Yesterday, Rep. Ed Markey (D-MA) revealed that federal, state and local law enforcement agencies have made an astounding 1.3 million demands for user cell phone data in the last year, “seeking text messages, caller locations and other information.” The New York Times called the new findings proof of “an explosion in cellphone surveillance” in the United States—much of it done without a warrant. Worse, the eye-popping figure is actually a significant underestimate; the actual number is “almost certainly much higher" than reported, according to the Times:

Because of incomplete record-keeping, the total number of law enforcement requests last year was almost certainly much higher than the 1.3 million the carriers reported to Mr. Markey. Also, the total number of people whose customer information was turned over could be several times higher than the number of requests because a single request often involves multiple callers. For instance, when a police agency asks for a cell tower “dump” for data on subscribers who were near a tower during a certain period of time, it may get back hundreds or even thousands of names.

This information comes on the heels of an ACLU report showing over 200 local law enforcement agencies admitted to regularly demanding cell phone location data from companies with little or no court oversight. The lack of court oversight is all the more disturbing considering we now know:

“AT&T alone now responds to 230 emergency requests a day nationwide — triple the number it fielded in 2007.”

Sprint alone processed more the 500,000 requests last year, in which only a subpoena was used.

A third party company called Neustar handles law enforcement compliance for about 400 phone and Internet companies.

It is a recipe for a privacy disaster. It's now clear cell phone companies and Congress have to work together on two things:

1. Cell phone companies need to start releasing regular, transparency reports like Google and Twitter.

The release of this information by cell phone companies (the individual responses can be found here) was a step in the right direction, given how secretive they have been with this data in the past. In fact, previously we had virtually no idea on how many requests they receive—only a couple individual examples in the past five years. Unfortunately, the companies have been so opposed to transparency reports, they lobbied to block a requirement in the California legislature.

Given how much information has been requested on millions of cell phone users, and how long companies keep that information, these companies need to release regular transparency reports. Wired’s David Kravets wrote an open letter to the major carriers asking for the same last month. Customers have the right to know how many requests governments make each year, what type of court oversight they have (i.e. do they have a warrant), and how many are complied with.

Remember, the type of information law enforcement is requesting is kept by the phone companies for years at a time. A previous ACLU Freedom of Information Act request revealed, “Verizon keeps that data on a one-year rolling basis; T-Mobile for ‘a year or more;’ Sprint up to two years, and AT&T indefinitely.” The companies themselves should publish the current numbers and set much shorter limits on data retention to ensure customers’ private information stays protected.

2. Congress immediately needs to pass legislation requiring a warrant for GPS location information.

The cell phone company numbers also show vital it is that Congress immediately step in and pass robust privacy legislation mandating a warrant for cell phone subscriber, cell tower and GPS data. Remember this data is extremely precise, as your cell phone sends your location back to cell phone towers every seven seconds—whether you are using your phone or not—giving police a virtual map of where you are 24/7. As the DC Circuit explained in 2010, a map of one’s travels can reveal the most intimate details of one’s life:

“[a] person who knows all of another’s travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups—and not just one such fact about a person, but all such facts.”

EFF believes the Fourth Amendment protects cell location information, and though the Supreme Court has not directly ruled on the subject, many federal courts have agreed. The Supreme Court also held earlier this year that police need a warrant to attach at GPS device to a car.

Commendably, Mr. Markey told the New York Times that he and other members of Congress are working on legislation that would draw a clearer line on how the police can get access to such data. Mr. Markey likened the requests to “digital dragnets” and said, “There’s a real danger we’ve already crossed the line”.

In April, the House held a hearing on a bill that would require a warrant for location data, which EFF believes is sorely needed.

We hope this news will also cause the Obama administration to stand up for privacy and drop their objections to such law. They have previously argued before Congress that it’s “burdensome” to require law enforcement to get a warrant for such personal information. EFF believes they should be standing up for the Constitution and the Fourth Amendment instead.