There’s been chatter in the air for years about phone records and metadata, ever since civil rights advocates sued the NSA over its massive record-retention program back in 2013. But new documents highlight that while federal surveillance might be sweeping, it’s got nothing on the scope of the private sector — and that selling data to investigators can be a profitable side-business.
The Daily Beast published new documents today showing that not only does AT&T collect and retain a staggering amount of data on everything that happens in its network, but also that it has formed partnerships with law enforcement agencies all around the country to sell access to that database for as much as a million dollars per year.
What’s at play here is phone metadata — not recordings of calls, or the content of texts, but rather the who, what, when, and where of communication. AT&T may not know what you and John Doe talked about for 15 minutes on June 2, 27 minutes on June 7, and 3 minutes on June 8, but they know that you and he communicated for those lengths of time on those dates, and how many texts were sent between your phone numbers in the same period of time.
Put that together with cell phone location data, and you can paint a detailed picture of someone’s activities and actions — a digital trail to be stalked long after any calls are made.
AT&T’s database of cell tower location data goes back until July, 2008 and appears to have no deletion or retention end policy. Verizon, in contrast, keeps records for 12 months and Sprint for 18, according to The Daily Beast. Meanwhile, AT&T has about 142 million wireless customers in the U.S. and Mexico. But the data isn’t only on their customers; it would include information about any other phone customer — wired or landline — who has contact with AT&T customers. AT&T also still owns more than 75% of the landline switches in the U.S.
In short, the scale is mind-numbingly enormous; AT&T holds trillions of records.
Granted, it’s not exactly new news that AT&T is totally happy to help with surveillance. The New York Times reported on Hemisphere as far back as 2013, writing that for at least six years — so, back to 2007 — AT&T had been in a partnership with anti-narcotics law enforcement to provide massive amounts of data from decades’ worth of Americans’ calls.
On top of that, leaked documents obtained from the NSA back in 2015 showed that AT&T was amenable to working with the feds in a corporate partnership. The company, described at the time under the code name Fairview, was singled out as “highly collaborative” and displaying “an extreme willingness to help,” above and beyond that found with other communications companies.
But what is a new revelation is the fact that with Hemisphere, AT&T acts not just in response to warrants or subpoenas, but actually voluntarily mines its troves of data and sells that information.
Law enforcement bureaus — sheriff and police departments — pay six-figure or seven-figure sums annually to AT&T for Hemisphere access, the Daily Beast reports. Harris County, Texas — where Houston sits — paid AT&T just over $77,000 for Hemisphere access in 2007; by 2011, the county was paying $940,000.
An AT&T representative told the Daily Beast that AT&T behaves like any other telecommunications company, saying, “if a government agency seeks customer call records through a subpoena, court order or other mandatory legal process, we are required by law to provide this non-content information, such as the phone numbers and the date and time of calls.”
Which is true, as far as it goes; all phone companies have to provide records when they’re on the receiving end of a warrant or court order. (Anyone who’s watched enough Law and Order probably feels like they know that.) But the AT&T documents obtained by the Daily Beast say that the company doesn’t need a specific warrant from investigators in order to provide records from Hemisphere. Instead, AT&T only requires something called an administrative subpoena — a kind of authority Congress grants to some federal agencies allowing them to demand “compelling document production or testimony” in the course of an investigation. The DEA has had that authority since 1970.
An ACLU technology policy expert told the Daily Beast that AT&T was being pretty misleading about Hemisphere. “Companies have to give this data to law enforcement upon request, if they have it,” he agreed, but “AT&T doesn’t have to data-mine its database to help police come up with new numbers to investigate.”
“It’s like that line, ‘if you build it, they will come,” he continued to the Daily Beast. “Once a company creates a huge surveillance apparatus like this and provides it to law enforcement, they then have to provide it whenever the government asks. They’ve developed this massive program and of course they’re going to sell it to as many people as possible.”
AT&T, however, is eager to keep its participation secret even while AT&T employees, acting on behalf of law enforcement clients, are the ones who find, analyze, and present the data that police use. So if all that data it’s mined leads to a case moving forward, or a suspect in a crime being arrested, that leaves police in something of a pickle: they have to find a way to use the evidence, and share its provenance with a criminal defendant and their legal team, without revealing that Hemisphere exists.
That leads to something called parallel construction: to get a piece of evidence, without actually using it from the way you got it, you have to go back and reconstruct the case to find another, alternate way to get it.
So if phone records from AT&T show, for example, that Suspect John Doe makes a phone call to Suspect Jane Doe every day from a certain location, but you can’t use the phone records, then you might apply good old-fashioned gumshoe legwork and have a detective follow Suspect John Doe in that place at that time, to obtain the evidence that way and thus prove it exists without revealing the participation of AT&T or the existence of Project Hemisphere.
An attorney with the EFF told the Daily Beast that if that feels backwards to you, well, you’re right. “This document here is striking,” he told the Daily Beast. “I’ve seen documents produced by the government regarding Hemisphere, but this is the first time I’ve seen an AT&T document which requires parallel construction in a service to government. It’s very troubling and not the way law enforcement should work in this country.”
AT&T Is Spying on Americans for Profit, New Documents Reveal [The Daily Beast]