Schneier on Security
A blog covering security and security technology.
« When Technology Overtakes Security |
| FBI Secretly Spying on Cloud Computer Users »
March 21, 2013
Text Message Retention Policies
The FBI wants cell phone carriers to store SMS messages for a long time, enabling them to conduct surveillance backwards in time. Nothing new there -- data retention laws are being debated in many countries around the world -- but this was something I did not know:
Wireless providers' current SMS retention policies vary. An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years.
An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a 2011 Wired article, says that Verizon keeps "text message content on their servers for 3-5 days." And: "Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days"
That second set of data is from 2009.
Leaks seems to be the primary way we learn how our privacy is being violated these days -- we need more of them.
EDITED TO ADD (4/12): Discussion of Canadian policy.
Posted on March 21, 2013 at 1:17 PM
• 19 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The rise of IM-like apps like WhatsApp, Kik, etc. is making sms more and more obsolete. If U.S. laws keep going in this direction, I wonder if we will see options like offshore-only versions of these apps where all your data is stored on servers located in countries that don't have data-exchange agreements with the US.
Incentives for leaking appear to be bad. Bradley Manning has become one prominent example what can happen to leakers that get caught.
If the Internet is a total surveillance state like I just recently read in some article here: http://edition.cnn.com/2013/03/16/opinion/... there is a good chance that if you leak information about the wrongdoing of a state or a Megacon/Feudal-lord-company you are done with your career (or life).
I'm curious what the business case is for storing text messages at all. At volume, quite a bit of extra infrastructure is required, especially for *90 days* of SMS content...
"These days"? Was there some past era when the US government (or any government) was happy to explain in detail how much information it was collecting about people without leaks or a long struggle on the part of the person asking?
I'm curious if anything is known about data retention for Apple's iMessage service.
... there is a good chance that if you leak information about the wrongdoing of a state or a Megacon/Feudal-lord company you are done with your career (or life)
In the UK this has been true for a great number of years.
There are a number of organisations who quite illegally gather store and make available all sorts of half truths etc about many UK citizens.
These organisations earn a nice little income by supplying this illegal "blacklisting" information to companies.
Originaly it started out as "anti-union" blacklisting in the "construction industry" but has blossomed out into many areas in the past few years.
What has not helped is that the likes of the UK MET Police have been involved with supplying information on peaceful and lawfully behaving protestors to these organisations as well as to certain well known newspaper proprietors. Currently we are seeing one or two lower level police officers being prosecuted for supplying info to newspapers. But those supplying to these companies or who were sufficiently senior have got away with it some have retired and now have newspaper columns of their own...
Makes me wonder how long Apple keeps iMessages (or Google/AOL keep their chat logs)
I agree we need more leaks. Probably, both internal and externally outsourced.
Not just because all of this information we are currently getting from leaks, but also because of the history of the abuse of surveillance. That history, one does not need to look to Russia or China to see, one can look right here at the US and examine how the old FBI used to use misuse surveillance.
People did not know about how the FBI was misusing surveillance for a very long time.
What did it take to find out? Watergate?
Who is to say they are not misusing surveillance powers again?
... looking it up...
Looks like the Watergate inspired Church hearings was a major factor of that exposure. The previous other major factor of exposure was:
"The program was successfully kept secret until 1971, when the Citizens' Commission to Investigate the FBI burglarized an FBI field office in Media, Pennsylvania, took several dossiers, and exposed the program by passing this information to news agencies. Many news organizations initially refused to publish the information. "
Sounds like a big leak to me.
(And nevermind that Watergate was only exposed by a leak, from the FBI no less... albeit targeting outside individuals and agencies.)
How did the FBI abuse that power for so long, unabated? One thing you can find from studying some of the cases, is people who know about such things are scared to talk because in the business of extortion - black mail - you know just what you are looking at for reprisal.
RE: Mallard and iMessages retention …
I don't know how long but clearly at least a week or two since you can definitely be away from home and sending messages back and forth on one device or another (say iPhone and MacBook), then get back to, say, an iMac that was turned off and the entire chat history is quickly delivered, including pictures.
Cell phone carriers are not in the business of law enforcement. If they are required to participate in it, they should at least be paid for it.
"as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. "
"Sprint stores their text message content going back 12 days"
What's behind the discrepancy about Sprint?
Who in their right mind discusses illegal actions in plain text over the phone, speech or text?
The only thing that is of interest would be who contacted whom and how often.
On the other hand, for industrial or political espionage and blackmailing "witnesses", this would be great.
I expect we will go to a stage where the police simply are looking for a likely suspect that was around according to his phone, has no alibi and thus can be blamed for the crime. After which the courts will start to dismiss location data as evidence.
The same happened with DNA. After criminals started to pollute crime scenes, the police have to come up with more evidence than just a DNA trace.
There's a field within the PDU data format (used by SMS), called "validity period." It can be set at any value from 5 minutes to 63 weeks, with coarser resolution the longer you set it. (5 minutes resolution up to 12 hours, 30 minute resolution up to 24 hours, and so on.)
In principle, the SMSC should retain a message until it is delivered or until the VP expires, whichever comes first, and then delete it. With one small caveat, they have no financial incentive for not doing this; in fact it costs them money to keep messages unneccessarily. The cost is not so much with short text messages but it is considerable with MMS. (The caveat is that it is probably costly to try to delete each message exactly on its expiry period; it would be better to periodically sweep for all expired messages.)
I've found that many phones set the VP to some default value of a couple of days and either don't give the user any ability to change it, or hide it deep down in the network config settings. Possibly to stop people gumming up the works by setting 63 weeks for no good reason.
So, I wonder if this is just a reflection of typical VP settings on the various networks, or even the programming of the "sweeper" that cleans up the old ones?
On this topic, I'd like to see standards on how long video of financial transactions (ATMs, tellers, etc.) must be kept. Longer retention would help law enforcment solve identity theft and similar crimes.
I would think that most politicians would be smarter than to discuss corrupt behavior over a text-message channel.
Then, I remember this case.
Most lesser criminals probably suspect that they are too small-fry to have FBI poke into their messages. However, local Police agencies may attempt to figure out how to get access to those messages...
That's why you use textsecure between parties so the mined data is useless.
My govt almost sold half the telecom infrastructure to a Chinese state telecom until they realized oops, they can wholesale spy on our entire population now. Deal shelved but not cancelled
I'm interested in the financial side of this... I know we're paying but how are we paying?
I pay my carrier for my data service - that's OK. But when did my data become any interested party's data?
Am I paying my carrier (directly) to store my data for my government/ other governments - still not OK.
Am I paying my carrier (indirectly - as a taxpayer) to store my data - I can't afford this level of inefficiency.
In all of this, the silent murder of 'innocent until proven guilty' by governments is a tragedy.
In most cases they (we) don't care about the contents as much as the interactions.
Dealer a sends 100 messages per day to Jimmy. All the messages are 'yo, wats up? did charlie come home'.
When Dealer gets arrested and they (we) just stop to 'talk' to Jimmy and Jimmy says he needs a lawyer ....
Content is overrated; connections is golden.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..