Why carriers keep your data longer

Your wireless carrier knows where you are as you read this on your phone — otherwise, it couldn’t connect your phone in the first place.

But your wireless carrier also has a memory. It knows where you took your phone in the last hour, the last week, the last month, the last year — and maybe even the last five years.

That gives it an enormous warehouse of data on your whereabouts that can help your wireless carrier fix coverage gaps while revealing much more. Depending on the density of cell sites around you at any one point, the location data triangulated from them can not only highlight your home and office, but also point to the bars you frequented, the houses at which you spent the night and the offices of therapists you visited.

This intersection of a business necessity and historical habit bashes into a key precedent of both privacy best practices and such laws as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act: data minimization.

That is, collect and keep no more data than you need for a business purpose. The less personal information you have squirreled away on your servers, the less remains at risk in the event of a data breach exposing some of this stash, management turnover putting privacy-apathetic leadership in charge or an overly broad law-enforcement query mandating its exposure.

Image via Getty Images / Photographer is my life

A multiple-choice quiz

This concept traditionally gets talked about as a Nice Thing We Can’t Have — companies will collect as much data as their data centers can accommodate, leaving customers unable to vote with their wallets for a privacy-optimized vendor.

But in the reality of wireless phone service, things are only half as bleak. That is, while the big four carriers do vary significantly in how long they retain your cell-site location history, they don’t disclose this, leaving customers ill-equipped to vote with their wallets.

Because AT&T, Sprint, T-Mobile and Verizon (disclosure: the parent firm of TechCrunch) don’t disclose how long they retain the location history generated by their transmitters, I had to ask. And the responses varied enormously:

  • AT&T: five years
  • Sprint: 18 months
  • T-Mobile: two years
  • Verizon: one year

These are important distinctions, even after the Supreme Court’s June 2018 ruling in Carpenter v. United States that historical cell-site location information cannot be disclosed to law-enforcement authorities without a warrant.

The last time it appears all four carriers documented their retention periods — letters sent to Sen. Ed Markey (D.-Mass.) in 2013 in response to a round of queries from his office — all cited the same retention periods except T-Mobile. Back then, T-Mobile said it kept historical cell-site location data for just 180 days.

The big four carriers are in the clear because the law doesn’t clearly require them to keep this data for any period of time.

Electronic Frontier Foundation surveillance litigation director Jennifer Lynch and American Civil Liberties Union staff attorney Nathan Freed Wessler separately said that carriers don’t have to keep this data at all.

“As far as the regulations are concerned, the carriers could retain that information for 1 minute or 100 years,” Wessler wrote in an email.

A Federal Communications Commission rule does require phone carriers to retain certain billing records for 18 months, and Georgia Tech law professor Peter Swire suggested that could compel carriers to keep cell-site location data for the same time.

Wessler and Lynch both brushed aside that reading; Lynch, for instance, said location history would only fall under this regulation if carriers determined that it was necessary for accurate billing.

Image via Getty Images / Nora Carol Photography

Business cases

But if the law leaves wireless carriers free to choose retention periods, business imperatives may not — as Lynch said, “I would suspect each has its own business reasons for how long they hold on to the data.”

Monitoring network performance is the biggest reason to keep this data.

“You can’t ensure a good end-user experience without having an understanding of where those users spend time and how they move around on the network,” said Brendan Gill, president of the network-surveying firm OpenSignal, in an email forwarded by a publicist.

And that data remains useful for a while, he added: “The argument for retaining historical data is that some events/activities only happen periodically — like seasonal effects/storms, or major entertainment or sporting events — so if you want to forecast, you need that data.”

Another industry analyst said your utility for keeping it declines after 18 months.

“From a network perspective, one year gives you just barely a year-over-year comparison,” said Roger Entner, founder of Recon Analytics. “Ideally, if you want to do a year-to-year comparison of how your traffic on your network changed, you’d want to do a year and a half.”

He suggested that AT&T’s industry-leading retention reflected not that company’s fondness for the surveillance state — a frequent topic of criticism in many tech-privacy circles — but the Dallas firm’s habit of analyzing itself and its customers in detail.

“One of the big differences between AT&T and the other carriers is, they are heavily into big data and heavily into big-data analysis,” Entner said. “For example, every VP within AT&T has a data analytics team attached to him — or almost every VP.”

AT&T itself did not explain why it chose this retention period, but the other three did not answer the same question either.

As for commercial reuses of this historical data, Wessler noted that the Telecommunications Act prohibits such sale or sharing without explicit customer consent — although you could interpret that as only covering location data generated during calls. The big four have all gotten caught selling access to real-time location data, although they’ve since pledged to end that.

Finally, from the perspective of reducing the potential risk of a data breach, holding onto this data for less time should make business sense.

“Companies around the world typically oppose any mandatory data retention laws, which would require that they artificially extend how long they hold on to sensitive data beyond what they need for business purposes,” emailed Amie Stepanovich, U.S. policy manager for the advocacy group Access Now.

There’s also the privacy rationale.

EFF’s Lynch wrote: “Because cell phone location data can reveal such sensitive and private information about individuals — where and with whom we live, socialize, visit, vacation, worship, etc. — and because that data only becomes more revealing the longer it’s retained — carriers should retain this data for as little time as absolutely necessary to provide their services to customers.”

Image via Getty Images / Andriy Onufriyenko

When carriers retain their own retention periods

But the bigger mystery here is why none of these firms document these retention periods on either their privacy policies (AT&T, Sprint, T-Mobile, Verizon) or transparency reports (AT&T, Sprint, T-Mobile, Verizon). All four declined to explain that, too.

The wireless-industry trade group CTIA’s best practices for providers of location-based services call for both data minimization and transparency about retention periods.

“LBS Providers should retain user location information only as long as business needs require, and then must destroy or render unreadable such information on disposal,” the guidelines state. “LBS Providers must inform users how long any location information will be retained, if at all.”

Privacy advocates consistently ask companies to humblebrag when they don’t indulge in data maximization— as Georgetown University Center on Privacy and Technology executive director Laura Moy said in a South By Southwest talk about location privacy this March, “When companies decline to collect that information for privacy-protecting reasons, they ought to be public about it.”

Lynch stayed on the same page: “In all cases, they should be informing customers about these retention periods as part of their annual or biannual transparency reports.”

Instead, the wireless carriers are engaging in the polar opposite of, say, Apple, which has made a habit out of documenting its privacy-preserving features.

(Some wireless resellers may tout their own unwillingness to disclose location history — for example, Credo Mobile’s privacy policy declares that this Verizon reseller “does not receive, store, or assign precise handset location information, handset IP addresses, or logs of websites visited by your phone” — but the underlying carrier does get and keep that data. Credo spokesman Josh Nelson declined to comment, emailing “We’re going to pass on this.”)

That leaves privacy-minded customers either under-informed or having to rely on information that could change without notice or documentation.

“In general the minimal competition in the U.S. telco sector creates few incentives for companies to adhere to what may otherwise be best practices, the very first step of which would be to publish information on what data is collected on users and how long it’s stored,” Access’s Stepanovich griped.

And if customers don’t get the information needed to choose services accordingly, nothing else seems likely to push wireless carriers to keep less rather than more data. The words Sen. Ron Wyden (D.-Ore.) said at an event hosted by the Center for Democracy & Technology in October 2017 remain unfortunately relevant: “Our citizens can’t count on the friction created by the limits of technology or government resources.”

We can only depend on the kindness of large telecommunications companies. Good luck with that.