Yesterday a document detailing mobile carriers’ data retention policies was revealed. We took some time to get privacy advocates’ take on the new information, which included the fact the Verizon alone keeps your text message content for a number of days and AT&T holds onto to call records for up to seven years.
“The moral of the story is use a prepaid phone and text,” says Beth Givens, director of Privacy Rights Clearinghouse. “If you’re concerned about retention periods of carriers, prepaid phones and texting are the way to go to maximize your privacy.”
While texting has predominantly become our mobile communication method of choice, that doesn’t mean cell users are safe. “I think this should be a concern to individuals who gave up land lines and only use cell phones,” Givens says. And of course, there’s the fact that your texting habits and even contents are anything but private. Commenting on that fact that Verizon holds onto your text message contents for 3-5 days, Givens ask “why?”
“When any company retains data for a long period of time it opens them up to problems and potential abuses. And those problems include data breaches and of course excessive or inappropriate uses by law enforcement.”
Consumers should also be aware of what cell tower data retention means. “I think it’s important that consumers know that that particular data is retained for lengthy periods. It’s increasingly rich and it can reflect one’s activities over a long period of time,” Greg Nojeim, senior counsel anddirector for the Project on Freedom, Security and Technology explains. “It’s also important for consumers to know that there is no one standard specified in the law, for law enforcement to meet in order to retain this information. Government argues it can obtain this information without proving strong evidence of cause.”
“From a consumer perspective, this revelation means that a vast quantity of information about their past activities as revealed by their location is easily available to law enforcement unless the law is changed,” he says.
Nojeim says the document reveals the amount of time companies are holding onto IP address information is actually much shorter than the bill currently going through Congress would allow. This translates into giving law enforcement more access to that data. Rebecca Jeschke of the Electronic Frontier Foundation says consumers need to pay attention to this type of revelation, and realize what it means. “Consumers should absolutely be concerned about how much data is being collected. While it would be best not to have this data collected at all, we need clear rules and regulations about who has access to these records and when. A lot of third-parties are collecting data about us: Our ISPs, our mobile carriers, social networking sites like Facebook, any number of apps, retailers, transit companies. Combined, they create a very intimate picture of our life. We need to know who collects what, and when, and how, so we can make sure America’s laws are consistent with how we want both companies and the government access to this very sensitive data.”
Which brings us to another platform that should pique your privacy interests. Facebook’s announcement of the Timeline, Open Graph, and new class of “frictionless” (read: Fewer permission screens requesting you to hit “accept”) apps have users concerned. Still, there seems to be some sort of perceived safety with our phones that isn’t entirely correct.
“There’s a big difference on the Facebook side, the social media side—individuals have some control there. What to post, if anything, and you can adjust your settings to maximize privacy. But on the cell phone side, as illustrated by the document, there’s a great deal we don’t have control over,” says Givens.
Nojeim also weighs in, echoing the idea that when it comes to social media, users have more of a say in what is and isn’t made public. “The customer isn’t making a decision to share something like you do on Facebook… this is forced sharing, if you will,” he says.
“I think what consumers have to know is that even if they think they are engaging in activity that to them appears to be private, it leaves behind a digital track that can be obtained by law enforcement and in many causes they won’t know about it for awhile—if ever. And the message for companies ought to be that lengthy periods of retention not tied to a business reason can compromise customer privacy. If the information isn’t retained it can’t be illicitly obtained by hackers and identity thieves.”