A letter sent this week by US Senator Ron Wyden (pictured) to the Department of Justice (DOJ) challenged the legality of a White House-funded program that queries an AT&T repository containing a trillion call records. Wired reports:
According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.
AT&T keeps being prominently featured in stories about comms providers providing intelligence to US government agencies about comms that pass over AT&T networks. Usually the focus of these stories is whether the constitutional rights of US citizens have be violated, though it also follows that the privacy of anyone who is not a US citizen is more readily abused because they lack the same protections in law. Per Wired, a White House memo indicates they have provided over USD6mn in funding for the DAS program since 2013. The purpose of DAS is to be able to scrutinize records for any calls that utilize AT&T’s network. Wyden has reportedly written to US Attorney General Merrick Garland to warn that the details of how DAS operates in practice…
…would justifiably outrage many Americans and other members of Congress.
Wyden was writing in response to seeing confidential information about DAS that was supplied to him by the DOJ. The status of the information means Wyden is prohibited from sharing it publicly. Wired observes that companies are legally obliged to supply data to law enforcement agencies in response to a subpoena, but they are not compelled to retain the kinds of data that AT&T is keeping in this repository. Per the description given in Wyden’s letter, the scale of AT&T’s repository would almost certainly be deemed excessive when compared to expectations stated in Europe’s GDPR privacy regulations. This begs the question of whether the rights of European citizens are being violated whenever their comms pass over AT&T’s network.
AT&T profits from the program because law enforcement agencies are charged for the data they obtain. This reflects a complicated history of how the DAS program is funded in practice. The existence of DAS, which was formerly called Hemisphere, was first made public by The New York Times in 2013. The revelations prompted President Barack Obama to suspend White House funding soon afterwards, but law enforcement agencies continued to contract directly with AT&T to maintain access to their repository of call records. White House funding of DAS began again during the administration of President Donald Trump, then was cancelled during the first year of Biden’s adminstration. The memo seen by Wired stated that White House funding of DAS resumed again last year.
The amount of data maintained by AT&T and made available via DAS should not be underestimated. Per Wyden’s letter:
…the White House pays AT&T to provide all federal, state, local, and Tribal law enforcement agencies the ability to request often-warrantless searches of trillions of domestic phone records.
It also states:
According to an ONDCP [Office of National Drug Control Policy] slide deck, AT&T has kept and queries… call records going back to 1987, with 4 billion new records being added every day.
Funding the DAS program directly from the White House’s discretionary budget allows the government to sidestep rules designed to prevent unlawful surveillance of the public. Wyden’s letter bemoans the fact that the government funding of DAS is “delivered to AT&T through an obscure grant program”. A more conventional funding route would require the program to be subjected to a government privacy assessment whose findings would have to be made public. Wyden observes:
Instead, ONDCP provides funding for the program through the Houston High Intensity Drug Trafficking Area (HIDTA), one of 33 regional funding organizations as a part of a grant program created by Congress and administered by ONDCP.
This seems like a strange way to channel funding for a program that is not limited to crimes that occur in Houston, Texas. Wired also dug up repeated evidence of law enforcement bodies using DAS to request CDR data when investigating crimes unrelated to drugs. Wyden emphasizes in his letter how the surveillance program is highly centralized but open for use nationwide, with “any law enforcement officer working for one of the federal, state, local and Tribal law enforcement agencies in the U.S.” being able to directly send their data queries “to a single AT&T analyst located in Atlanta, Georgia”.
You can read Wired’s exposé and the full text of Wyden’s letter here.



