AT&T Pulled Cell Location for Its “Mobility Cell Data”

ProPublica and NYT have an important story that confirms what we’ve long known — that AT&T, operating under the Fairview program — is all too happy to do business with the NSA. As part of the story, they note that in 2011, AT&T started providing cell data to NSA under the BR FISA program.

In 2011, AT&T began handing over 1.1 billion domestic cellphone calling records a day to the NSA after “a push to get this flow operational prior to the tenth anniversary of 9/11,” according to an internal agency newsletter. This revelation is striking because after Snowden disclosed the program of collecting the records of Americans’ phone calls, intelligence officials told reporters that, for technical reasons, it consisted mostly of landline phone records.

They base the claim on this document, which reads,

On 29 August, FAIRVIEW started delivering Mobility Business Records traffic into MAINWAY under the existing Business Record (BR) FISA authorization. The intent of the Business Records FISA program is to detect previously unknown terrorist threats in the United States through the cell chaining of metadata. This new metadata flow is associated with a cell phone provider and will generate an estimated 1.1 billion cellular records a day in addition to the 700M records delivered currently under the BR FISA. After extensive dialogue with the consumers of the BR data, repeated testing, a push to get this flow operational prior to the tenth anniversary of 9/11, and extensive coordination with external entities via our OGC (to include: FBI, DOJ, ODNI, and FISC) NSA received approval to initiate this dataflow on August 29, 2011. Analysts have already reported seeing BR Cellular records in the Counter Terrorism call-chaining database queries.

Though it provides important new context, that NSA started receiving mobile data on August 29, 2011 is not new news (though that it was getting it from AT&T is). The government released the notice it gave to the House Judiciary Committee that it was receiving that data in October 2013 under FOIA (indeed, this document is one I have pointed to to refute claims that the program didn’t collect cell data).

All that said, the notice, taken together with the context of the internal announcement, does explain more about why the NSA wasn’t getting as much cell data as they wanted.

In the case of Fairview and the collection started on August 29, 2011, the provider “remove[d] the cell [redacted] location information [redacted] before providing the CDRs to NSA.”

Before initiating the acquisition of mobility data, NSA undertook extensive testing to ensure strict compliance with the terms of the FISC Orders. The Court’s Orders are designed to protect the civil liberties and privacy interests of Americans. Following completion of testing, on 29 August 2011, NSA began to receive approximately [redacted] CDRs per day and enter these records into our BR FISA bulk metadata architecture.

[redacted] NSA requested that the [redacted] remove the cell [redacted] location information [redacted] before providing the CDRs to NSA. Consequently, NSA is not currently receiving this field as part of the data being acquired. [redacted]

As the NYT reported earlier this week, NSA had given Verizon Wireless a separate order for phone dragnet order in 2010. But the redaction in the notice to Congress on obtaining mobility data from a year later seems to address the problem with obtaining location information.

We know from the Congressional notice AT&T was willing to strip it. For a lot of reasons, it’s likely Verizon was unwilling to strip it.

This is one of the possible explanations I’ve posited for why NSA wasn’t getting cell data from Verizon, because any provider is only obliged to give business records they already have on hand, and it would be fairly easy to claim stripping the cell location data made it a new business record.

Which is another important piece of evidence for the case made against AT&T in the story. They were willing to play with records they were handing over to the government in ways not required by the law.

Though who knows if that remain(ed) the case? To get to the 30% figure quoted in all the pieces claiming NSA wasn’t getting cell data, you’d probably have to have AT&T excluded as well. So maybe after the Snowden releases, they, too, refused to do things they weren’t required to do by law (though because it had the Hemisphere database which could easily select records, that may have been harder to do).

Update: Adding that FISC took judicial notice of some magistrates’ rulings you needed more than a subpoena for location data in 2006, after Congress said you could only get what you could get with a subpoena in the 2006 PATRIOT Reauthorization. So it’s possible any squeamishness about location collection dates to that point, though we know FISC did still permit the government to get location data with 215 orders.

5 replies
  1. Trevanion says:

    Not new, but once again the NYT piece included the following truth: “When a foreigner abroad is communicating with an American, that law permits the government to target that foreigner without a warrant.”

    Obvious smartass comments aside, it remains mystifying why this truth has still apparently not yet registered on any of the inside-the-beltway “international” lawyers/consultants, of every political and monetizing stripe — and what it means regarding the everyday collection, reading, and listening of communications with their clients.

    Is it the willful ignorance of well-paid hubris?

  2. orionATL says:

    i finally read the nytimes piece.

    an obvious overarching question is: did the dept of justice allow at&t to become the current monoply (ok, duopoly, oligopoly, whatever) by looking the other way at federal laws and regulations regarding monopoly pricing?

    remember, in the 1970’s the dept of justice spent years breaking up at&t into baby bells on the grounds of anticompetitiveness. then two decades later baby bell “bell south” finally gobbled up the last of its sibling baby bells and changed its name to that at&t moniker.

    did the doj and nsa and presidents bribe bell south/at&t? did bell south buy into the at&t-doj-nsa-fbi partnership?

    has mass scale government spying domestic as well as overseas been going on not just since 2002, but since, say, the 1980’s.

    i can’t believe at&t wasn’t bribed by executive dept agents.

    • emptywheel says:

      Yes, see my next piece on teh role of commerce in carrot and sticking cooperation, not to mention the history of Qwest, which was killed in part bc it wouldn’t play ball.

  3. orionATL says:

    here’s a brookings piece on the bell south-at&t merger which gets the dates right and, in summary, says it never posed any threat to competition. that must be why i’m limited to at&t or verizon or comcast all of whose communications bundles just happen to cost $99.99 a month with relatively poor internet speed.
    and a little more history and economics
    and of course, wikipedia, where a small snippett on spying was recently added

    • earlofhuntingdon says:

      The egg that such mergers posed no threat to consumers, to competition or to needed service enhancements (the US has the slowest data speeds in the developed world, at some of the highest prices) could only have been hatched in Washington. The distinctive whiff of hydrogen sulfide clings to it.

Comments are closed.