Since then he's exposed security and privacy vulnerabilities in , Facebook, and . In August, . In short, the man knows his stuff.

Sprint's reply: Yes, , but that number includes all "pings" it delivered. Since each person who was tracked might generate thousands of pings over a period of surveillance (up to one every three minutes), the actual number of people tracked was far lower. The number also includes e911 calls and other instances where law enforcement officials were trying to locate a person in peril.

Still, that's a hell of a lot of pings. And that doesn't even scratch the surface of what telecoms will spill when Johnny Law comes a knockin'.

The same Sprint manager revealed that Sprint has about 110 full-time staffers dedicated to fulfilling government requests for calling, texting, Web surfing, and geolocation data about its customers. But that's not even the main reason they store all this data. Per Taylor:

On the Sprint 3G network... If [the handset uses] the [WAP] Media Access Gateway, we have the URL history for 24 months ... We don't store it because law enforcement asks us to store it, we store it because when we launched 3G in 2001 or so, we thought we were going to bill by the megabyte ... but ultimately, that's why we store the data ... It's because marketing wants to rifle through the data.