Ars Technica and the Center for Democracy & Technology have partnered on a series that explores Internet and mobile laws and policies, and how they affect society.
Figures released earlier this month should [make] clear that government surveillance is so widespread that the chances of the average, innocent person being swept up in an electronic dragnet are much higher than previously appreciated. The revelation should lead to long overdue legal reforms.
The new figures, resulting from a Congressional inquiry, indicate that cell phone companiesresponded last year to at least 1.3 million government requests for customer data—ranging from subscriber identifying information to call detail records (who is calling whom), geolocation tracking, text messages, and full-blown wiretaps.
Almost certainly, the 1.3 million figure understates the scope of government surveillance. One carrier provided no data. And the inquiry only concerned cell phone companies. Not included were ISPs and e-mail service providers such as Google, which we know have also seen a growing tide of government requests for user data. The data released this month was also limited to law enforcement investigations—it does not encompass the government demands made in the name of national security, which are probably as numerous, if not more. And what was counted as a single request could have covered multiple customers. For example, an increasingly favorite technique of government agents is to request information identifying all persons whose cell phones were near a particular cell tower during a specific time period—this sweeps in data on hundreds of people, most or all of them entirely innocent.
How did we get to a point where communications service providers are processing millions of government demands for customer data every year? The answer is two-fold. The digital technologies we all rely on generate and store huge amounts of data about our communications, our whereabouts and our relationships. And since it’s digital, that information is easier than ever to copy, disclose, and analyze. Meanwhile, the privacy laws that are supposed to prevent government overreach have failed to keep pace. The combination of powerful technology and weak standards has produced a perfect storm of privacy erosion.