txtmob gets subpoenaed - data retention in the surveillance era

Tad’s TxtMob has been subpoenaed by the new york police department demanding the records of everybody using the service during the RNC protests in 2004. I got to know Tad through our collaboration on various projects related to activism and emerging telephony. I even poked around and did a little work on the txtmob code.

All that is to say, i know a thing or two about the background, how txtmob works, and issues of data retention and privacy. Nothing i’m saying here is based on privileged information you can’t get from reading the source.

The reality is today, we live in a world where much more information about our daily lives are collected than ever before. There is this scary nightmare scenario, the corporations / state know where everybody is all the time, what they are doing, who they talk to, etc… Most of the time this information is being used for marketing sell more stuff. While it’s slimy, it’s not really evil. What happens when the state starts to use the same information to suppress free speech and dissent, things get much more serious.

This is nothing new, things evolve, but it’s a world we’ve been dealing with for a while. Years ago there was one phone company, they had records of everything, you couldn’t know if somebody accessed your records because the phone company wouldn’t tell you. With the internet, and now emerging voip / open source telephony, the ability to run your own telecommunications infrastructure has emerged.

The work of the anarchist geek community for the last decade or so has been to build this autonomous infrastructure. Indymedia’s been a big part of this task, to create a privacy enhanced participatory media network. Another has been blasterisk an asterisk based phone system with dial in numbers around world for activists to use to make phone calls and do international coordination. For email there is riseup which provides email hosting and mailinglists for hundreds of thousands of activists. Social networking tools for collaboration and organizing, crabgrass. My own, protest.net, a calendaring service, etc… While txtmob has been compared to twitter, txtmob predates twitter and was very explicitly talked about as a model to be copied / learned from in the creation of twitter.

What all of these services have in common is they are providing critical infrastructure to social movements and they take privacy seriously. New tools have been build to allow for making privacy easy.

Txtmob is included in those sites because it does things right. First when you delete your account, remove your phone number, etc… it really does remove it. No record left of your messages, your login, your phone number. Secondly txtmob does not use a short code, nor is there a legal agreement between txtmob and the carriers. Rather txtmob uses the path of least resistance to deliver messages, finding holes and cracks in the sms system to let messages pour through. Tracking txtmob messages is more like tracking p2p traffic than the american idol voting via sms. This not following the rules is probably why the NYPD went to txtmob instead of the carriers. The data is many places, but txtmob is the easy place to get it, if it’s there.

The task of going to the carriers or the NSA to get the txtmob data is much harder than getting it directly from the source. First it’s a HUGE data mining task. It’d involve using something like hadoop or google’s map/reduce to load up the data, and then tracking down a few thousand sms’s out of a stream of trillions. Most of the time operators are lazy, it’s easy to get them to comply with even questionably legal orders for data, my employer is a great example. Service providers tend to log MUCH more data than they need, in the name of security, potential datamining, etc. If we don’t have that data, then we are both able to follow the law, and protect our users.

() It’s worth noting, that there are new EU rules / laws which require extensive data retention. It’s much worse than the situation in the US. So much for the EU being concerned about privacy.