In early January of this year, as the Texas state legislature inaugurated its 83rd biennial session, EFF-Austin connected with a group of citizen activists concerned about the hidden exchange of information between telecommunications companies and law enforcement agencies. Together with the ACLU of Texas, Texans for Accountable Government, and the widely read and respected criminal justice blog Grits for Breakfast, we formed a new organization—the Texas Electronic Privacy Coalition—to initiate a targeted campaign to update Texas state law to better protect citizen privacy in the digital age.
If you own a mobile phone, you have signed a contract which includes a clause permitting your telecom provider to share your subscriber information (text messages and email) as well as information about your phone’s physical location (your whereabouts and movements) with law enforcement agencies should they legally request it. This information is typically requested through an administrative subpoena, which does not require demonstration of probable cause to a judge, and is typically sealed so no one ever hears about it. EFF-Austin is concerned about the lack of judicial oversight for this process and the lack of transparency into or accountability for this law enforcement surveillance tactic.
Just how much is this tactic used? Thanks to a Congressional privacy probe initiated by Representative Edward Markey (D-Massachusetts), we know that cell phone carriers serviced roughly 1.3 million requests for subscriber information in 2011 from state and federal law enforcement agencies.
Not much is known about the amount of surveillance being conducted in Texas. The ACLU carried out an open records campaign to survey the use of this surveillance tactic in 36 states, but Texas was not one of them. They concluded: “…we know that this method is widespread and often used without adequate regard for constitutional protections, judicial oversight, or accountability.”
To inform our perspective, the Texas Electronic Privacy Coalition (TxEPC) has initiated an open records campaign throughout the state of Texas to gather invoices issued to law enforcement agencies for services rendered by telecommunication providers. That’s another little wrinkle in this surveillance tactic: the telecom providers must be compensated for the expenditure of resources and staff time exhausted providing law enforcement access to subscriber information, even going so far as to build private web portals to receive and process all of the requests. From what we’ve learned, a law enforcement officer has to send an email to their District Attorney to acquire a subpoena, then login to a telecom web portal, type in the target number and attach a subpoena. That’s pretty darned easy and shows we’re a far cry from the days when a wiretap required actual physical exertion of effort and time to acquire much less information.
To add insult to injury—as if your cell phone bill weren’t outrageous enough already—taxpayer dollars are shoveled over to telecom providers…to conduct surveillance on taxpayers.
However, there is a silver lining to that ominous funnel cloud, as this means the invoices issued by telecom companies are public records and thus subject to required disclosure thanks to the enlightened open records laws of the great state of Texas. So the TxEPC open records campaign has been generating quantitative data by poring over public information – such as this sample of invoices obtained from the Fort Worth Police Department.
Not only does this begin to tell us how much public money is spent on this surveillance tactic (a figure which no one currently knows, not even the Governor) but it also gives us insight into whether particular law enforcement agencies are going above and beyond current state law by requiring their staff to obtain search warrants. TxEPC sincerely hopes we discover law enforcement agencies which are doing a good job, as that would reflect the ACLU’s nuanced findings across the country. If you are a member of one of those agencies, we’d like to hear from you and celebrate your ethical wisdom and moral compass.
Simultaneous with and informed by our open records campaign, the Texas Electronic Privacy Coalition has composed a bill which minimally modifies the Texas state code to ensure better protection of citizen privacy in the digital age. Thanks to Representative Bryan Hughes and Senator Juan “Chuy” Hinojosa, legislation has been filed in both chambers to require a search warrant when law enforcement goes to your cell phone company for your comprehensive location data.
The bills accomplish three things:
- require a warrant for cell phone location information, whether law enforcement is tracking your phone in realtime or checking in on where you’ve been
- for tracking devices installed by police, limit the amount of time a tracking order can be sealed by a judge (kept secret) to one year
- require aggregate reporting on the amount of location tracking that’s happening out there, and whether all this surveillance is actually resulting in the capture and conviction of criminals.
According to AT&T’s letter to Congressman Ed Markey last summer (PDF), “When the law requires a warrant for disclosure of customer phone usage information, AT&T requires that a warrant be provided.” Texas law, which hasn’t been updated for the smartphone era, is silent on the process for getting location information. These bills will end that silence.
EFF-Austin would like to thank the lawmakers who have taken this on, as well as all the other Representatives who’ve already told us they want to support our effort. We’re a long way from final passage, but we are well-positioned and the time is right. To turn these bills into law, it will take the combined efforts of all the groups who have thus far joined EFF-Austin in the Texas Electronic Privacy Coalition (we’d love to hear from your organization if you’d like to join). As well, our elected officials will need to hear from their constituents, so passage of these bills will also take grassroots support from Texans everywhere.
Toward that end, EFF-Austin has begun transforming into a member-oriented, grassroots organization. If you would like to join us on this adventure—and the many more yet to come—please join our new mailing list. At the same time, you can opt-in to volunteer with us (we’re all volunteers here) and indicate what you’d like to help out on. We can definitely use your help wrangling open records requests, planning events, fundraising, educating elected officials, building websites, and fighting the good fight!
Want to meet us in person? We’re hosting a non-badge SXSWi event in coordination with national EFF and iSEC Partners next Saturday March 9th from 4-6pm at Capital Factory. TxEPC will take the stage to talk about our legislative push, drum up support, and ask for your financial help. We’ll have cool “Geek Activist” t-shirts, coffee mugs, stickers, and buttons which we give away as gifts at certain donation levels. Registration is required and space is limited, so sign up and come meet as many privacy activists, civic hackers, and concerned citizens as we can fit in the place.
We’re also attending the Yale Information Society Project’s Location Tracking and Biometrics Conference this Sunday in New Haven, Connecticut. If you’ll be attending, keep your eyes open for Scott Henson of the Grits for Breakfast blog.
You can also follow us on Twitter, The Facebook (another battle!), and join our discussion list to share information and learn what’s happening with and to online civil liberties around the country and world:
If you’d like to follow the Texas Electronic Privacy Coalition, we’re just getting our online presence off the ground (did I mention we could use some coders and designers?). For your reference, here’s where we’re at:
And in case you were wondering, that’s pronounced “Tex-EPIC” y’all! See you in the halls of the state legislature!