What You Need To Know About The U.S. Government's Phone Surveillance Program With AT&T

The United States government and one of the country's largest telecom carriers are once again embroiled in a mass surveillance controversy that challenges the fundamental privacy safeguards for citizens. Earlier this month, in a letter addressed to Attorney General Merrick Garland, Oregon senator Ron Wydenm asked that details related to the Hemisphere phone surveillance program be made public.

The sketchy surveillance system allows "federal, state, local and Tribal law enforcement agencies to request searches of trillions of U.S. phone records, usually without warrants." The letter was first reported by WIRED, which also analyzed a White House memo revealing details of the Data Analytical Services (DAS) program, formerly known as the Hemisphere Project.

The White House reportedly injected $6 million into the program, but in secrecy, despite the fact that the program was not a "classified project" from a national security perspective. However, according to Senator Wyden, all records of the surveillance program were put behind the "Law Enforcement Sensitive" protection to ensure that they never make it to public knowledge.

"I have serious concerns about the legality of this surveillance program, and the materials provided by the DOJ contain troubling information that would justifiably outrage many Americans and other members of Congress," Wyden wrote in his letter. What's truly terrifying is the scale here, as law enforcement authorities have access to call records dating all the way back to 1987.

What's The Hemisphere Project?

As part of the Hemisphere project, AT&T receives "indirect" financial grants from the White House Office of National Drug Control Policy (ONDCP). But right from the start, there were red flags about its constitutional legality. Wyden says the program has skirted around the mandatory federal Privacy Impact Assessment due to its odd funding system.

As mentioned above, the ONDCP doesn't provide direct funding. Instead, it channels the money to a coalition of federal, state, and local law enforcement agencies that goes by the name Houston High Intensity Drug Trafficking Area (HIDTA). This body directly pays AT&T (no stranger to privacy controversies) to build a vast surveillance net spanning the entire country with little oversight.

The Houston HIDTA admitted to Wyden that despite their jurisdiction being limited to drug-related offenses, law enforcement agencies across the country can source phone call data from there, even in cases that have nothing to do with drug-related crimes, without a court warrant. Officially, agencies require a court order before they can dig into digital communication footprints like messaging app metadata and the email history of a suspect.

As for the call logs themselves, AT&T is reportedly saving four billion of them daily to its massive database. Details about the project obtained by the Drug Enforcement Administration (DEA) reportedly classify the system as "Google on Steroids" and "AT&T's Super Search Engine."

A vast scope

Interestingly, the program's existence was first leaked a decade ago, in 2013, at which point the Obama administration cut off its funding. Instead of shutting down, the program was simply renamed to the vague moniker of "Data Analytical Services" (DAS) and once again hidden from the public, after which it continued with alternate federal support. The ONDCP revived funding under the Trump Administration in 2017, paused it in 2021 during the Biden Administration, and discreetly resumed it in 2022.

In his letter (PDF), Wyden points out a few damning aspects of the Hemisphere Project. In addition to regular phone conversations between two people, the massive dragnet surveillance system also entails " communications on behalf of other communications companies and their customers." But it's really the outstretched web of monitoring that seems to be the worst offender here.

AT&T's surveillance system is said to follow a two-tiered approach, which means it not only keeps a log of the caller's details but also everyone on the other end, despite them having no suspicious links to any kind of legal offense. Moreover, the Hemisphere project can identify when a suspect starts using an alternate phone number and even find their location. All authorities need to go snooping is a subpoena, which law enforcement agencies can get without much trouble.

AT&T's tech support

In 2013, based on leaked documents, The New York Times published a synopsis of the Hemisphere Project, revealing slides about the surveillance program's operational tactics. Labeled as an "unclassified program" in the deck, it allows an official to obtain call detail records (CDRs) that can be as recent as one hour, including international calls, so long as the call took place on AT&T networks, according to The Washington Post.

The database also logs network roaming details, which means using the network ping, an official can track down the city and state for a particular call session. As of 2013, AT&T had developed algorithmic systems and chain analysis tools, delivering features like "Dropped Phones," which allows law enforcement agencies to find when a suspect starts using a burner device.

Hemisphere can tap into AT&T's telecommunication switches, which manage phone calls and include data from various carriers due to shared use of AT&T's infrastructure. In 2012, the program started logging more identifier details like a device IMSI and IMEI number for AT&T customers.

The project gained attention during controversies over the NSA's mass collection of citizens' phone records. In the aftermath, the Electronic Frontier Foundation launched lawsuits and FOIA requests for further details on Hemisphere, targeting both the Drug Enforcement Administration and the California State Attorney General. 

History of access and abuse

In 2017, The Daily Beast got its hands on a trove of internal AT&T data that revealed how the Hemisphere Project was being utilized for more than just drug-related investigations. "Hemisphere isn't a 'partnership' but rather a product AT&T developed, marketed, and sold at a cost of millions of dollars per year to taxpayers. No warrant is required to make use of the company's massive trove of data," says the report. Two agencies that used The Hemisphere Project, which started in 2007, most frequently are the Department of Homeland Security (DHS) and the Drug Enforcement Administration (DEA), as per the documents.

The telecom giant is said to possess over 75% of the landline switches in the U.S., along with the second largest portion of the country's wireless infrastructure and cellphone towers. Its collaboration with the government for surveillance efforts began as early as 2003, with close ties to the NSA. Sheriff and police departments reportedly spend between $100,000 and over $1 million annually to access the Hemisphere database. A report (PDF) published by the Justice Department inspector general confirmed that AT&T provided call log details to the DEA as of 2019.

But the roots of such shady surveillance programs, especially those involving the DEA, go way back. In 2015, USA Today revealed that since 1992, for over 20 years, the DEA and Justice Department had compiled records of nearly all phone calls from the USA to up to 116 countries associated with drug trafficking. 

What next for US citizen?

Following Wyden's letter, the Electronic Privacy Information Center has urged Congress to end the program. "The Data Analytical Services, or Hemisphere, program is just the latest example of the U.S. government's warrantless surveillance of Americans," said EPIC's executive director Alan Butler. The privacy-focused non-profit EPIC focused on several issues: the lack of judicial oversight, the collection of trillions of phone records, the tracking of location data, the extensive use by law enforcement, the absence of a privacy impact assessment, and the intentional secrecy surrounding these practices.

Organizations like EPIC are banking on the Government Surveillance Reform Act for such unmitigated surveillance programs where the privacy of innocent civilians is at risk. Then, there's the question of legal loopholes that allow secretive funding of such programs. 

On the other end of the debate, the EFF is fighting for the non-renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA), which enables the government to hold a vast collection of communications involving U.S. individuals with people abroad. Domestic law enforcement agencies increasingly and routinely examine the U.S. portion of these digital exchanges without a warrant.