For the past year, the ACLU has been gathering information on local law enforcement agencies’ use of cell phone location tracking. (We’ve written about what we’ve learned here, here, here, here, and here.) In addition to everything we’ve discovered about location tracking itself, we’ve also learned about a number of other techniques law enforcement and the telcos can use when they work together. Sometimes the information came to light because, as with this telecom data retention chart, the information on the other techniques was mingled with the information on cell phone location tracking. Sometimes it was because law enforcement agencies misunderstood our public records requests and sent us everything they had related to telephones.

For example, we received a Verizon form from Pittsfield, Mass. that law enforcement could use, among other things, to request a “Voicemail Pass Code Reset” in the case of “immediate danger of death or serious physical injury to a person.” We do believe that there are certain emergency situations, for example to locate a missing person, where using cell phone information without a warrant is okay. Also, one of the biggest problems with cell phone location tracking is that it is completely surreptitious—unless location information is introduced in a criminal case, an individual rarely learns that he or she was tracked—but in the case of a changed voicemail password, it would become pretty obvious pretty quickly. Dude, I can’t access my voicemail.

T-Mobile documents we received from Irvine, Calif. demonstrate that law enforcement is not just asking for voicemail password resets in emergencies, but also in investigations, and that Verizon is not the only provider capable of handling such requests. The documents show that T-Mobile offers several options to officers interested in voicemail:

The Voicemail PIN Reset. T-Mobile notes that “once changed, the PIN cannot be reset to the original PIN . . . Be aware that this action will potentially alert the subscriber to activity on his voicemail account.”

Copying of existing messages to a separate account. “A dial-in number and PIN for the separate account will be provided to law enforcement, and law enforcement may review, save, or delete any message in that account without the subscriber's knowledge.” This technique has its downside for investigators, too—moved voicemails are date/time-stamped with the date/time they were moved, not with the date/time they were received, decreasing their evidentiary value. T-Mobile will provide access to this information not only with a warrant but also with a lesser court order (the manual does not specify what kind). That means law enforcement might be able to access your voicemail on less than a “A dial-in number and PIN for the separate account will be provided to law enforcement, and law enforcement may review, save, or delete any message in that account without the subscriber's knowledge.” This technique has its downside for investigators, too—moved voicemails are date/time-stamped with the date/time they were moved, not with the date/time they were received, decreasing their evidentiary value. T-Mobile will provide access to this information not only with a warrant but also with a lesser court order (the manual does not specify what kind). That means law enforcement might be able to access your voicemail on less than a probable cause standard. (We don’t know what other carriers’ policies are on this.)

Voicemail “cloning.” This involves “duplicating each incoming voice message left for the targeted subscriber. A twin message is simultaneously deposited in a special mailbox assigned to the designated investigating agency.” This provides real-time access to voicemail, ensures that date/time-stamps are recorded accurately, and does not alert the subscriber to the monitoring. Unlike with access to existing messages, T-Mobile requires law enforcement to obtain a This involves “duplicating each incoming voice message left for the targeted subscriber. A twin message is simultaneously deposited in a special mailbox assigned to the designated investigating agency.” This provides real-time access to voicemail, ensures that date/time-stamps are recorded accurately, and does not alert the subscriber to the monitoring. Unlike with access to existing messages, T-Mobile requires law enforcement to obtain a wiretap order in order to get one of these cloned mailboxes.

Other techniques for accessing a subscriber’s phone account are also available to law enforcement. According to a Qwest document we received from Omaha, Neb., the company’s Emergency Response Center can, in emergency situations, limit a phone line to incoming calls only and can also change the subscriber's telephone number.

If all this makes you nostalgic for a good, old-fashioned landline, think again. Verizon has the ability to:

Change the number for a landline too and give the new number only to law enforcement.

Set an account so that if someone picks up a landline to call out, it automatically dials a designated law enforcement number—and no one else.

Prevent all outgoing calls or do various things to force a number out of service—from straight-up interrupting a call to sending a 3-decibel sound on the phone line to irritate the caller so he/she hangs up.

Apparently Verizon will do these techniques for any law enforcement agent who provides the phone number and address for the target phone and his or her own name, dispatch number, and contact information. There is no court oversight over these functions.

The vast majority of law enforcement agents are good public servants who want to do the right thing and keep us safe, but our history is strewn with examples of individual law enforcement agents—and sometimes entire law enforcement agencies—who abused their power to the detriment of individuals’ liberty. It is for that reason that, as technology gets smarter and smarter, we need to make sure that legal protections keep pace.