It's been nearly a decade since Reason informed you that "Your Cellphone is Spying on You." A 2019 document from the FBI's "Cellular Analysis Survey Team" (CAST) project, newly uncovered by the transparency group Property of the People, reminds us of some of the hows and whys.
The 139-slide document instructs investigators on what they can do via cell phone surveillance. It spells out what cops can get via just a subpoena (such as a "call to destination search," "payment information," or IP addresses) and what requires a warrant (such as text content or a trap-and-trace for all the numbers you're calling or fielding calls from). It offers language to use when asking your cell service provider to spy on you. Agents are advised to keep careful eye on such details as the first numbers called in the morning and last numbers called at night. Police are reminded that they not only can find where a number they are interested in has been, but also every number that has been used near a specific cell tower location.
CAST offers mapping programs to help investigators visualize what the cell data they are scarfing up tell them (which they warn "should not be taken to court without being validated for accuracy"). The presentation gives lots of pointers on using Google Earth for tracking and identifying locations. And the surveillance web doesn't rely only on cell phones: "license plate readers" are another element that cops can feed into the system, as is the original federal tracing device, the Social Security number.
The presentation also tells agents what they can get from Facebook, including "basic subscriber info" via subpoena, messages over the past 180 days via "court order," and photos, private messages, and friend lists via search warrant. This applies both to individual Facebook users and to groups. These realities makes recent discussion of encryption on Facebook all the more relevant.
It was good to see investigating agents being reminded that a cell provider may, at its discretion, deny an "exigent request" for instant info that allegedly involves an "emergency involving danger of death or serious physical injury." At the same time, those rejections can be overriden, though an authority at least as high as an deputy assistant attorney general has to approve such a move.
And that's just part of what's in the document. As Vice reports, it
also explains how data requests from Mobile Virtual Network Operators (MVNOs) such as Boost Mobile are handled, explains how to obtain location data from what the FBI describes as "burner phones," and how to obtain information from OnStar, General Motors' in-vehicle system. The document also provides the cost of some of this data for law enforcement to request.
The presentation provides more recent figures on how long telecoms retain data for. AT&T holds onto data such as call records, cell site, and tower dumps for 7 years. T-Mobile holds similar information for 2 years, and Verizon holds it for 1 year.
We live in an age of concern over "domestic terrorism"—and if there's one thing the years since 9/11 have taught us, it's that terror investigations often entail the harrassment and surveillance of Americans who have not actually committed a crime but are being probed for the company they keep. At such a time, it's good to keep in mind what a squealer that little device in your pocket can be.