November 7, 2013 / by emptywheel

 

Did CIA Take Its Phone Dragnet Business to AT&T When FISC Enforced the Rules?

One important takeaway from Charlie Savage’s report that the CIA pays AT&T $10 million for phone records to hunt (the story goes, though I don’t buy it) terrorists is that CIA can replicate part of what the NSA’s phone dragnet does by working with just one company.

The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.

[snip]

Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity of the Americans and “masks” several digits of their phone numbers, the officials said.

Still, the agency can refer such masked numbers to the F.B.I., which can issue an administrative subpoena requiring AT&T to provide the uncensored data.

Granted, this program primarily gets foreign and only with minimization foreign to US call records (the Section 215 dragnet gets foreign to US and US to US, but we know from some of the 2009 violations that it also collects foreign to foreign under other programs). AT&T’s switches may not carry enough of the domestic traffic to provide US to US calls. But it does seem to accomplish what the I Con say is the primary purpose of the phone dragnet: to identify if Americans are talking to terrorists overseas and if so, who they are.

Interestingly, the story suggests that CIA has its own program because it is more efficient — precisely the reason NSA says it needs its own database.

The C.I.A. program appears to duplicate work performed by the N.S.A. But a senior American intelligence official, while declining to address whether the AT&T alliance exists, suggested that it would be rational for the C.I.A. to have its own program to check calling patterns linked to overseas terrorism suspects.

With on-the-ground operatives abroad seeking to disrupt terrorist activities in “time-sensitive threat situations,” the official said, the C.I.A. requires “a certain speed, agility and tactical responsiveness that differs” from that of other agencies. “That need to act without delay is often best met when C.I.A. has developed its own capabilities to lawfully acquire necessary foreign intelligence information,” the official said. [my emphasis]

If AT&T is so efficient at this function, then why can’t the NSA just rely on it?

Though it’s not clear whether AT&T offers more speed to CIA because CIA can get it directly, without having to go through oversight mechanisms the NSA must comply with, or because AT&T is just quicker than the NSA.

The few details about the history of the program may provide a hint.

The history of the C.I.A. program remains murky. It began sometime before 2010, and was stopped at some point but then was resumed, according to the officials.

“Sometime before 2010” may well be 2009, when Judge Walton stopped the practice by which both FBI and CIA were accessing phone dragnet results directly. That is, what we may be seeing is CIA replicating its own program, without FISA oversight, in response to losing more direct access under a program inadequately overseen (before 2009) by FISC.

Finally, let’s go back to the claim that CIA uses this solely to find terrorists. In his no comment comment in the story, CIA spokesperson Dean Boyd reminds that CIA also serves a counterintelligence function. So at a minimum, I’d be they’re using this to find potential spies in the US, in addition to terrorists.

But CIA’s mission is far broader than terrorism. And the phone dragnet program is limited — if however expansively — to use with counterterrorism targets. So one other reason CIA may do this (and probably FBI and NSA, in their own forms) is to target other kinds of targets.

Note, too, that by having AT&T do this analysis rather than NSA, CIA may also be able to conduct kinds of analysis on the call records that NSA can’t do with the phone dragnet (though the 2009 files make it clear it can with its non Section 215 collection).

At the very least, this story presents new challenges to I Con claims that it can’t accomplish its objectives without holding a database of every phone based relationship in the US.

But it also reminds us that the spooks will find other ways of getting the information they want, many of which have even less oversight than the phone dragnet.

Copyright © 2013 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2013/11/07/did-cia-take-its-phone-dragnet-business-to-att-when-fisc-enforced-the-rules/