May 12, 2006

Tracking Threats - USA Telco, Inc., shares billing records with NSA, Pretexters, foreign governments, anyone, really

More evidence that tracking by cell/mobile is a routine threat to all - this time from America, and this time concerning the billing records as opposed to the tower handoff records.

A congressional panel investigating the fraudulent acquisition and sale of mobile phone records by Internet Web firms has collected evidence that indicates law enforcement officials at the local, state and federal levels use the Internet-based services as an investigative short-cut, has learned. At least one Web-based data seller has told Congress that the FBI is a client.

As I've asserted before, if this was limited to law enforcement pursuent to lawful warrants, etc, etc there would be no complaint. (Citizens not having anything to hide, right?) But it is not.

The phone records are generally acquired by the resellers through fraudulent means and would not be admissible in court as evidence, but they are still helpful as an investigative tool, say officials familiar with the investigation. ... One seller, Advanced Research Inc., which operates, told the committee that it has sold data to the FBI. "On occasion, ARI (Advanced Research) has done work for municipalities, banks, mortgage and insurance companies, private companies, foreign governments, law enforcement, even the FBI," ARI's letter to Congress said. ... The dozens of Web sites now being investigated by Congress sell to a wide cross-section of customers buying data. Evidence gathered so far suggests many purchasers are involved in debt collection. But a steady stream of evidence also implicates law enforcement officials, who occasionally use the services as a shortcut, avoiding the need for court orders generally required to see phone records.

The phone records are often obtained by private investigators through a tactic known as "pretexting." Investigators call mobile-phone companies posing as legitimate customers and trick service representatives into delivering copies of records.

Many Web site sellers maintain the practice is legal, but cell phone companies, the Federal Communications Commissions and numerous state attorneys general have said impersonation of consumers is fraud. Several states also have sued data brokers over the acquisition and sale of phone records in recent months.

The tracking of people by cellphone is equally shared by law enforcement - without a warrant - and anyone else with a credit card number, raising the amusing prospect of your own card paying for someone to spy on you. Hardly a high standard of protection.

A further indication that the NSA is operating outside the law comes from Chris Walsh's comment over on EC:

Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.

In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.

Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.

(Also see CDT.) US Congress is or has moved to rule it more difficult, but recent attempts to regulate technology abuses don't raise many hopes in this area. Indeed, even Congress seems to be getting skeptical. Chris Walsh posts on EC:

Massachusetts Congressman Ed Markey asks Dennis Hastert whether legislation protecting mobile phone users' privacy has been sent to a "legislative 'Guantanamo Bay'" in order to modify it so that intelligence gathering activities analogous to those affecting land lines would be unimpeded.

The problem is a little more deep-seated than that I fear. Probably, the battle to protect cell phone records from the intel community is already lost. (Including other than with your own national agencies who are looking out for your interests. Above, it mentions foreign governments buying US records, and I wouldn't be surprised if the NSA already has access in Europe.) The question is whether anything else can be saved.

Probably not, I would guess, if the data mining juggernauts are anything to go by. But it does bring up the amusing contrast between Europeans and Americans. Europeans don't mind that much if government gets their records, but are horrified if private companies do. Whereas Americans speak with utter fear of their government spying on them, but happily accept that it is the private sector's right to trade this information. Perhaps for the first time, people on both sides of the Atlantic have some angst to share.

Posted by iang at May 12, 2006 02:26 PM | TrackBack

Hello Iang,

a bit late to the game really. No offense. Us conspiracy theorists are all nuts right?

This news coming out now is good, but what a total joke. The NAS and others have had the game summed up long before.

A slap on the wrist.

Posted by: Gordon at May 12, 2006 05:22 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.