AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to capture and store Americans’ confidential text messages, according to a proposal that will be presented to a congressional panel today.
The law enforcement proposal would require wireless providers to record and store customers’ SMS messages — a controversial idea akin to requiring them to surreptitiously record audio of their customers’ phone calls — in case police decide to obtain them at some point in the future.
“Billions of texts are sent every day, and some surely contain key evidence about criminal activity,” Richard Littlehale from the Tennessee Bureau of Investigation will tell Congress, according to a copy (PDF) of his prepared remarks. “In some cases, this means that critical evidence is lost. Text messaging often plays a big role in investigations related to domestic violence, stalking, menacing, drug trafficking, and weapons trafficking.”
Littlehale’s recommendations echo a recommendation that a constellation of law enforcement groups, including the Major Cities Chiefs Police Association, the National District Attorneys’ Association, and the National Sheriffs’ Association, made to Congress in December, which was first reported by CNET.
They had asked that an SMS retention requirement be glued onto any new law designed to update the 1986 Electronic Communications Privacy Act for the cloud computing era — a move that would complicate debate over such a measure and erode support for it among civil libertarians and the technology firms lobbying for a rewrite.
Today’s hearing before a House Judiciary subcommittee chaired by Rep. Jim Sensenbrenner (R-Wisc.) is designed to evaluate how ECPA should be upgraded. CNET reported yesterday that the Justice Department is proposing that any ECPA changes expand government surveillance powers over e-mail messages, Twitter direct messages, and Facebook direct messages in some ways, while limiting it in others. A Google representative is also testifying.
While the SMS retention proposal could open a new front in Capitol Hill politicking over electronic surveillance, the concept of mandatory data retention is hardly new. The Justice Department under President Obama has publicly called for new laws requiring Internet service providers to record data about their customers, and a House panel approved such a requirement in 2011.
Wireless providers’ current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.
An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps “text message content on their servers for 3-5 days.” And: “Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days”