Every now and then, ordinary citizens can glimpse the breadth and depth of the surveillance infrastructure erect to monitor us. In the last few days, Americans have had such an opportunity, thanks to privacy researcher Christopher Soghoian, a doctoral student at Indiana University.
On December 1, Soghoian published an audio recording of a presentation to a law enforcement industry conference on surveillance. The speech was from Paul Taylor, manager of Sprint's electronic surveillance team. According to Taylor, Sprint provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. (Soghoian has now removed the recordings at the insistence of the conference organizers, who claimed he had violated copyright laws by posting them.)
Sprint says the eight million represents the number of individual "pings" for specific location information, not the number of targeted customers. According to Sprint, "Each investigation may generate thousands of individual pings to the network as the law enforcement or public safety agency attempts to track or locate an individual."
That may be the case. But it underscores how pervasive surveillance technology has become. And also the phenomenon of "surveillance creep:" how technology or law intended for a humanitarian purpose winds up being used to enhance surveillance capabilities.
For instance, the technology that makes possible it possible for police to track your whereabouts from your cell phone arrived pursuant to the so-called E-911 initiative. Back in 2003, the Federal Communications Commission justified E-911 as making it easier for emergency crews to respond to 911 calls. After all, crews could respond more quickly if they could locate the caller, if the caller couldn't provide this information. Thanks to E-911, you can be tracked whenever your cell phone is on, sometimes within a few feet of your actual location. But it's plain to see from the Sprint admissions how surveillance creep has occurred.
U.S. courts are divided on whether locational surveillance requires a warrant. And it's just one type of data routinely made available to police. The government can also obtain customer records from ISPs and telecom providers revealing telephone numbers dialed; text messages, emails and instant messages sent; web pages browsed; and the queries submitted to search engines. Very few of these inquiries require a warrant.
But Soghoian was just getting started. A few months ago, he filed Freedom of Information Act requests with the Department of Justice to find out how much telecom companies and ISPs charge law enforcement agencies to conduct surveillance. And he definitely struck a nerve. In letters also posted December 1, the attorney representing Yahoo wrote that should this data be disclosed, it "would be used to 'shame' Yahoo and other companies" and would "shock" their customers.
Verizon made a different argument. It claimed that if it made public its law enforcement surveillance pricelist, it would be overrun with requests from ordinary customers to conduct surveillance on their behalf. "Such calls would stretch limited resources, especially those that are reserved only for law enforcement emergencies” according to Verizon.
But other companies allowed the Justice Department to release at least some of the data Soghoian requested. Cox Communications, for instance, charges the government $2,500 to record digits dialed to or from a particular phone, and $2,000 for each additional 60-day-interval. Wiretaps cost more: $3,500 for the first 30 days and $2,500 for each additional 30 days. To get a month's worth of your call detail records costs $40.
So just how many requests for records do telecoms and ISPs receive each year from police? Yahoo won't say, but Verizon admits it receives “tens of thousands” of requests annually for customer records and information from law enforcement agencies. According to Soghoian, only Facebook and AOL have publicly disclosed how many requests they receive for police assistance. Facebook acknowledges 10-20 daily requests. AOL says it receives about 1,000 requests monthly.
So, how can you avoid this type of surveillance? For telephones, your best bet is to use prepaid cell phones purchased anonymously, over the counter, with cash.
For the Internet, a technology called virtual private networking acts as a middleman between your ISP and the Web sites you surf. A VPN can also encrypt the data stream between its servers and your PC. With these countermeasures in place, the only thing your ISP can monitor is the fact that you're online and that you're connected to a VPN.
There are many VPN services available. I prefer services that don’t have networks installed in the United States to avoid possible compromise under legislation such as the USA PATRIOT Act. The service that I use is Cryptohippie. Its only U.S. presence is to authenticate connections to Cryptohippie servers in other countries. None of Cryptohippie’s servers are in the United States.
Copyright © 2009 by Mark Nestmann
(An earlier version of this post was published by The Sovereign Society, https://banyanhill.com/).