US police increasingly peeping at e-mail, instant messages

A security researcher warns there is lax oversight of law enforcement requests for electronic communications

Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher.

Police and other agencies have "enthusiastically embraced" asking for e-mail, instant messages and mobile-phone location data, but there's no U.S. federal law that requires the reporting of requests for stored communications data, wrote Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, in a newly published paper.

"Unfortunately, there are no reporting requirements for the modern surveillance methods that make up the majority of law enforcement requests to service providers and telephone companies," Soghoian wrote. "As such, this surveillance largely occurs off the books, with no way for Congress or the general public to know the true scale of such activities."

That's in contrast to traditional wiretaps and "pen registers," which record non-content data around a particular communication, such as the number dialed or e-mail address that a communication was sent to. The U.S. Congress mandates that it should receive reports on these requests, which are compiled by the Administrative Office of the U.S. Courts, Soghoian wrote.

If law enforcement wants to intercept e-mail or instant messages in real-time, they are required to report it. Since 1997, federal law enforcement has requested real-time intercepts only 67 times, with state law enforcement agents obtaining 54 intercept orders.

Soghoian wrote that those low figures may seem counterintuitive given the real-time nature of electronic communications. But all of the communications are stored, he noted.

"It is often cheaper and easier to do it after the fact rather than in real-time," Soghoian wrote.

Cox Communications, a major U.S. service provider, charges $3,500 for a wiretap and $2,500 for a pen register. Account information, however, costs a mere $40.

Soghoian found through his research that law enforcement agencies requested more than 30,000 wiretaps between 1987 and 2009. But the scale of requests for stored communications appears to be much greater. Citing a New York Times story from 2006, Soghoian wrote that AOL was receiving 1,000 requests per month.

In 2009, Facebook told the news magazine Newsweek that it received 10 to 20 requests from police per day. Sprint received so many requests from law enforcement for mobile-phone location information that it overwhelmed its 110-person electronic surveillance team. It then set up a Web interface to give police direct access to users' location data, which was used more than 8 million times in one year, Soghoian wrote, citing a U.S. Court of Appeals judge.

Those sample figures indicate the real total number of requests is likely much, much higher, since U.S. law does not require reporting and companies are reluctant to voluntarily release the data.

"The reason for this widespread secrecy appears to be a fear that such information may scare users and give them reason to fear that their private information is not safe," Soghoian wrote.

In 2000, the House of Representatives considered legislation that would have set standards for reporting requests by police for location information, such as the tracking of mobile phones. But the Department of Justice opposed the bill, Soghoian wrote, saying the reporting requirements would be too time consuming.

Soghoian argues that Congress should have oversight of these new surveillance powers. He recommended mandating that the Administrative Office of the U.S. Courts compile statistics on requests for stored communications as they do now for wiretap orders. The information could be sent to the office by the courts rather than the DOJ.

"These reporting requirements would provide Congress with the information necessary to make sound policy in the area of electronic surveillance," Soghoian wrote.

Send news tips and comments to jeremy_kirk@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticeGovernment use of ITsecuritylegalgovernment

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?