May 5, 2017 / by emptywheel

 

Hemisphere 2.0

As I note in an update to this post, Charlie Savage is very cross I did some math. On top of making a hilariously bad misreading of my original post — claiming I said a number was implausible even though I said it was plausible on at least five occasions, including the headline — and making a number of other errors about how the phone dragnet works, he bitches that I go through the effort of laying out what the 151 million call event might actually mean. (As always, Charlie doesn’t hold himself to the standards of correction he demands I do, either in the NYT or on posts like this.)

The reason you do that is to lay out assumptions.

And I’ve realized two things about how we’re counting numbers. First, one source of redundancy no one has considered is a SIM/handset redundancy.

One thing phone dragnets are designed to do is correlate identities: track the various identities a suspect and his associates are using, so as to ensure you’re tracking all their possible communications. With cell phones, one thing you want to track is whether someone is swapping out SIM cards. This collection starts with identifiers from EO 12333 collection, which we know is stored logically by IMEI/IMSI. It is possible that providers get both those identifiers as separate identifiers and provide two separate streams of data, especially if they don’t coincide.

If that were the standard practice, it would mean there’d often be a dual set of identical call records.

The more interesting issue is telecom retention. As I Con the Record notes, a request will return historical, current, and prospective call records. We’ve talked a lot about minimum retention (and the two year data handshake that Verizon and T-Mobile agreed to). But we haven’t talked about maximal retention.

As I noted, AT&T has call records going back decades, collected on any call that crossed its lines. We know that under the Hemisphere program, it usually could come up with call records for phones, whether or not they were AT&T customers. That means that the government could always submit requests to AT&T (again, whether or not the target used AT&T as a provider, because the target would surely have used AT&T’s backbone), and get years of records for the handset and SIM, if they existed, as well as for the two hops. This data would effectively create a mini-Hemisphere for the cluster around a given target, including call records for far more than the five years NSA used to be able to obtain data (though they might only retain that decades old data for 5 years).

I’m not saying I think they’re doing that — I don’t. In public testimony, NSA and other agency officials have conceded that data really is most valuable in the first two years, so obtaining 20 years of data would just load down NSA with false positives.

But it is a possibility — one that I hope Congress considers.

Copyright © 2017 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2017/05/05/hemisphere-2-0/