cita-logo
The mobile carriers industry trade group, CTIA–The Wireless Association, is objecting to a proposed bill that would require the police to produce a warrant if it wants access to location data on people’s mobile phones.  CTIA are calling the legislation “unduly burdensome” to say no to police who arrive without warrants.

The bill in question, California Location Privacy Bill (SB 1434), doesn’t stop the carriers from handing over location data, but it does require that police get a warrant first.

The proposed law also states that carriers must publish reports showing the number of disclosures they’ve made in a given calendar year, including:

  • how many times each wireless provider disclosed information (and how many times it didn’t)
  • how many times the carrier contested data demands
  • how many users’ data were disclosed.

And this report is to published on the internet by the following April.

On April 12, the CTIA wrote [PDF] to the bill’s sponsor, State Senator Mark Leno, saying that CTIA opposes the proposed legislation due to “serious concerns”:

"These reporting mandates would unduly burden wireless providers and their employees – who are working day and night to assist law enforcement to ensure the public’s safety and to save lives."

… and that the legislation would “confuse” them.

For example, an issue the carriers would find confusing is the definition of “location information.” CTIA say that it is “so sweeping” that it could overlap basic subscriber information:

"Since the implications of this definition are unclear, wireless providers will have difficulty figuring out how to respond to requests for such information. It could place providers in the position of requiring warrants for all law enforcement requests."

Ars Technica’s Cyrus Farivar, for one, is confused about why the CTIA is confused.

Here’s what he had to say:

"Earlier this month, the ACLU said it received over 5,500 pages from 200 local law enforcement agencies about their tracking policies. The organization concluded that 'while cell phone tracking is routine, few agencies consistently obtain warrants.

Importantly, however, some agencies do obtain warrants, showing that law enforcement agencies can protect Americans' privacy while also meeting law enforcement needs.' In short, it seems like law enforcement can stay within the law, even when it takes the trouble to get a warrant—how is that confusing?"

Regarding the cost and labour involved in putting up reports that tell the public how they are releasing our information: well, if it’s really all that costly to the poor, cash-strapped wireless providers, perhaps it’s time for them to increase the fees they charge law enforcement agencies for the all-you-can-eat buffet of data they provide.

One example, as security and privacy researcher Christopher Soghoian reports, is Sprint, which charges a flat $30/month for electronic surveillance of location/GPS data.

Obviously, they’re giving the data away.

Sometimes that’s a good thing, such as when geolocating somebody will save his or her life. The bill addresses such situations, where time is more crucial than the need to obtain a warrant.

For all the other times?

Let’s hope the bill passes. It’s time for a lot more transparency from the carriers who give our data away, and a great deal more accountability from the agencies who seek it in the first place.

Source: Sophos