Government Now Wants SMS Retention Laws
On Top of ISP Browsing Retention Laws
As the United States government continues its relentless expansion of domestic surveillance capabilities, the latest effort is focused on forcing wireless carriers to retain text message logs for at least two years. For much of the last decade the U.S. government has been trying to force data retention requirements on ISPs, most frequently under the banner of fighting child pornography
. That's something that some folks (like Sonic.net CEO Dane Jasper) has argued will create huge new security vulnerabilities
Now law enforcement and the government are also focusing their attention on forcing wireless carriers to retain SMS logs
, insisting that the lack of a current requirement (as they claim with the lack of ISP logs) "can hinder law enforcement investigations." The Justice Department claims that carrier practices on SMS retention differ wildly:
An internal Justice Department document (PDF) that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years, according to the chart.
analysis suggests that the Juctice Department's data is wrong, noting that Sprint and others have been shown to retain full SMS messages for some time. Meanwhile the EFF, as you might expect, isn't impressed with this latest push:
"These data retention policies serve one purpose: to require companies to keep databases on their customers so law enforcement can fish for evidence," he said. "And this would seem to be done against the wishes of the providers, presumably, since...some of the providers don't keep SMS messages at all."