Posts

Telecoms Versus the Toobz: The Source of the Legal Troubles

/6 Comments/in , /by

In this important piece on overbroad surveillance programs under Presidents Bush and Obama, the WaPo reveals that the program James Comey almost resigned over in 2004 involved sucking Internet metadata off telecom switches owned by the telecoms.

Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.

At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.

For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.

This leads me to wonder whether legal leverage from the Internet providers — rather than any squeamishness about the law itself — caused the conflict.

Remember, in the fight over retroactive immunity in 2008, the industry group for the Internet providers — including Microsoft, Yahoo, and Google — argued against retroactive immunity.

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the “FISA Amendments Act of 2007,” as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact.

Given the WaPo’s report, this amounts to a demand that Congress allow the Internet companies to hold the telecoms accountable for helping the government seize their data.

As well they should have been able to. To a degree, these companies compete, and in the name of helping the government, the telecoms were helping themselves to Internet suppliers crown jewels.

Microsoft and Google versus AT&T and Verizon. Now that would have been an amusing lawsuit to watch. And probably a lot bigger worry for the people who use all of them to spy on us peons than we peons actually are.

Share this entry

The Section 215 Dragnet Started as Abusive Exigent Letter Practice Wound Down

/7 Comments/in , /by

Screen shot 2013-06-11 at 8.17.13 PMJulian Sanchez (who, if you’re not already following, you should, @normative) just made an important observation about the Section 215 collection that collects metadata on all phone calls every day.

Carriers keep call detail records for years. No earthly reason to demand DAILY updates just to preserve.

Thunk. The penny dropped.

In theory, no, there’s no reason to demand daily updates from the telecoms. In fact, in theory, you could always just ask the telecoms to conduct the kind of data analysis that is now being done by NSA.

But there’s a very good reason why they’re not doing it that way.

They tried. It was badly abused.

And they started moving away from that approach in March 2006, precisely when we know the Section 215 program started.

Most of what we know about the exigent letters program comes from a report DOJ’s Inspector General did in March 2007 [ed 6/16: oops–all this time I had the least damning report linked. read this one]  (my posts are here, here, here, here, here, here, here). But the short version is that the NY FBI office set up an office to have representatives of the three major telecom companies come in and directly access their data with FBI Agents looking over their back. As such, it’s probably similar to what PRISM accomplishes for internet providers (except that an NSA employee rather than a telecom employee does the search), and presumably akin to whatever NSA does with the Section 215 dragnet information (which, after all, replicates the telecom databases perfectly).

The problems — that that we know about from the unclassified report (there are secret and TS/SCI versions which probably have bigger horrors) — include:

  • FBI General Counsel had no apparent knowledge of 17% of the searches
  • Thousands of searches never got recorded
  • FBI lied to the telecoms about how urgent the information was to get the information
  • FBI did an unknown number of sneak peeks into the data to see if there was something worth getting formally

Altogether, the unclassified IG Report described 26 abuses that should have been reported to then (and once again, since Chuck Hagel became Defense Secretary) inoperable Intelligence Oversight Board.

That includes the tracking of journalist call records in at least three cases (one of which I suspect is James Risen).

In short, it violated many legal principles. And that’s just the stuff that actually got recorded and showed up in an unclassified report.

The Executive spent years trying to clean up the legal mess, with four OLC opinions between November 8, 2008 and January 8, 2010 making one after another argument to justify the mess.

And just as it became clear what a godforsaken mess all this was in March 2006, they started using Section 215 to collect all call records.

The effectively created the same databases that had been abused when the FBI had telecom employees doing the work, to have NSA or FBI do the very same work as well.

In short, the reason we don’t do what Sanchez is absolutely right we should do — ask the telecoms for information as we need it — is it’s not easy enough.

What I look forward to learning, though, is how having government employees do the work that telecom employees — who at least were bound by ECPA — avoids the same kind of abusive fishing expeditions.

Update: Here’s a description I wrote to summarize this 3 years ago.

This IG Report was the third DOJ’s Inspector General, Glenn Fine, has done on the FBI’s use of National Security Letters and “exigent letters,” though this is the first to focus almost exclusively on exigent letters. In 2003, the FBI installed representatives of AT&T and (later) Verizon and MCI onsite, with computers hooked up to their respective companies’ databases. Rather than using a subpoena or a National Security Letter to get phone records from them (both of which would have required a higher level of review), the FBI basically gave them a boilerplate letters saying it was an emergency (thus the “exigent”) and could they please give the FBI the phone data; the FBI promised grand jury subpoenas to follow. Only, in many cases, these weren’t emergencies, they never sent the grand jury subpoenas, and many weren’t even associated with investigations into international terrorism. In other words, FBI massively abused this system to get phone data without necessary oversight. Fine has been pressing FBI to either establish some legal basis for getting this data or purging it from FBI databases for three years, and they have done that with some, but not all, of the data collected. But the FBI has tried about three different ways to bring this practice into conformity with legal guidelines, all unpersuasive to Fine. The OLC opinion is the most recent of these efforts.

Also, here’s a timeline.

Share this entry

Once Upon a Time the PRISM Companies Fought Retroactive Immunity

/12 Comments/in , /by

Screen shot 2013-06-09 at 8.30.08 AMSince the disclosure of the PRISM program, I have thought about a letter the industry group for some of the biggest and earliest PRISM participants — Google, Microsoft, and Yahoo — wrote to then House Judiciary Chair John Conyers during the 2008 debate on FISA Amendments Act. (The screen capture reflects a partial list of members from 2009.)

Remarkably, the letter strongly condemned the effort to grant companies that had broke the law under Bush’s illegal wiretap program immunity.

The Computer & Communications Industry Association (CCIA) strongly opposes S. 2248, the “FISA Amendments Act of 2007,” as passed by the Senate on February 12, 2008. CCIA believes that this bill should not provide retroactive immunity to corporations that may have participated in violations of federal law. CCIA represents an industry that is called upon for cooperation and assistance in law enforcement. To act with speed in times of crisis, our industry needs clear rules, not vague promises that the U.S. Government can be relied upon to paper over Constitutional transgressions after the fact.

CCIA dismisses with contempt the manufactured hysteria that industry will not aid the United States Government when the law is clear. As a representative of industry, I find that suggestion insulting. To imply that our industry would refuse assistance under established law is an affront to the civic integrity of businesses that have consistently cooperated unquestioningly with legal requests for information. This also conflates the separate questions of blanket retroactive immunity for violations of law, and prospective immunity, the latter of which we strongly support.

Therefore, CCIA urges you to reject S. 2248. America will be safer if the lines are bright. The perpetual promise of bestowing amnesty for any and all misdeeds committed in the name of security will condemn us to the uncertainty and dubious legalities of the past. Let that not be our future as well. [my emphasis]

Microsoft, Yahoo, and Google all joined PRISM within a year of the date of the February 29, 2008 letter (Microsoft had joined almost six months before, Google would join in January 2009).

Screen shot 2013-06-07 at 11.08.29 AMClearly, the demand that the companies that broke the law not receive retroactive immunity suggests none of the members had done so. It further suggests that those companies that did break the law — the telecoms, at a minimum — had done something the email providers wanted them held accountable for. This suggests, though doesn’t prove, that before PRISM, the government may have accessed emails from these providers by taking packets from telecom switches, rather than obtaining the data from the providers themselves.

Google had also fought a DOJ subpoena in 2006 for a million URLs and search terms, purportedly in the name of hunting child pornographers.

And those of us who follow this subject have always speculated (with some support from sources) that the plaintiff in a 2007 FISA Court challenge to a Protect America Act (the precursor to FISA Amendments Act) was an email provider.

All of those details suggest, at the very least, that email providers (unlike telecoms, which we know were voluntarily giving over data shortly after 9/11) fought government efforts to access their data.

But it also suggests that the email providers may have treated PRISM as a less worse alternative than the government accessing their data via other means (which is a threat the government used to get banks to turn over SWIFT data, too).

It seems likely the way the government “negotiates” getting data companies to willingly turn over their data is to steal it first.

Share this entry

Wondering Wednesday: Suicide in Singapore, Drone Over Brooklyn, and Telco Tattlers

/9 Comments/in , /by

Help me get over the hump and clue me in on a few things. I’ve been scratching my head wondering about these topics.

Suicide in Singapore — The recent “suicide” of a U.S. electronics engineer in Singapore looks fishy to me. It looked not-right to Financial Times as well; it appears no other domestic news outlet picked up this case for investigative reporting before FT. The deceased, who’d worked for a government research institute on a project related to Chinese telecom equipment company Huawei, is alleged to have hung himself, but two details about this case set off my hinky meter.

•  Every photo I’ve seen of engineer Shane Todd depicts a happy chap. Sure, depressed folks can hide their emotions, but comparing a photo of his family after his death to photos of him and you’ll see the difference. My gut tells me that if he was truly depressed, he should have looked more like his folks–flat, withdrawn, low affect. Perhaps meds could have messed with his head more than depression itself. But I’m not a psychologist or a pharmacologist, what do I know?

•  Among all the details of the case, it’s said the victim’s face postmortem was white when his body was discovered. This doesn’t strike me as consistent with hanging; there should have been lividity above the ligature. Conveniently, Singapore’s law enforcement cleaned everything up so quickly there was no chance to see the crime scene or the body as found. Law enforcement also snagged the victim’s laptop and all other work-related stored content, save for a hard drive that looked like a speaker. Everything he was working on “disappeared” except for the contents of that drive.

The engineer had been very concerned about technology he was working on and its possible transfer, which included gallium nitride transistors with potential for both commercial and military applications. After poking around for some time on gallium compounds used in various computing, communications and other technology, nothing screams at me as highly sensitive technology that might get someone “suicided.” But…as I went through abstracts, it seems odd there are a substantive number of Chinese researchers working in on GaN-based technologies.

Thought these two points in particular jar my senses, more than just these two points don’t sit well. Read the story at the link above and see for yourself. (Original FT link here.)

What do you make of this case? Suicide or no? Strategic technology or no? Read more

Share this entry

The Sevenfold Increase in Emergencies at AT&T

/13 Comments/in /by

In its response to Ed Markey’s questions about law enforcement requests for cellphone data, AT&T attributed the growing number of requests it gets to its expanding customer base.

To keep these numbers in perspective, AT&T serves over 103,200,000 wireless customers (in 2007, by contrast AT&T served just over 70,000,000 wireless customers).

But that can’t explain the entire increase: only one category of request–requests like orders and warrants requiring court oversight–has gone up at or below the 47% increase in AT&T’s customer base. All other categories have increased at a faster pace.

What’s particularly striking is how many more non-PSAP (that is, non 911 call) exigent requests AT&T has gotten: a more than sevenfold increase.

Now, AT&T doesn’t explain how it treats such requests legally or practically. By comparison, US Cellular cites the language from 18 USC 2518(7)–including language permitting the release of information for “conspiratorial activities threatening the national security interest”–in its exigent request section (see Exhibit 1, page 1); that law requires requestors to submit paperwork for the order or warrant within 48 hours. Sprint cites 18 USC 2702(c)(4) explicitly, which doesn’t include the time limit; but Sprint imposes one itself, even while emphasizing providing this information is voluntary.

For example, Section 2702(c)(4) of the SCA permits Sprint to comply with law enforcement requests in emergency situations when Sprint believes there is an emergency involving danger of imminent death or serious physical injury. In those circumstances, our processes require law enforcement to fax in a form which we use to authenticate the law enforcement requestor and to help verify that an appropriate emergency exists. After being satisfied that the statutory requirements have been met, the Sprint analyst will comply with the request but only for 48 hours, providing law enforcement with sufficient time to obtain appropriate legal processes. To be clear, in these particular circumstances, providing information to law enforcement is not required and Sprint could decide that it will not comply with these emergency requests. Sprint has determined, though, that on balance it is in the interest of our customers and members of the general public who may be at risk to comply with emergency requests, particularly since they often involve very serious life-threatening situations such as kidnapping, child abduction and carjacking.

AT&T doesn’t cite the law directly, but its description matches 2702(c)(4) and therefore would not legally require a follow-up application. Verizon cites 2702(c)(4) explicitly.

Note that this means AT&T, Verizon, and Sprint are treating cell location as a record, not content. Sprint provides this–sort of–explanation for it.

Nonetheless, there are circumstances, which are outlined in the applicable statutes, where information can be disclosed to law enforcement with the consent of the customer or in certain emergency situations. In those cases, Sprint still requires appropriate documentation, and although it may not be a legal demand, per se, it is legally permissible for Sprint to provide the information under the statute, as discussed herein.

[snip]

Sprint has business records that contain information on the location of a wireless device based on that device’s proximity to nearby cell towers. The information in Sprint’s records is often referred to as “historic” or “stored” location as it is customer information of a historic nature that is stored by Sprint for its own business purposes. For example, Sprint uses this information for certain billing, taxing, network troubleshooting and capacity planning purposes. Sprint also has the capability to determine the location of a cell phone in real time by using GPS technology.

The location information contained in Sprint’s business records is not basic subscriber information as defined by the statute but is information Sprint has relating to its customers’ mobile device usage. Consequently, a court order based on “specific and articulable facts” is required prior to disclosure of that information to law enforcement.

[snip]

There is no statute that directly addresses the provision of location data of a mobile device to the government.

The explanation doesn’t really say whether it treats a GPS reading as a stored record or not–probably because that’s where this interpretation gets dicey.

Sprint goes on to suggest Congress provide some clarity about this cell location data. (It also note the government interprets the law to require the cell company to provide not just the target caller location, but also the “location of associates on a call with the target.”)

Not so AT&T, which seems to be giving this information out like candy in the name of exigent circumstances. And unlike Sprint, it’s not clear AT&T (or Verizon) imposes any requirements on how long such emergencies can last.

But then, it’s not just AT&T. The government, too, seems to want to declare a permanent state of emergency so it can get all our cell data anytime it wants.

Update: Transcription error fixed per joberly.

Update: Table corrected per Anchard.

Share this entry

The Tracking Device in Your Pocket

/12 Comments/in /by

Eric Lichtblau has a story summarizing what Ed Markey discovered after he asked cellphone companies to tell him how many law enforcement requests they respond to every year. And while some of the companies (AT&T and Cricket, at least) claim the numbers are exploding because their subscriber base is too, the numbers are still troubling.

In the first public accounting of its kind, cellphone carriers reported that they responded to a startling 1.3 million demands for subscriber information last year from law enforcement agencies seeking text messages, caller locations and other information in the course of investigations.

The cellphone carriers’ reports, which come in response to a Congressional inquiry, document an explosion in cellphone surveillance in the last five years, with the companies turning over records thousands of times a day in response to police emergencies, court orders, law enforcement subpoenas and other requests.

The reports are all here–I’ll do a followup once I’ve read them. In the meantime, consider this a working thread if you read the reports.

Share this entry

At What Point Does T-Mobile CEO Get Dinged for False Advertising?

/15 Comments/in , /by

[Youtube]3KmfXupi9cg[/Youtube]

The CEO of T-Mobile thinks the government, in suing to stop its merger with AT&T, simply didn’t understand how merging with AT&T would benefit customers. (h/t mistermix)

By now you have heard the news that the Department of Justice (DOJ) has filed a lawsuit to block the AT&T and T-Mobile merger in U.S. District Court. We were surprised by this sudden announcement, and DT will join AT&T in challenging the DOJ’s case in court.

DT and AT&T believe the DOJ has failed to acknowledge the significant consumer benefits of this deal. DT remains convinced that bringing together these two world-class businesses would create significant benefits for customers and the country.

I’d really like someone to sue T-Mobile for false statements. Either the filings they have and will submit are false, or this ad campaign is (my vote). But somebody’s not telling the truth.

Share this entry

DOJ Sues to Stop AT&T/T-Mobile Merger

/8 Comments/in , /by

Finally, the Department of Justice did something (aside from its good work on Civil Rights) worthy of its name: it sued to prevent the AT&T/T-Mobile merger.

The Department of Justice today filed a civil antitrust lawsuit to block AT&T Inc.’s proposed acquisition of T-Mobile USA Inc.   The department said that the proposed $39 billion transaction would substantially lessen competition for mobile wireless telecommunications services across the United States, resulting in higher prices, poorer quality services, fewer choices and fewer innovative products for the millions of American consumers who rely on mobile wireless services in their everyday lives.

The department’s lawsuit, filed in U.S. District Court for the District of Columbia, seeks to prevent AT&T from acquiring T-Mobile from Deutsche Telekom AG.

“The combination of AT&T and T-Mobile would result in tens of millions of consumers all across the United States facing higher prices, fewer choices and lower quality products for mobile wireless services,” said Deputy Attorney General James M. Cole.   “Consumers across the country, including those in rural areas and those with lower incomes, benefit from competition among the nation’s wireless carriers, particularly the four remaining national carriers.   This lawsuit seeks to ensure that everyone can continue to receive the benefits of that competition.”

“T-Mobile has been an important source of competition among the national carriers, including through innovation and quality enhancements such as the roll-out of the first nationwide high-speed data network,” said Sharis A. Pozen, Acting Assistant Attorney General in charge of the Department of Justice’s Antitrust Division.   “Unless this merger is blocked, competition and innovation will be reduced, and consumers will suffer.”

The press release, at least, cites a lot of T-Mobile documents to argue for T-Mobile’s key role in keeping the cell phone industry competitive, not an AT&T document that was recently leaked showing that AT&T pursued the merger for anti-competitive reasons.

The complaint cites a T-Mobile document in which T-Mobile explains that it has been responsible for a number of significant “firsts” in the U.S. mobile wireless industry, including the first handset using the Android operating system, Blackberry wireless email, the Sidekick, national Wi-Fi “hotspot” access, and a variety of unlimited service plans.   T-Mobile was also the first company to roll out a nationwide high-speed data network based on advanced HSPA+ (High-Speed Packet Access) technology.  The complaint states that by January 2011, an AT&T employee was observing that “[T-Mobile] was first to have HSPA+ devices in their portfolio…we added them in reaction to potential loss of speed claims.”

The complaint details other ways that AT&T felt competitive pressure from T-Mobile.   The complaint quotes T-Mobile documents describing the company’s important role in the market:

  • T-Mobile sees itself as “the No. 1 value challenger of the established big guys in the market and as well positioned in a consolidated 4-player national market”; and
  • T-Mobile’s strategy is to “attack incumbents and find innovative ways to overcome scale disadvantages.   [T-Mobile] will be faster, more agile, and scrappy, with diligence on decisions and costs both big and small.   Our approach to market will not be conventional, and we will push to the boundaries where possible. . . . [T-Mobile] will champion the customer and break down industry barriers with innovations. . . .”

Still, I would bet this suit became a lot easier to file now that AT&T’s lies about the merger have been exposed.

Update: The complaint references just two AT&T documents (see paragraph 30). Neither is the leaked document, but they deal with fundamentally the same issue, how AT&T responded to T-Mobile on upgrading its network.

Share this entry

The Global Crisis of SOME Institutional Legitimacy

/14 Comments/in , , /by

Felix Salmon has a worthwhile (but, IMO, partly mistaken) post on what he deems “the global crisis of institutional legitimacy.” I think he’s right to see this as a significant challenge to our current political economy.

While watching another Arab government get toppled on Sunday evening — this time that of Muammar Gaddafi, in Libya — I was also reading George Magnus’s excellent note for UBS, entitled “The Convulsions of Political Economy”; you can find it chez Zero Hedge.

Convulsions is right — not only in the Arab world, of course, but also in Europe and the US. And the result is arguably the most uncertain outlook, in terms of the global political economy, since World War II ended and the era of the welfare state began.

As Magnus says:

It seems that we are having sometimes esoteric tiffs between Keynesians and Austrians about if and how governments should sustain jobs and growth. But, deep down, we are having a much more significant debate as we are being forced to redefine what we think about the rights and obligations of citizens and the State.

Most fundamentally, what I’m seeing as I look around the world is a massive decrease of trust in the institutions of government.

But I think Salmon makes two mistakes. First, he maintains an unwarranted distinction between the Arab Spring and the UK riots.

Where those institutions are oppressive and totalitarian, the ability of popular uprisings to bring them down is a joyous and welcome sight. But on the other side of the coin, when I look at rioters in England, I see a huge middle finger being waved at basic norms of lawfulness and civilized society, and an enthusiastic embrace of “going on the rob” as some kind of hugely enjoyable participation sport. The glue holding society together is dissolving, whether it’s made of fear or whether it’s made of enlightened self-interest.

From the perspective of the underclass in our society, it has been some time since “enlightened self-interest” counseled compliance. And from most perspectives, it’s clear that the elites, not the underclass, were the first to wave a huge middle finger at basic norms of lawfulness.

A more problematic error, though, is Salmon’s claim that corporations have retained their legitimacy.

Looked at against this backdrop, the recent volatility in the stock market, not to mention the downgrade of the US from triple-A status, makes perfect sense. Global corporations are actually weirdly absent from the list of institutions in which the public has lost its trust, but the way in which they’ve quietly grown their earnings back above pre-crisis levels has definitely not been ratified by broad-based economic recovery, and therefore feels rather unsustainable.

As a recent Pew poll shows, Americans are just as disgusted with banks and other large corporations as they are with their government.

While anti-government sentiment has its own ideological and partisan basis, the public also expresses discontent with many of the country’s other major institutions. Just 25% say the federal government has a positive effect on the way things are going in the country and about as many (24%) say the same about Congress. Yet the ratings are just as low for the impact of large corporations (25% positive) and banks and other financial institutions (22%). And the marks are only slightly more positive for the national news media (31%) labor unions (32%) and the entertainment industry (33%).

Notably, those who say they are frustrated or angry with the federal government are highly critical of a number of other institutions as well. For example, fewer than one-in-five of those who say they are frustrated (18%) or angry (16%) with the federal government say that banks and other financial institutions have a positive effect on the way things are going in the country.

But there are institutions that Americans still trust: colleges, churches, small businesses, and tech companies.

Distinguishing between those institutions (government and big corporations) people distrust and those (churches, small businesses, and tech companies) they do is important for several reasons. First, because it prevents us from assuming (as big corporations might like us to) that Americans will be content with corporatist solutions. People may or may not like the the post office, but there’s no reason to believe they like FedEx, Comcast, AT&T, or Verizon any more, particularly the latter three, which all score very badly in customer satisfaction. (Update: as joberly points out, Pew found that the postal service was by one measure the most popular government agency, with 83% of respondents saying they had a favorable view of the postal service.)

Such polling also suggests where Americans might turn during this convulsion. Barring Apple buying out the federal government, it seems likely Americans, at least, will turn to local institutions: to their church, their neighborhood, their local businesses.

That’s got some inherent dangers–particularly if people decide they want to change my governance with their church. But it also provides a nugget of possible stability amid the convulsion, one that might have salutary benefits for our environment and economy.

Apple aside, it’s the big institutions that have lost their institutional legitimacy. But we’re not entirely without institutions with which to rebuild.

Share this entry

AT&T Confident Its Partner in Crime Will Let It Take Over T-Mobile

/in /by

Here’s the last paragraph of a Politico article describing the considerable extent of AT&T’s paid influence in DC.

AT&T said Monday that it is “confident” it can secure federal approval as it presents its case for T-Mobile, and both companies signaled Monday that they hoped to wrap everything up in about a year. AT&T declined to comment on its lobbying and PAC efforts and whether those efforts would be stepped up as it pushes for merger approval.

Now, the Politico piece is worth reading just for a sense of how corrupt the upcoming approval of the merger will no doubt be.

But somehow Politico forgot to mention the other reason AT&T will be granted the right to buy T-Mobile in spite of its clear assault on key principles of competitive capitalism: because the government owes AT&T.

Or, to put it another way, AT&T and the government have become so closely entwined in their joint program spying on Americans that the government cannot be said to be an independent reviewer of AT&T’s business.

Not only that, but by having AT&T take over T-Mobile, the government will get more unfettered access to Americans’ phone records. As Chris Soghoian explains:

While it is little known to most consumers, T-Mobile is actually the most privacy preserving of the major wireless carriers. As I described in a blog post earlier this year, T-Mobile does not have or keep IP address logs for its mobile users. What this means is that if the FBI, police or a civil litigant wish to later learn which user was using a particular IP address at a given date and time, T-Mobile is unable to provide the information.

In comparison, Verizon, AT&T and Sprint all keep logs regarding the IP addresses they issue to their customers, and in some cases, even the individual URLs of the pages viewed from handsets.

While privacy advocates encourage companies to retain as little data about their customers as possible, the Department of Justice wants them to retain identifying IP data for long periods of time. Enough so that T-Mobile was called out (albeit not by name) by a senior DOJ official at a data retention hearing at the House Judiciary Committee back in January:

“One mid-size cell phone company does not retain any records, and others are moving in that direction.”

If and when the Federal government approves this deal, T-Mobile’s customers and infrastructure will likely be folded into the AT&T mothership. As a result, T-Mobile’s customers will lose their privacy preserving ISP, and instead have their online activities tracked by AT&T.

So no wonder AT&T is so confident they’ll get to do what they want, and to hell with the interests of consumers. While this deal offers zero benefit for consumers, it does give the government just what it wants.

Share this entry