Will Ting offer a "law enforcement portal" like Sprint's for easy snooping?
Answered

In security researcher Christopher Soghoian's [2009 blog post, "8 Million Reasons for Real Surveillance Oversight"][1], then later in [his Ph.D. dissertation, "The Spies We Trust: Third Party Service Providers and Law Enforcement Surveillance"][2], Soghoihan reported on a Web interface created by Sprint to allow government agents easier access to their customers' private data.

    [1]: http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html

    [2]: http://files.dubfire.net/csoghoian-dissertation-final-8-1-2012.pdf

At the 2009 ISS World (Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering) conference, Sprint's Electronic Surveillance Manager Paul Taylor said the site had been "pinged" more than 8 million times in a 13-month period.  "We turned it on the Web interface for law enforcement about one year ago last month, and we just passed 8 million requests. So there is no way on earth my team could have handled 8 million requests from law enforcement, just for GPS alone," Taylor said. "So the tool has just really caught on fire with law enforcement. They also love that it is extremely inexpensive to operate and easy, so, just the sheer volume of requests they anticipate us automating other features, and I just don't know how we'll handle the millions and millions of requests that are going to come in."

This implies that Sprint violates its customers' trust not only when forced to do so by court order, but also when law enforcement agents simply desire to examine customers' records, without regard for the urgency of circumstances or for the lack thereof.

Customers of Ting and of other mobile carriers willfully provide vast quantaties of information about those people with whom we communicate, about those Websites which we visit, and about our precise locations.  We carry tracking devices called "mobile phones" that also happen to facilitate communication.  Will Ting, like Sprint (and likely other carriers), offer easy access by government snoops to the information with which your customers entrust you?

4

Comments

11 comments
  • Wow, this was asked over a year ago and still no answer. I guess the answer is yes. Pretty sad. If your going to sell out your customers, at least own up to it and answer this guy's question.

    0
    Comment actions Permalink
  • Ting runs on the Sprint network, so Sprint already has access to everything you do (since they have to bill Ting for it). So the answer is it hardly matters what Ting does if Sprint is willing to give that information away anyways.

    0
    Comment actions Permalink
  • This post slipped past us, honest. We've got nothing to hide.

    Some of the surveillance news we're reading about in the US (we're in Canada) is pretty scary stuff.

    Seth is accurate in his comment though; we don't own the mobile network, so we don't have any say around that sort of thing.

    To be clear, while they do control what information is sent over the mobile network, Sprint does not have access to our customer data, payment information, or any other customer data outside of the phone number itself.

    Remember this is our customer service portal. We're not staffed with lawyers and our goal is to provide helpful service for mobile customers, not commentary around law enforcement.

    0
    Comment actions Permalink
  • Ben, this was not a request for commentary on law enforcement, and you did not answer the (admittedly loaded) question.  Would you please do so?

    Treating as private the information with which we, your subscribers, entrust you is crucial.

    Without commenting on the despicable nature of the situation, we can say that it is now publicly known that Canadian government agents collect personal information in various manners similar to those in which the United States National Security Agency staff do.  Big thanks to Edward Snowden for facilitating the transfer of that knowledge to journalists who informed the public.

    Do you provide law enforcement officers or anyone else outside your company with direct access to subscribers' information?

    0
    Comment actions Permalink
  • Hi Phillip,

    Nobody at Ting wants to go to jail, so we're careful to obey any applicable laws. I'll pass along your comments, but to my knowledge, we're building nothing that sounds like what you've described.

    -b

    0
    Comment actions Permalink
  • That's a <a href="https://yourlogicalfallacyis.com/strawman">strawman</a>.  I didn't suggest violating any law.

    I assert that your colleagues at Ting should provide information about your subscribers' use of your service only A) with affected subscribers' explicit consent, or B) when you are required to do so by law.  Not when a police officer asks nicely for you to do so, but when a judge notifies you that you must do so.  In your nation and in mine, that the police request something does not make it a legal requirement.  Down here, they typically only ask for something when they cannot by law demand.

    0
    Comment actions Permalink
  • Phillip, we have answered this question elsewhere previously.

    Three points. First, I cannot imagine building something. That seems like a non-starter on so many levels. So no we are not building anything, nor providing access in any way like that described above.

    Second, we have a long history of both protecting our users information and co-operating appropriately with law enforcement. We have had to deal with these issues in the domain name world for 15 years and have a great reputation on both sides of the fence. Our relationships (including with Chris) speak for themselves.

    Finally, it is important to have a sense of what we can and cannot do and what information we have and what Sprint has. Sprint has no PII for our customers. BUT, and it is a big but, if law enforcement is surveilling someone and has their cell phone number then they can simply go to Sprint directly. We would likely not even know about it.

    Hope this helps.

    0
    Comment actions Permalink
  • Elliot, if, as you claim, your organization has answered this question elsewhere previously, could you please find someone to help you make a hyperlink to that information?

    I'm not interested in whether you'll share my and other's information appropriately by some un-cited criteria with law enforcement agencies.  I want to know that you will not share my and others' information with them unless you are required by law to do so.  Have you not been watching what we, the people, have learned since June of last year?

    In another Ting forum post (<a href="https://help.ting.com/entries/25221463-In-light-of-the-NSA-data-collection-news-how-much-information-does-Ting-store-For-how-long-">"In light of the NSA data collection news, how much information does Ting store? For how long?"</a>), someone asked, and I re-asked, six questios about what information you have, how long you retain it, what Sprint has, and if you have provided it to law enforcement agencies.  Seven months later, not one of those questions has been answered.  

    Saying that anyone "only has access to phone numbers," as if there is any difficulty linking a number to a person, is a PR tactic of the U.S. government, and people aren't falling for it any more.

    As I wrote in that other post: You should impede law enforcement agents' efforts unless you are legally required to comply.  You should demand that your network carrier treat your subscriber's information with great care, dictating the circumstances under which the information with which we entrust you is communicated to fourth parties.  If they refuse to provide you with such assurance, you should inform your subscribers and everyone else of this fact.

    0
    Comment actions Permalink
  • Apparently it's painful to state:

    1.  Ting cannot protect you from Sprint's actions. 

    2.  Ting does not have the network of hardware to prevent such snooping.

    It sounds like to me the hard question to answer here is around Ting's inability to prevent Sprint from giving that number to Law Enforcement.  I'm am guessing there are other channels from which they can link the number to the name.  Is that open forum information for law enforcement?  Perhaps that is the question left to answer.  I think Ting has answered the question painfully, that they have no authority over Sprint giving away our phone number records or recorded calls...

    If it's on Sprint's network, it's vulnerable, like all phone data.

    I would love it if there were Ting Towers to eliminate the snooping, but that isn't happening.

    Long Story Short, Ting cannot provide you with ultimate privacy.  We'll need to activate politically to do that, and even then you're fighting millions of dollars of legal muscle by those that intend to keep snooping. 

    0
    Comment actions Permalink
  • I wonder if an encryption protocol could be used on the sprint network for phones with a Ting SIM?

    0
    Comment actions Permalink
  • Brandon is fairly accurate. I state what I do as a reality. We live in a different world now where the line between surveillance and enforcement has been blurred (see this piece for a great description).

    I can tell you the only request we have had was in the case of an suicide concern and if you know the FISA courts and their rules, that is saying something.

    If you re-read my final paragraph above, I am not trying to be careful. I am clearly warning you about the limitations we have in controlling the data. 

    0
    Comment actions Permalink

Please sign in to leave a comment.