Hemisphere 2.0

As I note in an update to this post, Charlie Savage is very cross I did some math. On top of making a hilariously bad misreading of my original post — claiming I said a number was implausible even though I said it was plausible on at least five occasions, including the headline — and making a number of other errors about how the phone dragnet works, he bitches that I go through the effort of laying out what the 151 million call event might actually mean. (As always, Charlie doesn’t hold himself to the standards of correction he demands I do, either in the NYT or on posts like this.)

The reason you do that is to lay out assumptions.

And I’ve realized two things about how we’re counting numbers. First, one source of redundancy no one has considered is a SIM/handset redundancy.

One thing phone dragnets are designed to do is correlate identities: track the various identities a suspect and his associates are using, so as to ensure you’re tracking all their possible communications. With cell phones, one thing you want to track is whether someone is swapping out SIM cards. This collection starts with identifiers from EO 12333 collection, which we know is stored logically by IMEI/IMSI. It is possible that providers get both those identifiers as separate identifiers and provide two separate streams of data, especially if they don’t coincide.

If that were the standard practice, it would mean there’d often be a dual set of identical call records.

The more interesting issue is telecom retention. As I Con the Record notes, a request will return historical, current, and prospective call records. We’ve talked a lot about minimum retention (and the two year data handshake that Verizon and T-Mobile agreed to). But we haven’t talked about maximal retention.

As I noted, AT&T has call records going back decades, collected on any call that crossed its lines. We know that under the Hemisphere program, it usually could come up with call records for phones, whether or not they were AT&T customers. That means that the government could always submit requests to AT&T (again, whether or not the target used AT&T as a provider, because the target would surely have used AT&T’s backbone), and get years of records for the handset and SIM, if they existed, as well as for the two hops. This data would effectively create a mini-Hemisphere for the cluster around a given target, including call records for far more than the five years NSA used to be able to obtain data (though they might only retain that decades old data for 5 years).

I’m not saying I think they’re doing that — I don’t. In public testimony, NSA and other agency officials have conceded that data really is most valuable in the first two years, so obtaining 20 years of data would just load down NSA with false positives.

But it is a possibility — one that I hope Congress considers.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

4 replies
  1. rg says:

    “…a request will return historical, concurrent, and prospective call records.”

    Not sure I understand how it is known what calls I (or someone) might someday make, and how this relates to what we ordinarily mean by the word “record”.

    • SpaceLifeForm says:

      “prospective call records”

      I.E. an ongoing tap of SS7 filtered via a ‘selector’.

      (phone number or IMEI or keyword)

    • emptywheel says:

      The 215 phone dragnet requests are for 180 days apiece. So on the first day, they’ll get everything from that day and before. And then periodically (up to daily) they’ll get anything new.

Comments are closed.