In the last year alone, Sprint turned over users' GPS data to authorities 8 million times. While that number is misleadingly high—this could translate to under a thousand individual users—it's still terrifying. But wait, it gets even better!
There are convincing arguments to be made for law enforcement agencies' access to location data, like in missing person cases, kidnappings or maybe fugitive situations. It just seems like it ought to be a little more mediated than this:
[At the Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering conference] Sprint Nextel's electronic surveillance manager Paul Taylor described an automated system that law enforcement could use to easily look up subscriber whereabouts.
They can submit a request for a particular user's location up to every three minutes, for a period of 60 days, which accounts for the 8 million figure. What else does Sprint collect about you, for sharing?
Sprint keeps 24 months worth of URL history for some devices and that's not even because of law enforcement. "It's because marketing wants to rifle through the data," [Taylor] said.
The marketing data retention sounds like the kind of thing you might unknowingly sign off on in some kind of unintelligible user agreement, and the location stuff could conceivably be used only in palatable ways (if you broadly consider warranted wiretapping palatable) but they're both reminders that your telco—no, this isn't just Sprint's issue—knows a lot about you. Or, more to the point, that the average cellphone user has no idea how much data their wireless provider is collecting (or can collect) from them, and specifically, how it's used.