. Others use network based solutions such as UTDOA to do this. AGPS and UTDOA are probably the two best means of locating a person each having their own strengths and weaknesses. AGPS is very accurate in more rural areas but starts to perform poorly inurban areas and won’t work indoors. UTDOA works very well in urban areas and works indoors but performance drops significantly as the number of cell phone towers decreases.

          Pending changes in the mandate might mean that cell phone companies take a hybrid AGPS and network based solutions to cover both method’s weaknesses.

  3. Notsewfast says:

    In the same vein, is anyone else troubled by the OnStar ad allowing remote shut-off of your vehicle with a police request? I’m no conspiracy nut, but that’s the kind of stuff that makes the Alex Jones types say ‘I told you so’.

    Also, Lizard people…

    • admiral_stabbin says:

      ’05 and older OnStar equipped vehicles (e.g. my ’05 Caddy STS) can’t be connected to unless they have the OnStar equipment upgraded. So, I can safely smuggle plums across the borders without GM knowing, and I can wreck my car without them knowing too.

      Still in the vein of OnStar, I found a rather amusing video online of an ’10 Cadillac CTS-V (with some additional performance enhancements) can accelerate fast enough to trip the “collision detection sensor”. So, running a car down a drag strip produced a call from an OnStar rep. to make sure everyone in the vehicle was OK. It sounds creepy…but was actually rather interesting.

      If it weren’t for the fruit smuggling, and the two year service commitment, I’d jump all over getting mine upgraded. It could save my life.

    • Bohemian says:

      Some of the unintended consequences of OnStar were enough for me to consider it a negative when weighing car purchases. I saw the new OnStar add for the ability to shut down your car last week. The first thought in my head was how bad that would suck when the system works incorrectly (and it will) and shuts down the car at the worst possible time.
      I’m a boring middle aged suburbanite but this kind of corporate-police power and privacy invasion just creeps me out.

    • d says:

      I refuse to buy any car with that OnStar crap in it. Anything that lets someone remotely unlock my car, or give me directions when I’m in it by pushing a button is suspect in my book. My fears were confirmed when it was revealed that the FBI was using OnStar to listen in to certain vehicles (whether they actually had the warrants they said they had I don’t know…). I vowed never to get that shit on any vehicle I purchased…

      When I saw the auto-shutdown, I thought – hmmm, wonder what the weaknesses are of THAT system? In otherwords, could one build a transmitter on the same frequency and broadcast all the shutdown codes – blowing out cars all over the coverage area? Yeah there’s FCC rules against this kind of thing, but that’s not going to stop a terrorist, or just someone who wants to play around, or someone who wants to be nefarious and kill a car when they need to…

      Too much risk, too little potential reward… I’ll take my chances driving as I have since I got my license…

      Also, did you know – there’s an entire division of Acxiom which does nothing but deal with the data generated by OnStar…

      • Nogard13 says:

        I’m SURE there is a way to disable it (a fuse or, at the very least, cutting the wires that power the unit or receiver). You could even install a toggle switch that allows you to turn the OnStar receiver’s power on and off at your will (i.e. turn it off if you want to be sneaky, but on if you get in an accident and want to call for help).

      • stranger than fiction says:

        Seconded. I remember LE/OnStar bragging to the media some years ago (before remote shutoff) about listening in to a carjacker who accidentally got a kid along with the car — “he never knew” they were doing it. In that particular situation it helped things to turn out well, but it left me wondering how it might be used in less ideal circumstances.

        I found it interesting that the gubmint chose to save GM over Chrysler. Gotta wonder if OnStar was the deciding factor.

        Good point about the unintended consequences of the shutdown “feature”. I had considered the frequency issue with those Billy Mays hands-free phone gizmos, but not something like this.

        Ah, Axciom… legalized Peeping Toms. Somehow I doubt we’ll ever win the right to find out, much less correct, what they have on file about us. They must give better… uh… campaign contributions than the people in the credit reporting industry.

    • MDSasquatch says:

      About a year ago, a newly-licensed driver was enjoying the texting feature on her cell phone when she rear-ended my Trail Blazer at highway speed (I was sitting still). I pressed the blue button, and even though I was unable to describe anything other than I have been in an accident; OnStar had all the emergency personnel to my location in VERY SHORT ORDER.

      If someone wants to know where I am, I am fine with that. I will never buy another car without OnStar.

      Oh yeah, read this:

      http://www.foxnews.com/story/0,2933,579148,00.html

    • aficionado says:

      OnStar doesn’t really bother me provided its used responsibly. I think that responsibility is really the key for all these technologies. It should be necessary to “opt-in” to what you want, not “opt-out” for everything you don’t. But then that’s just more legislation and another government agency for oversight.

      Can we really win either way? Or are we just destined to be machines, walking endlessly through our lives, generating data for faceless corporations, bombarded with targeted advertisements, with no ability to escape the monitoring of every second of our lives?

  4. firemunkie says:

    can this get me out of the contract with out an eft?

    • destruktolux says:

      No. As for terms of service, releasing this type of information to law enforcement is a term customers sign on to for virtually any type of service provider. Nor is this a “materially adverse change” that would allow the contract to be terminated.

  5. admiral_stabbin says:

    In other news, AT&T would have been happy to provide anyone (not just law enforcement) with GPS location data. Unfortunately, the iPhone has overrun their network with “Hummer-like” bandwidth usage, and every time someone calls to request the location data…they unintentionally drop the call.

  6. egoods says:

    I had a criminal law professor who told me about this last year (adjunct, he worked as a parole supervisor aswell). In fact he even showed the class the web portal, but I thought it was for people on parole or with a warrant/subpoena. I’m cool with it being used for parolees and with warrants… I’m not cool with it being used any other way.

  7. twophrasebark says:

    The only way to make sure your phone is not being tracked is to take out the battery. Turning it off will do nothing. Opting out of GPS or whatever won’t do it.

    I’m just sayin’

    • RedwoodFlyer says:

      Do you have ANY proof of that? The whole rumor about phones being bugged even when the battery is turned off was based on one hyperbolic case… The REAL story was that the mafia phones had been altered to constantly broadcast whatever the microphone was hearing. Normal phones, when turned off, are exactly that…off – this is per FCC regulations and is also a prerequisite for an item to be allowed onboard a commercial aircraft – and last I checked, cell phones in the off position are more than welcome on an aircraft.

      • Chuck Norris' wig says:

        No need to prove common sense. If the battery is out, it cannot work period.

      • morlo says:

        With the government’s new powers of secret investigation, it is not impossible that your phone was swapped at some point, and very possible that phone companies have cooperated to put backdoors that allow wake-up location transmissions. If cellphones were so perilous to flights they would be banned on board–it’s all part of the conspiracy to make you think that you control your phone

      • ohenry says:

        I think that he’s referring to cell phones that would have GPS on them. When you turn a smartphone “off”, it’s not really “off”, it’s just on sleep mode and the GPS part of it could still be utilized. Or, if nothing else, it would allow for triangulation using cell towers.

        Taking the batter out completely stops this, and is the only way to stop it with modern smartphones.

      • Nogard13 says:

        I can GUARANTEE you that a phone, while off, can still be used as a mic, so long as the battery is stil providing power to the unit. I’ll leave it at that.

        When you enter any NSA or CIA building (or any classified facility, for that matter), you MUST leave your cell phone outside of the secure area. The reason is exactly this: some foreign government could easily tap into your phone as a mic and listen to classified conversations.

      • twophrasebark says:

        When did I say anything about microphones?

        “Normal phones, when turned off, are exactly that…off – this is per FCC regulations”

        Most phones just go to sleep when you turn them off. It’s not the same as yanking the battery.

    • pecan 3.14159265 says:

      I don’t think you can opt out of GPS at all, not with E911 and everything.

  8. RedwoodFlyer says:
  9. Mpsully says:

    As was noted in one of the comments above, the “8 million” figure has been unfortunately mischaracterized and it does not represent the number of customers whose location information was provided to law enforcement, nor does it represent the instances or cases in which law enforcement contacted Sprint seeking customer location information.

    Instead, the figure represents the number of individual automated requests, or “pings”, for specific location information, made to the Sprint network as part of a series of law enforcement investigations and public safety assistance requests during the past year. The critical point is that a single case or investigation may generate thousands of individual requests to the network as the law enforcement or public safety agency attempts to track or locate an individual over the course of days or weeks.

    As a result, the 8 million automated requests or pings were generated by thousands (NOT millions) of instances in which law enforcement or public safety agencies sought customer location information. Several thousand instances over the course of a year should not be shocking given that Sprint has more than 47 million customers and requests from law enforcement and public safety agencies are due to a variety of circumstances: exigent or emergency situations (missing person cases), criminal investigations, or cases where a Sprint customer consents to sharing location information (car is stolen and owner realizes his phone is in the car so he allows law enforcement to track his phone.)

    Also, responding to public safety or law enforcements requests is not unique to Sprint, nor is it a revelation. It’s unfortunate that the original blogger mischaracterized the “8 million” figure without attempting to verify it.

    Sprint requires a valid legal request appropriate for the circumstances before it will release any information. In all cases, Sprint complies with applicable state and federal laws.

    Matt Sullivan
    Sprint Nextel

    • twophrasebark says:

      Please define “valid legal request.” That is very vague.

      What is a valid legal request? A warrant? A judge’s order? A phone call from a police department?

  10. Torgonius wants an edit button says:

    So, when do we lay the cornerstone of the Ministry of Love building?

  11. hypnotik_jello says:

    I still don’t believe that most POS sprint phones have GPS in them. Aren’t we talking about Cell Location/triangulation here?

    • aficionado says:

      All phones are required by the FCC to have location data within some radius (100 m maybe?) 95% of the time either through triangulation or raw GPS data.

      I know that once I called the cops because some guy was driving very, very erratically (I could give a shit about him, but was worried for everyone else on the road) and my phone was hit twice for location data (played that stupid emergency tone that you can’t turn off)

    • RandomZero says:

      No, actually. GPS has been the default option for years, largely for E911 compliance reasons.

  12. diasdiem says:

    Double-Plus Ungood

  13. yungjerry703 says:

    my brother used to process the requests for people’s phone records. in the same dept. they did the triangulation tracking. pretty much every 2 min. your phone COULD be telling the feds where you are. on a lighter note you guys have no idea how many boost mobile phones mickey mouse owns. Also his most common address 1234 fake st.

    • NeverLetMeDown says:

      Not only that, but Dan Marino has over 1,000 MetroPCS phones in the Miami area. Busy guy.

    • RandomZero says:

      That’s a holdover from a legacy Nextel policy – to prevent fake names/contact info, they would create dummy Boost accounts (thus avoiding monthly charges from accruing and the account getting closed). Any attempt to open an acocunt in those names would point back to the dummy and keep it from happening. Star Wars characters are pretty popular too.

  14. Khidr9 says:

    per phonescoop this represents only a few thousand customers, and only when there was a subpoena, court order, or customer consent. http://www.phonescoop.com/news/item.php?n=5214

    So, they’re not really doing anything different from any other carrier.

  15. spamtasticus says:

    Call your congressman/woman

  16. colorisnteverything says:

    Go HOOOOOOOOSIERS and informatics!

  17. emingtonems says:

    Just a brief point about cell-phone triangulation (as someone well-versed in GIS and GPS) … it isn’t very accurate, it can only locate at max within a 500 metre radius, at worst maybe 4-5km. Of course, if the phone is equipped with GPS it is simpler and more accurate, but there can still be error… Also, it’s only a few thousand out of how many customers?

    • kcvaliant says:

      Partially true, I have seen as close as 13 meters depending on the towers in the vicinity.. But they still need a Court Order or exigent reason from law enforcement to do it..

    • bonzombiekitty says:

      Dunno if you’re actually talking about triangulation or UTDOA (which some people confuse for triangulation), which is what some major cell phone companies use. I’m not sure what, if any companies use triangulation. If you’re talking about UTDOA, I can assure you that it’s much more accurate than 500 meter radius. Granted, it depends on how many towers are around but it can fairly easily locate you within 20 feet or better.

    • emingtonems says:

      at least where i am it’s not very good because there aren’t many towers around, i suppose.

  18. gatewaytoheaven says:

    Let them track me. I’m not doing anything illegal. And when/if I get caught in a snowstorm or get stranded in the woods, I’m happy they’ll be able to (potentially) find me.

    • Shadowfax says:

      This is a fairly common sentiment. “I’m not doing anything illegal so I don’t care if the authorities track/spy on me.”

      http://video.google.com/videoplay?docid=-4097602514885833865#

      That’s a long video, but it’s quite interesting. It’s a lecture by a law professor and a cop about how simply talking to a police officer can get you into serious legal trouble, even if you’re totally innocent of any crime. And that’s when you’re knowingly divulging only the information you think is OK to divulge to the police. If they can listen in, or track you, when you don’t know it, it’s not outside the realm of possibility that they will accuse you of a crime you didn’t commit, simply based on your movements or what you say while they’re tapped in.

      For example, if the cops question you about a recent crime, which you did not commit, and you say that you were not in the area at the time, but your phone claims that you were (either you forgot about being there, or the phone sent back erroneous location data) then the cops will think you’re lying about your whereabouts, and therefore will be more likely to think you’re lying about everything else you say.

      Remember that our constitutionally defined rights were not put in place to protect criminals, but to protect those of us who are not committing crimes. So to say “I don’t care if they track me because I’m not doing anything wrong” is to disparage the Constitution.

  19. Ronin Democrat says:

    I love the i’m not doing anything wrong mentality…..

    Maybe some cop gets sweet on your sister, girlfriend or mom or you piss one off for beating him to a parking spot or bump into him accidentally or your politics don’t jive with his….. and he decides to track her or you and it escalates.
    You’d never know how he did it.

    Surveillance is fine as long as their is a record of it and it can be substantiated as needed. Otherwise it is stalking.

    PS: criminals, do not allow electronic devices in your secret meetings. You’d be amazed at the things the man can do like, listen in on your meeting, track you, use it to blow up your car or home….

  20. kcvaliant says:

    Wow there are some conspiracy nuts..

    For sprint to track a person they need a court order from a judge or equivalent or a exigent matter from law enforcement.. A law enforcement officer can not just call up or use the joint site to track people.. Every cell phone company and landline company also comply with any order they get from a judge..

    So no matter which carrier you have they do this..

    Hopefully Sprint does not sue the blogger and just gives him the facts, of course he might not like that since he wants to do research on it and right a paper about it.. Kind of kills it for him and makes him look like an idiot..

    • raven268 says:

      “For sprint to track a person they need a court order from a judge or equivalent or a exigent matter from law enforcement.”

      No, they don’t. That law has been routinely violated since 2001.

  21. evilpete says:

    Are there any cellphone out there that have an option to alert the user when the cell provider pings for GPS data ?

  22. MooseOfReason says:

    And you can’t sue them (for a think a criminal violation), thanks to then-Senator Obama and the other 68 people who voted for the FISA Amendments Act of 2008.

    Yes, I politicized the telecommunications industry. It’s about time someone did.

  23. sunnypies says:

    As a cell phone consumer, this doens’t bother me at all, I’m glad they are busting the criminals using technology. However, if they are using it for personal gain or reasons and I am totally against it.

  24. sunnypies says:

    This doesn’t bother me if they are using it for the just cause of booking criminals and not using it for personal uses.

    • sunnypies says:

      sorry for duplicate posting, i thought the first one didn’t go through =)

    • Javin says:

      Unfortunately, the police are not infallible superhumans who would only use this for the purposes of good. They are normal human beings, often with a severe desire to be controlling (which attracted them to the law enforcement field in the first place). Obviously, this does not hold true for all of them, but yes, for the majority. In the Army, I worked 1 on 1 with the MPs for years (K9 units) and have a father who is a retired officer. They are human.

      As humans, the temptation of having carte blanch to track the movements of any person they wish is a very, very, very dangerous situation. If you anger another person (relationship break-up, flip him the bird on the highway, anything) do you really want that person to have the ability to stalk your every movement without repercussion? Especially when they have the law to hide behind, and new laws in place (thank you Obama) making it even harder to prosecute them? Consider the ex-officer we all know and love who stole the marijuana from the station, baked it in the brownies, and thought he OD’d. They are humans that make human mistakes. But they’re humans with far more power than the average citizen, and often an “above the law” mentality.

      The details seem to be conflicting, but I don’t have an issue with them having access to this information WITH the correct warrant or consent of the phone owner. Barring that, no, they should not be able to just grab the data any time they wish.

  25. TinaBringMeTheAx says:

    This poses an interesting issue: There is clearly no reasonable expectation of privacy over people knowing where you are if you are outdoors, in a public location. Go ahead and ping me when I’m picnicking in Central Park. But when I’m indoors, I certainly do have an expectation of privacy.

    If the system had a way of either returning your public, outdoor location or a message saying “Sorry, this user is not in a public venue, please obtain a court order,” I’d be fine with it.