AT&T Secret For-Profit Spy Program Rakes in Millions

AT&T Secret For-Profit Spy Program Rakes in Millions

AT&T reportedly has been running a massive secret spying program—funded by tens of millions in taxpayer money—for state and local law enforcement agencies to conduct warrantless searches of trillions of call records and other customer metadata, such as precise physical location.

The Daily Beast has released details of “Project Hemisphere”—a program first revealed in 2013 by the New York Times. The Times described it as a “partnership” between AT&T and the US government used “prudently” in the war on drugs and other investigations into homicide, Medicaid fraud and the like. It was at the time deployed at three DEA centers in the US.

The Daily Beast reports that AT&T’s own documentation shows that Project Hemisphere is much more broad-ranging today. It is used in at least 28 intelligence centers across the country, which are staffed by federal agents as well as local law enforcement. Analysis is done by AT&T employees on behalf of law enforcement clients through these intelligence centers, but performed at another location in the area. At no point does law enforcement directly access AT&T’s data.

Municipalities pay for the service, but the federal government reimburses them for the expense. And it’s not cheap: Law enforcement agencies pay anywhere from $100,000 to $1 million per year.

“The for-profit spying program that these documents detail is more terrifying than the illegal NSA surveillance programs that Edward Snowden exposed,” said Evan Greer, campaign director at digital rights group Fight for the Future, via email. “Far beyond the NSA and FBI, these tools are accessible to a wide range of law enforcement officers including local police, without a warrant, as long as they pay up.”

AT&T spokesperson Fletcher Cook told The Daily Beast there is “no special database,” but rather that it is selling a managed analysis service.

“Like other communications companies, if a government agency seeks customer call records through a subpoena, court order or other mandatory legal process, we are required by law to provide this non-content information, such as the phone numbers and the date and time of calls,” Cook said.

The Daily Beast said that the AT&T documents specifically indicate that law enforcement doesn’t need a search warrant to use Project Hemisphere, just an administrative subpoena, which does not require probable cause. And there’s a legal precedent to protect it from liability: The Supreme Court ruled in 1979’s Smith v. Maryland that “non-content” metadata such as phone records were like an address written on an envelope, and phone customers had no reasonable expectation that it would be kept private.

But some say that characterizing the program on those terms is disingenuous, considering that AT&T is collecting information on an ongoing manner on millions of its customers. The New York Times reported that for Project Hemisphere, AT&T stores details for every call, text message, Skype chat, or other communication that has passed through its infrastructure, retaining many records dating back to 1987.

“Customers trusted AT&T with some of their most private information, and the company turned around and literally built a product to sell that information to as many government agencies and police departments as they could,” Greer said. “Not only did they fail to have any safeguards to prevent unauthorized use of the data, they actually required law enforcement to keep the program secret and dig up or fabricate other evidence, to hide the fact that they’d received information from AT&T.”

AT&T isn’t the only giant company to be accused of secret spying. Nearly 50 US House representatives from 27 different states are asking for clarification from officials around reports that Yahoo! created a specialized spy program to scan email messages for certain trigger phrases. A Reuters report Oct. 4 cited unnamed sources as confirming that the web giant was surveilling user inboxes on behalf of law enforcement—likely either the National Security Agency or the Federal Bureau of Investigation, according to the sources—via an adaptation to its spam filter.

Photo © Tashatuvango

Source: Information Security Magazine