- dotTech - http://dottech.org -

Your cell phone company collects and stores more personally identifiable data than Google or Facebook

[1]In a way it sort of makes sense. Your cell phone runs on your telecom’s network and everything you do – unless you run it over WiFi – on your cell phone is run through their towers. So it goes without saying cell phone companies have access to potentially sensitive information. However, even if you have recognized this fact in the past, I bet you didn’t realize exactly what type of information is stored about you and for how long.

<– Image Credit: Alan Cleaver [2]

A recent leak of an internal memo (dated August 2010, and for “Law Enforcement Use Only” — gasp!) from the United States Department of Justice, Computer Crime and Intellectual Property Section reveals enhanced details on what type of data the major cell phone carriers in the USA are storing and for how long. While this memo may not be comprehensive and all-inclusive (i.e. I am sure there are other types of data that is being stored but is not reported in this memo), it sure is interesting.

Note: This article is in regards to cell phone companies in the United States. While I don’t have access to any concrete data regarding carriers in other countries, the same concept/idea of data retention is sure to apply to them, too.

How long do you think Verizon keeps information on who you call? One year (rolling). T-Mobile? Two years for prepaid customers and five years for postpaid customers. AT&T? 5-7 years for postpaid and “varies” for prepaid. Sprint? 18-24 months.

Okay cool — we know how long our call history is being stored. Now let’s talk messages.

In regards to storing details about who you text: Verizon keeps the data for one year (rolling), T-Mobile keeps the data for two years prepaid/five years postpaid, AT&T keeps the data for 5-7 years, and Sprint keeps the data for 18 months. For storing the actual content of text messages, Verizon stores the data for 3-5 days while T-Mobile, AT&T, and Sprint do not retain the data at all. (Presumably this means the latter three carriers do not store text message content beyond relaying the text message to the recipient.)

Another interesting category of data being stored is the data on which cell towers you use, otherwise known as cell site data. Verizon keeps tabs on you for one year (rolling), T-Mobile for “officially 4-6 months but really a year or more”, AT&T keeps it forever starting in July 2008, and Sprint for 18-24 months. To put this into perspective, cell site data can be used to reliably determine your geographic location at any point in time, assuming you have your cell phone on you. And all four major carriers retain this data for a year or longer.

In addition to the already mentioned, the leaked internal memo provides information regarding a handful of other data categories; so instead of regurgitating it all back at you, here is a chart – created by yours truly, based off information provided in the internal memo – that lists it all out:


(Click on the chart above to view it in full size.)

At the risk of stating the obvious, it isn’t the storing of data that concerns me but rather the potential access and/or abuse of this data. It isn’t so much abuse at the corporate-level that bothers me (although that is a concern), but rather abuse at the governmental-level that has me worried.

Some of you may or may not know there is currently a case pending before the United States Supreme Court (set to be heard about two months from now) regarding the application of the Electronic Privacy Communications Act: The government is trying to, or tried to anyway before they got sued, to monitor a “suspect’s” GPS data without a warrant. It doesn’t take a genius to see if the government is trying to monitor GPS data – albeit of suspected criminals – without a warrant, all the data mentioned above is probably fair game, too. Now I know many people will say “if you don’t have anything to hide what are you scared of?” However, the issue isn’t about hiding my sexting something as much as it is about the potential for abuse.

I am sure many of us have heard of one or more instances about how a public servant abused their power to get back at/abuse/stalk someone else, such as an ex-spouse. While we would like to think all the FBI agents that live around the corner are nice people,  the fact of the matter is there is a high potential for abuse if the government can access such highly sensitive personal data without requiring a warrant. Scary… regardless of if you are Republican or Democrat or somewhere in between.

Feel free to reflect in the comments [4] below.

P.S. Yes, I know the title of this article is a bit misleading. Google and/or Facebook may have and may store more personally identifiable information about you than your cell phone service provider (depending on what information you provide Google or Facebook). This article is not intended to compare and contrast the types of data cell phone companies collect and store vs Google or Facbook. The title of this article was just intended to get you to read this article. I know, I am a bad person.

Sources: Wired [5], Leaked US Justice Department Internal Memo on Verizon, T-Mobile, AT&T/Cingular, Sprint, Nextel, and Virgin Mobile [6]