Your cell phone company collects and stores more personally identifiable data than Google or Facebook

In a way it sort of makes sense. Your cell phone runs on your telecom’s network and everything you do – unless you run it over WiFi – on your cell phone is run through their towers. So it goes without saying cell phone companies have access to potentially sensitive information. However, even if you have recognized this fact in the past, I bet you didn’t realize exactly what type of information is stored about you and for how long.

<– Image Credit: Alan Cleaver

A recent leak of an internal memo (dated August 2010, and for “Law Enforcement Use Only” — gasp!) from the United States Department of Justice, Computer Crime and Intellectual Property Section reveals enhanced details on what type of data the major cell phone carriers in the USA are storing and for how long. While this memo may not be comprehensive and all-inclusive (i.e. I am sure there are other types of data that is being stored but is not reported in this memo), it sure is interesting.

Note: This article is in regards to cell phone companies in the United States. While I don’t have access to any concrete data regarding carriers in other countries, the same concept/idea of data retention is sure to apply to them, too.

How long do you think Verizon keeps information on who you call? One year (rolling). T-Mobile? Two years for prepaid customers and five years for postpaid customers. AT&T? 5-7 years for postpaid and “varies” for prepaid. Sprint? 18-24 months.

Okay cool — we know how long our call history is being stored. Now let’s talk messages.

In regards to storing details about who you text: Verizon keeps the data for one year (rolling), T-Mobile keeps the data for two years prepaid/five years postpaid, AT&T keeps the data for 5-7 years, and Sprint keeps the data for 18 months. For storing the actual content of text messages, Verizon stores the data for 3-5 days while T-Mobile, AT&T, and Sprint do not retain the data at all. (Presumably this means the latter three carriers do not store text message content beyond relaying the text message to the recipient.)

Another interesting category of data being stored is the data on which cell towers you use, otherwise known as cell site data. Verizon keeps tabs on you for one year (rolling), T-Mobile for “officially 4-6 months but really a year or more”, AT&T keeps it forever starting in July 2008, and Sprint for 18-24 months. To put this into perspective, cell site data can be used to reliably determine your geographic location at any point in time, assuming you have your cell phone on you. And all four major carriers retain this data for a year or longer.

In addition to the already mentioned, the leaked internal memo provides information regarding a handful of other data categories; so instead of regurgitating it all back at you, here is a chart – created by yours truly, based off information provided in the internal memo – that lists it all out:

(Click on the chart above to view it in full size.)

At the risk of stating the obvious, it isn’t the storing of data that concerns me but rather the potential access and/or abuse of this data. It isn’t so much abuse at the corporate-level that bothers me (although that is a concern), but rather abuse at the governmental-level that has me worried.

Some of you may or may not know there is currently a case pending before the United States Supreme Court (set to be heard about two months from now) regarding the application of the Electronic Privacy Communications Act: The government is trying to, or tried to anyway before they got sued, to monitor a “suspect’s” GPS data without a warrant. It doesn’t take a genius to see if the government is trying to monitor GPS data – albeit of suspected criminals – without a warrant, all the data mentioned above is probably fair game, too. Now I know many people will say “if you don’t have anything to hide what are you scared of?” However, the issue isn’t about hiding my sexting something as much as it is about the potential for abuse.

I am sure many of us have heard of one or more instances about how a public servant abused their power to get back at/abuse/stalk someone else, such as an ex-spouse. While we would like to think all the FBI agents that live around the corner are nice people,  the fact of the matter is there is a high potential for abuse if the government can access such highly sensitive personal data without requiring a warrant. Scary… regardless of if you are Republican or Democrat or somewhere in between.

Feel free to reflect in the comments below.

P.S. Yes, I know the title of this article is a bit misleading. Google and/or Facebook may have and may store more personally identifiable information about you than your cell phone service provider (depending on what information you provide Google or Facebook). This article is not intended to compare and contrast the types of data cell phone companies collect and store vs Google or Facbook. The title of this article was just intended to get you to read this article. I know, I am a bad person.

Sources: Wired, Leaked US Justice Department Internal Memo on Verizon, T-Mobile, AT&T/Cingular, Sprint, Nextel, and Virgin Mobile

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

7 comments

  1. Seamus McSeamus

    Here in the US, technology has grown faster than laws can keep up, so you end up with a society where privacy isn’t really a consideration for most people. Add in a government that, since 9-11, erodes our freedoms and further invades our privacy at every turn and you have something that, more and more each day, resembles Orwell’s vision of the future. For the people who have grown into adulthood over the past 10 years, this is the norm.

  2. Gus

    Ja, let’s not forget about the fact that Zuma and Mbeki’s calls were monitored and recorded. If it can happen at THAT level with no accountability, what do you think can and will happen to the man in the street. The latest ploy by the SA govt is to be able to get access to your Blackberry msgs at any time.

  3. Shava Nerad

    The issue is that telecommunications companies have been legally limited as to how they canuse your PII since Moses was a pup. Google and Facebook have nothing much beyond their privacy policies that you never read when you clicked that you agreed to them, and to any unannounced later changes to them, forever and ever, amen.

    The cases are simply so different legally, as they’ve evolved, however similarly they’ve come to be *logically*, that you may as well not discuss them in the same article.