Sprint revealed GPS data to law enforcement 8 million times in the last year | webOS Nation

Sprint revealed GPS data to law enforcement 8 million times in the last year

by Derek Kessler Wed, 02 Dec 2009 11:25 pm EST

Sprint It’s a sobering fact that in this day and age we are no longer in control of our data. From our emails in the cloud to the way we use apps on our webOS phones, there are many corporate heads with their eyes on monetizing our personal data. What we don’t look at often, however, is how the government wants to utilize that data.

If you’ve ever watched any of the various crime dramas on television today, you know that a favorite method for locating a criminal is by tracking the GPS chip in their phones. While we know that’s a reality in our world, what we didn’t know until recently was how much that data was actually being used. Sprint, with its 43 million subscribers, was revealed through the work of an Indiana University graduate student to have given law enforcement the GPS data of their customers eight million times in the span of 13 months. The ‘service’ has proven so popular with the authorities that Sprint has set up an automated online portal for accessing subscriber GPS information, for a nominal fee of course.

UPDATE: Sprint has issued the following statement [via: Phone Scoop] regarding the disclosure of subscriber GPS data, as we expected 8 million requests does not equal 8 million users.

Sprint says that the "8 million" figure represents the total number of times its network was pinged for GPS data. Those millions of bits of data, however, represent information from only a few thousand customer accounts. A single investigation can account for thousands of pings to Sprint's networks. A Sprint spokesperson noted that law enforcement and other government agencies only request information such as in missing persons cases, genuine emergencies, criminal investigations, or instances when a customer consents to sharing information. Sprint spokesperson Matt Sullivan said, "In all cases we require a valid legal request appropriate for the circumstances, meaning the request must be accompanied by either a subpoena, court order or customer consent." Sprint is not alone in this practice. All wireless carriers share customer information with law enforcement agencies when the need is mandated.

We don’t have exact numbers on how many subscribers were targeted by this data release system. Our assumption is that the web interface Sprint has put together does not provide real-time tracking and thus there may be several, if not dozens, of requests from law enforcement in efforts to track a phone. It’s also worth noting that this data can also be used to locate stolen phones as easily as it can be used to track suspected criminals. Still, eight million requests is a lot - more than 20,000 a day.

GPS data isn’t the only thing that Sprint has logged and available, they also store subscriber IP data for a full 24 months. While the intent was to keep this data for a bill-by-the-megabyte plan (thank goodness for unlimited data), Sprint has also made that data available to both their marketing department and law enforcement. And if you happen to have a phone with a WAP browser, Sprint even has your URL history for the past two years. The webOS browser is based on WebKit, so that’s not anything Pre and Pixi owners need worry about, but it’s still a less-than-cool revelation.

Sprint obviously isn’t the only game in the givin’ your data to the fuzz game. It’s safe to assume that when present with a warrant or subpoena, AT&T, Verizon, and T-Mobile all provide the same data. The story here is how often they do so, and how easy Sprint has made it.

[via: Techdirt]

Thanks to everyone that sent this in!