While the public has been focused on disclosures by former National Security Agency (NSA) contractor Edward Snowden about his former employer’s powerful spying capabilities, it is worth paying attention to recent reports of sophisticated data spying by state and local police agencies, and what these revelations mean for policy debates.
Last month, USA Today reported that at least 125 police agencies in 33 states have used a variety of spy-worthy tactics and technologies to obtain information about thousands of cell phones and their users.
The newspaper’s investigation found that one in four law enforcement agencies use a tactic known as a “tower dump” to get the identity, activity and location information of any cell phone that connects with a particular cell tower in a specific timespan. Additionally, 25 law enforcement agencies used federal grants to purchase a piece of equipment developed for military and intelligence gathering purposes known as a “Stingray,” which mimics a cell tower, allows police to track the movements of a specific cell phone and captures data from a cell phone, such as the phone numbers dialed and text messages received.
Law enforcement agencies argue that access to cell phone data is essential for saving lives and solving crimes. Colorado police credit cell phone data, specifically location information and numbers dialed, to solving the murder of ten-year-old Jessica Ridgeway in 2012. The sheriff in Richland County, South Carolina also used a tower dump to assist in investigations of a murder and a series of gun thefts.
While there may be benefits to intrusive monitoring, there is concern that the tactics and tools employed by police are capturing the private information of innocent people alongside targeted individuals. Civil liberties groups indicate law enforcement agencies can obtain valuable or sensitive information with little oversight or public knowledge. Moreover, data from cell phones, especially the latest smartphones, can yield deep insights into individuals’ lives and behaviors.
Little is known about how law enforcement collects or uses the cell phone data; in fact, most of what USA Today reported came only from Freedom of Information Act (FOIA) requests because officials refused to comment, and even the FOIA’ed information was largely limited to budget documents.
The main problem is that there are few restrictions or reporting requirements on government efforts to obtain access to cell phone and electronic data. In most states, law enforcement agencies can obtain cell phone records and data without a court-approved warrant. Furthermore, the laws governing electronic surveillance are woefully outdated. The Electronic Communications Privacy Act (ECPA), the principal federal law providing rules for police to access electronic data, was written in 1986, years before cell phones were commonplace and the Internet was widespread.
In the absence of legislative guidance, courts have been forced to write new and inconsistent requirements for access to cell phone data. The result has been confusion and uncertainty for users, providers, and even law enforcement. Without clear rules of the road to outline how and when law enforcement can obtain cell phone data, neither police or the public are well served.
However, revelations like those made by Edward Snowden and USA Today are starting to shape policymakers’ views and spur action to protect citizens’ privacy while ensuring law enforcement can do its job. State legislators are increasingly concerned about ubiquitous police surveillance. Already, states from Maine to Montana to Texas have enacted laws to impose new warrant requirements for accessing e-mails and cell phone data. Members of Congress have also introduced bills to update ECPA to reflect new technologies, consumer uses and law enforcement needs. State and federal courts are also handing down decisions in light of new developments.
With more revelations about electronic surveillance emerging on a daily basis, policymakers and the public must make more calls for meaningful changes to policy.
John Stephenson is Director of the Task Force on Communications and Technology at the American Legislative Exchange Council.