SAN FRANCISCO, 4 DECEMBER 2009 - Location, location, location -- it's not merely the key to success in retail. It's also the key to your privacy -- or what little is left of it. And that too is rapidly disappearing, thanks to that wondrous gizmo you probably carry with you at all times: the cell phone.
Earlier this week, security researcher and blogger Chris Soghoian published "8 Million Reasons for Real Surveillance Oversight," in which he shared the following factoid:
Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.
His source? Sprint's manager of electronic surveillance, Paul Taylor, who spoke about the telecom's generosity with its customer's location data at a big DC wiretapping confab in October.
Soghoian is not your average blogger. In October 2006, he made headlines by demonstrating what an oxymoron "airport security" had become by printing fake boarding passes for a Northwest Airlines flight -- and then posted the program he used to do it on the Web so that everyone could give it a try. That earned him investigations by the FBI and the Transportation Safety Administration. (He was cleared by both.)
Since then he's exposed security and privacy vulnerabilities in Firefox, Facebook, and Google. In August, he joined the FTC's Bureau of Consumer Protection. In short, the man knows his stuff.
Sprint's reply: Yes, it shared 8 million-plus records with law enforcement, but that number includes all "pings" it delivered. Since each person who was tracked might generate thousands of pings over a period of surveillance (up to one every three minutes), the actual number of people tracked was far lower. The number also includes e911 calls and other instances where law enforcement officials were trying to locate a person in peril.
Still, that's a hell of a lot of pings. And that doesn't even scratch the surface of what telecoms will spill when Johnny Law comes a knockin'.
The same Sprint manager revealed that Sprint has about 110 full-time staffers dedicated to fulfilling government requests for calling, texting, Web surfing, and geolocation data about its customers. But that's not even the main reason they store all this data. Per Taylor:
On the Sprint 3G network... If [the handset uses] the [WAP] Media Access Gateway, we have the URL history for 24 months ... We don't store it because law enforcement asks us to store it, we store it because when we launched 3G in 2001 or so, we thought we were going to bill by the megabyte ... but ultimately, that's why we store the data ... It's because marketing wants to rifle through the data.
Sign up for Computerworld eNewsletters.