Recently released records of mobile carriers' data retention policies have caused a stir among privacy advocates as it was revealed that leading telecommunications companies may be holding on to sensitive client information for years at a time.
A Department of Justice document, entitled Retention Periods of major Cellular Service Providers, was recently published Wired Magazine. The single-page brief was intended as a guide for law enforcement agencies conducting surveillance investigations. The document outlines the data retention protocols of AT&T, Verizon, Sprint, Nextel, Virgin Mobile and T-Mobile as related to customer IP addresses, call logs, text messages and web surfing habits.
"When any company retains data for a long period of time it opens them up to problems and potential abuses," consumer privacy advocate Beth Givens told Digital Trends. "And those problems include data breaches and of course excessive or inappropriate uses by law enforcement."
While civil liberties advocates and other concerned parties are already citing this data as possible evidence of unlawful surveillance, others are reserving judgment.
"I don't think there is anything on [the document] the government would concede requires a warrant," Electronic Frontier Foundation attorney Kevin Bankston told Wired. "This brings cellular retention practices out of the shadows, so we can have a rational discussion about how the law needs to be changed when it comes to the privacy of our records."
Politics aside, the discrepancies between the data retention policies of leading carriers is still worth noting. For instance, Virgin Mobile retains text message information for two to three months whereas AT&T holds on to comparable information for five to seven years. And while several providers do not store IP session information, Verizon retains this data for one rolling year.
Regardless of how authorities choose to use this data, the real threat may come from the cybercriminal community.
"It's only a matter of time before we experience a data breach at a wireless carrier," security expert Tim Keanini told TechNewsWorld. "It's really inevitable when you consider how much this kind of data is worth to cybercriminals."
Consumers would be wise to respect the gravity of data security concerns and take the necessary precautions. Employing complex password protection on smartphones and keeping malware protection installed and up-to-date will greatly reduce breach potential. But as more consumer devices make their way into the workplace, IT managers may also need to take action with more advanced strategies such as data wiping and application market regulation.
Data Security News from SimplySecurity.com by Trend Micro