Silicon Valley firms and privacy groups want Congress to update a 1986-era electronic privacy law. But if a law enforcement idea set to be presented today gets attached, support for the popular proposal would erode.
AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to capture and store Americans’ confidential text messages, according to a proposal that will be presented to a congressional panel today.
The law enforcement proposal would require wireless providers to record and store customers’ SMS messages — a controversial idea akin to requiring them to surreptitiously record audio of their customers’ phone calls — in case police decide to obtain them at some point in the future.
“Billions of texts are sent every day, and some surely contain key evidence about criminal activity,” Richard Littlehale from the Tennessee Bureau of Investigation will tell Congress, according to a copy (PDF) of his prepared remarks. “In some cases, this means that critical evidence is lost. Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking.”
Littlehale’s recommendations echo a recommendation that a constellation of law enforcement groups, including the Major Cities Chiefs Police Association, the National District Attorneys’ Association, and the National Sheriffs’ Association, made to Congress in December, which was first reported by CNET.
They had asked that an SMS retention requirement be glued onto any new law designed to update the 1986 Electronic Communications Privacy Act for the cloud computing era — a move that would complicate debate over such a measure and erode support for it among civil libertarians and the technology firms lobbying for a rewrite.
Today’s hearing before a House Judiciary subcommittee chaired by Rep. Jim Sensenbrenner (R-Wisc.) is designed to evaluate how ECPA should be upgraded. CNET reported yesterday that the Justice Department is proposing that any ECPA changes expand government surveillance powers over e-mail messages, Twitter direct messages, and Facebook direct messages in some ways, while limiting it in others. A Google representative is also testifying.
While the SMS retention proposal could open a new front in Capitol Hill politicking over electronic surveillance, the concept of mandatory data retention is hardly new. The Justice Department under President Obama has publicly called for new laws requiring Internet service providers to record data about their customers, and a House panel approved such a requirement in 2011.
Wireless providers’ current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.
An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps “text message content on their servers for 3-5 days.” And: “Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days”
During a criminal prosecution of a man for suspected murder of a 6-year-old boy, police in Cranston, R.I., tried to obtain copies of a customer’s text messages from T-Mobile and Verizon. Superior Court Judge Judith Savage said at the time that, although she was “not unfamiliar with cell phones and text messaging,” she “was stunned” to learn that providers had such different policies.
Littlehale also proposed that any attempt to update ECPA include revised “emergency” language that would allow police to demand records from providers without search warrants in some cases.
Chris Calabrese, legislative counsel for the ACLU, says he’s skeptical about expanding emergency access. “Emergency can’t be a magic word,” he says. “Emergencies have to be documented subsequently to a judge the same way we would with a wiretap.”