State, local agencies also collect phone data

WASHINGTON - Federal, state, and local law enforcement agencies conducting criminal investigations collected data on cellphone activity thousands of times last year, with each request to a phone company yielding hundreds or thousands of phone numbers of innocent Americans along with those of potential suspects.

Law enforcement made more than 9,000 requests last year for what are called "tower dumps," information on all the calls that bounced off a cellphone tower within a certain period of time, usually two or more hours, a congressional inquiry has revealed.

The little-known practice has raised concerns among federal judges, lawmakers, and privacy advocates who question the harvesting of huge amounts of data on people suspected of no crime in order to try to locate a criminal. Data linked to specific cell towers can be used to track people's movements.

The inquiry, by Sen. Edward J. Markey (D., Mass.), into law enforcement's use of cellphone data comes amid growing scrutiny of the bulk collection of geolocation data overseas and of Americans' phone records in the United States by the National Security Agency.

Tower dumps raise in the law enforcement context some of the same concerns presented by the NSA's mass collection of phone records without a warrant, when large amounts of data on law-abiding citizens are gathered to find clues about a small number of suspects, privacy advocates and some industry lawyers say. But unlike the NSA collection, which is bound by court-imposed rules on retention and use, the standards for obtaining tower data and the limits on its use by a plethora of agencies are inconsistent and unclear.

"This isn't the NSA asking for information," said Markey, who is planning to introduce legislation this month to restrict law enforcement's use of consumers' phone data, including ensuring that tower dumps are narrowly focused. "It's your neighborhood police department requesting your mobile phone data."

Markey's investigation, based on a survey of eight U.S. phone companies, has also revealed that carriers, following requests from law enforcement agencies, are providing a range of other records as well. Those include GPS location data, website addresses, and, in some cases, the search terms Americans have entered into their cellphones.

Markey's legislation, which does not focus on NSA or other intelligence agencies' programs, would require a warrant to obtain GPS location data, impose limits on how long carriers can keep customers' phone data, and mandate routine disclosures by law enforcement agencies on the nature and volume of requests they make of carriers. The proposal would not require a warrant for tower dumps.

One federal judge this year, in a rare public ruling, required a warrant for tower dumps. The judge also ordered the prosecutor to destroy nonrelevant data and - in an unprecedented move - to notify all non-suspects that their records had been collected.

Some companies Markey surveyed did not give full responses. In general, the survey reflects a greater reliance on cellphone data of all types, including text messages and call histories, by law enforcement.

"The industry as a whole in recent years experienced a substantial increase in these demands: the number of requests to Verizon Wireless has approximately doubled in the last five years, a trend that appears to be consistent with the industry in general," the company's general counsel, William Petersen, said in letter to Markey.

Civil liberties advocates are alarmed.

According to the industry, there are 330 million cellphones in use in the United States. Americans are texting, calling, and moving about with devices that track their locations and enable them to surf the Internet. Those actions leave digital trails that companies log for business or technical reasons - and that can be invaluable for investigators on the trail of a criminal.

"Location information is a vital component of law enforcement investigations at the federal, state and local levels," FBI spokesman Christopher Allen said.

A Justice Department official, who was not authorized to talk on the record and so spoke on condition of anonymity, said: "The data is useful if you think about the need to identify the location of drug traffickers - where are they at various points in their criminal dealings? It would be useful if you have a shooting by gang members. How do you figure who was at the scene of the shooting?"

In one notable instance, the FBI in 2010 located two bank robbers in Arizona, whom prosecutors had dubbed the "High Country Bandits," through the use of tower dumps. The men had robbed 16 banks at gunpoint in four states.

Investigators traced the trail of the robbers by analyzing cellphone records from the towers closest to four of the more remote Arizona banks. "Investigators believed it would be extremely unusual for a cellphone number to appear on two or more" of the towers servicing the areas of the banks on the robbery dates, according to an FBI special agent in a March 2010 criminal complaint.

The FBI received more than 150,000 phone numbers in the dump, according to the complaint. Its analysis turned up only one number that bounced off the towers on the dates of three of the robberies. That number belonged to one of the robbers.

One former federal prosecutor familiar with the practice said federal agents make requests "a few dozen" times a year, typically in bank heists. The vast majority of requests are made by state and local agencies.

Some companies have fought to narrow the requests. One industry lawyer said his company fought an order that sought dumps from "any cell towers" that served a particular address for a 13-hour period. "We're worried that we're being asked a lot to give away all this data," said the lawyer, who talked on condition of anonymity. "We just think the law is being exploited."