Telco Data Retention Policies Spur Privacy Concerns

Published November 4, 2011

The nation’s major mobile phone providers are keeping a treasure trove of sensitive data about their customers, according to a recently released Department of Justice internal memo that reveals the data retention policies of the largest U.S. telecoms.

Verizon keeps a list of everyone a customer has exchanged text messages with for the past year, the report stated. T-Mobile stores the same data up to five years, and the number is 18 months for Sprint and seven years for AT&T.

That makes Verizon appear to have the most privacy-friendly policy. However, Verizon alone retains the actual contents of text messages, which it allegedly stores for five days. T-Mobile, AT&T, and Sprint don’t store them at all.

‘Reasonable Disclosure’
The revelations of the telcos’ data retention policies sparked commentary from legal experts and privacy advocates.

“One of the key legal questions is whether the service agreement between the wireless customer and wireless provider discloses and memorializes the data collection, retention, and sharing policy of the carrier,” said Charles A. Zdebski, co-chair of the utilities and telecommunications practice group for Eckert Seamans Cherin & Mellott, L.L.C. in Washington, DC.

“The answer to that question should resolve the issue of whether the customer has a legitimate concern or dispute with the carrier’s policies,” continued. Zdebski. “In our world of technology, as a practical matter it should not surprise consumers that many of their movements, interests, communications, and purchasing activities are tracked, including the use of their employer’s computer, the times at which they swipe their garage and building access cards, where and when they take road trips with their EZ Pass, their Web browsing activity at home, and what they buy with their branded discount card at their local grocer. The question is whether they agreed to it after reasonable disclosure.”

‘Reasonable Means for Privacy’
Claudiu Popa, president and principal risk advisor for Informatica Corp. in Toronto, says such practices are driving some consumers to drastic lengths to ensure their privacy. “The focus on access to personal information and the public’s resulting outcry against privacy breaches is resulting in a slow but palpable movement towards living off the grid,” he said.

“The first steps are often to use untraceable mobile phones and anonymous email addresses, while more privacy conscious people may go to greater lengths to actually become anonymous by unregistering their vehicles, unplugging from the hydro company, growing their own produce, and disguising their appearance in public,” Popa continued. “This is particularly applicable to the UK, where CCTV cameras are practically on every street, monitoring the population in ways that may or may not contribute to a lower rate of terrorism and crime.”

Noting those are relatively extreme measures, Popa added, “In the meantime, North Americans simply try to use reasonable means for privacy protection while balancing awareness of the issue with the need to still lead a productive existence without fear of snooping. Yet it is that same fear that is used to justify the aggressive surveillance and secrecy surrounding anything that strives for the prevention of terrorism,” he said.

“This is in large part the reason for the explosive demand for anonymity software,” Popa said. “People don’t have to engage in illegal activity to seek anonymity. They just value their privacy and don’t trust that they will be told ahead of time about the aspects of their communications that will be intercepted, recorded, retained, and analyzed.”

Phil Britt ([email protected]) writes from South Holland, Illinois.

Internet Info

“Retention Periods of Major U.S. Cellular Providers,” U.S. Department of Justice, September 2011: