Law Enforcement Agencies Push Cell Phone Providers to Store Text Messages

The major cell phone providers, including AT&T, Verizon and Sprint, may be required to keep information about their customers’ text messages for at least two years according to a proposal that various law enforcement agencies submitted to Congress.

A group of different police organizations asked legislators to require wireless companies to retain information, warning that a lack of federal requirements leaves a major hole in the ability of law enforcement agencies to launch proper investigations. The move was designed to include text message retention in an upcoming overhaul of the 1986 Electronic Communications Privacy Act, a privacy law meant to reflect the new realities of the modern technological era.

As text message usage has exploded recently so have the instances of their use in criminal investigations. They have been used as evidence in robberies, drug dealing and financial fraud cases. One great example occurred in 2009 when SkyTel turned over a whopping 626,638 text messages in Michigan.

Currently, the approaches used by the various companies are all over the place. Verizon and some others retain their text messages only for a brief period of time. Others, including T-Mobile do not store the messages at all. A Justice Department document obtained by the ACLU found that in 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept data like the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years, according to the chart.

The groups making the request include the Major Cities Chiefs Police Association, the National District Attorneys’ Association and the National Sheriffs’ Association. It has not yet been made clear by the groups whether they want the telecommunications companies to store the content of the text messages or only to hold on to data including the numbers used to send and receive the messages. No matter which approach is employed it will be a massive responsibility for the cell phone providers with some 2 trillion text messages sent in the U.S. last year, coming out to nearly 6 billion per day.

The problem with the request for retaining the text messages is that there is ultimately only one reason for companies to do such a thing: to keep databases of information on their customers so police officers can fish for evidence at their leisure.

Source: “Cops to Congress: We need logs of Americans' text messages,” by Declan McCullagh, published at CNET.com.

Petraeus Affair Raises Concerns About E-mail Privacy

With all the coverage surrounding the recent fiasco involving General Petraeus, the extent of people’s personal electronic security has been given increased attention. After all, if the CIA Director isn’t able to keep his emails private, what hope is there for the rest of us? Many privacy experts agree the recent scandal has shown just how vulnerable most people are in terms of the transparency of their digital communications.

The first thing that many experts say you need to realize is that no matter what you’re trying to hide, if it’s in your e-mail inbox it is possible that someone will find out. If the thing you’re hiding involves criminal activity, the chance of the government finding it goes up exponentially given their power to search and subpoena information. This doesn’t change whether the information is contained on your hard drive or floating up in the cloud.

One thing that Petraeus discovered was that the government can easily connect you to an account by using the IP address of the computer you used to access the account. This is what proved that he and his mistress were using the otherwise anonymous account. E-mail providers like Google and Yahoo save this kind of information for 18 months, during which time it can easily be subpoenaed.

Something many people may not realize is that the Fourth Amendment requires the authorities to get a warrant from a judge to search only physical property. Rules governing e-mail searches, however, are far more lax. Under the 1986 Electronic Communications Privacy Act, a 1986 law that Congress enacted to protect your privacy in electronic communications, a warrant is not required for e-mails six months old or older. Even if e-mails are more recent, the federal government needs a search warrant only for “unopened” e-mail. Everything else, including identifying information such as the IP address used to access the account requires only a subpoena.

One complicating factor is a recent rejection of the government’s approach by the Ninth Circuit Court of Appeals. The district happens to encompass many of the technology companies that handle e-mail messages and the servers that contain the data. Given the decision by the Ninth Circuit, the Department of Justice’s Manual now includes a note reminding agents in the area to get a warrant before accessing such information.

Though many people might believe this kind of e-mail surveillance only happens in high profile cases, the reality is that law enforcement throws a large net when looking for incriminating information. Google reported that United States law enforcement agencies requested data for 16,281 accounts from January to June of this year, and it complied in 90 percent of cases. Online users need to realize that everything is logged and recorded somewhere. If you don’t want someone else to find it, don’t say it.

Read: “Trying to Keep Your E-Mails Secret When the C.I.A. Chief Couldn’t,” by, published at NYTimes.com.

Student Who Hacked Sarah Palin’s E-Mail Account Denied Hearing by U.S. Supreme Court

The U.S. Supreme Court recently announced that it would not hear a case concerning the man who hacked into the email account of Sarah Palin. The hacker, David Kernell, was convicted of a felony related to his hacking and eventual posting of the Republican candidate’s emails online.

Kernell served a year and a day in federal prison in Kentucky and is currently on probation. Kernell was studying at the University of Tennessee in 2008 when Sarah Palin was running for Vice President. Kernell’s father, Mike, has been a Tennessee Representative for Shelby County for the past 38 years.

The younger Kernell, a frequent user of the popular internet message board service known as 4chan, hacked into Palin’s Yahoo! e-mail account using the site’s password recovery feature. He then posted the password to her account, as well as several screenshots of her emails to the 4chan site.

Beyond just stealing the information, Kernell made the additional bad decision of deleting the evidence. He commented at one point that he was afraid the FBI would investigate his stunt and, in an attempt to cover things up, deleted files from his computer, removing his browser and defragmenting his hard drive. Turns out Kernell was right and the FBI did launch an investigation, eventually stumbling upon a 4chan post where he bragged about this technical savvy perpetrating the hack.

The law that ended up busting Kernell is contained in the Sarbanes-Oxley Act, a federal law passed in 2002 designed to certify the accuracy of financial records published by major corporations. A lesser-known provision of the law can be interpreted very broadly and has been used in the past to catch those who delete electronic data in an attempt to avoid being caught for a larger, typically more serious crime. Several previous instances involve those who are targets of investigations involving child pornography deciding to delete their collections as the police close in.

Kernell’s attorney claimed that his client’s case was different than the others because, unlike the child pornographers who deleted the incriminating material before police made their busts, Kernell did not know that there was an ongoing investigation. Kernell’s lawyer said that the provision of Sarbanes-Oxley that makes it illegal to anticipatorily obstruct justice is unconstitutionally vague and should not be used to convict someone for obstructing an investigation that had not yet begun.

A panel of the 6th Circuit said that Kernell admitted anticipating such an investigation and as a result, his conviction was justified. Now that the Supreme Court has declined to hear the case Kernell’s conviction will stand.

Read:“Sarah Palin’s Hacker Turned Down by Supreme Court,” by Michele Bowman, published at Lawyers.com.