April 12 - US Police Increasingly Peeping at E-mail, Instant Messages

Police and other agencies have "enthusiastically embraced" asking for e-mail, instant messages and mobile-phone location data, but there's no U.S. federal law that requires the reporting of requests for stored communications data, wrote Christopher Soghoian, a doctoral candidate at the School of Informatics and Computing at Indiana University, in a newly published paper.

"Unfortunately, there are no reporting requirements for the modern surveillance methods that make up the majority of law enforcement requests to service providers and telephone companies," Soghoian wrote. "As such, this surveillance largely occurs off the books, with no way for Congress or the general public to know the true scale of such activities."

Soghoian found through his research that law enforcement agencies requested more than 30,000 wiretaps between 1987 and 2009. But the scale of requests for stored communications appears to be much greater. Citing a New York Times story from 2006, Soghoian wrote that AOL was receiving 1,000 requests per month.

In 2009, Facebook told the news magazine Newsweek that it received 10 to 20 requests from police per day. Sprint received so many requests from law enforcement for mobile-phone location information that it overwhelmed its 110-person electronic surveillance team. It then set up a Web interface to give police direct access to users' location data, which was used more than 8 million times in one year, Soghoian wrote, citing a U.S. Court of Appeals judge.

Those sample figures indicate the real total number of requests is likely much, much higher, since U.S. law does not require reporting and companies are reluctant to voluntarily release the data.

"The reason for this widespread secrecy appears to be a fear that such information may scare users and give them reason to fear that their private information is not safe," Soghoian wrote.