This week the New York Times revealed the Hemisphere Project, in which the government is paying AT&T for access to an enormous phone records database. While some aspects of the program are unclear, we now know that the government has long collaborated with AT&T to conduct sophisticated data-mining of sensitive telephone records, primarily to identify “burner” phones. If anyone needed another example of the ways in which our outdated privacy laws are failing us, here it is.
If you watched The Wire, you’ll remember burner phones. To evade detection by law enforcement agents, some individuals switch phones frequently. It turns out that, for the past several years, the government has had a way to identify those phones. But it involves assembling and searching through a truly enormous database of call records.
While people may dispose of their phones, it’s much harder for people to change their lives. If Alice calls Bob twice a day and Carol every Sunday, Alice is likely to do that even if she switches phones. By analyzing calling patterns within the database, it’s possible to identify Alice’s new phone.
To do this, the government searches through a vast database of call records for potential matches. Enter the Hemisphere Project. According to the Times, the government pays AT&T to embed its employees within anti-narcotics units, and these employees then conduct phone records searches at the government’s behest. This enables the government to obtain records from a vast AT&T database of Americans’ phone calls. The database stretches back 26 years, and 4 billion records are added every day.
In other words, to locate the tiny number of people who evade law enforcement agents by using burners, an AT&T-government partnership is sifting through sensitive phone records of vast numbers of people. While this may sometimes be justified, today it is happening without any supervision by a judge. And the government is deliberately concealing the origins of all information obtained by the program, making it impossible for criminal defendants to know that they were subjected to scrutiny though the program. As a result, defendants have no opportunity to test the legality of these investigative tactics—and, just as troublingly, no court will have the chance to weigh in on the program’s validity.
Despite the near-universal interest in understanding how this database is used (your call records are likely in this database), secrecy is the rule. A slide show describing the program instructs agents “to never refer to Hemisphere in any official document.” If agents need to use information derived from the Hemisphere Project, agents are instructed to conceal the existence of the program by seeking the same data from other sources, a controversial practice sometimes called “parallel construction.” In this way, the Hemisphere project is to be “walled off” and “protected.”
The Hemisphere Project is similar to the NSA’s mass call-tracking program, in that both involve collecting vast troves of private phone records, virtually all of which are about innocent people. Especially when viewed together, the two programs highlight several serious shortcomings in the privacy protections afforded to Americans’ private, personal communications.
Current protections for Americans’ call records are inadequate. Call-detail records are sensitive. Even analysis of a single call can reveal that someone has called a domestic violence or suicide hotline. More call data can be very telling about people’s social networks, as someone called frequently is more likely to be a close friend than someone called rarely. This is not the sort of information the government should access lightly, and certainly not without the supervision of a judge.
Telecommunications companies are keeping far too many records about all of us and holding onto them for far too long. When customers sign up for AT&T, they aren’t willingly signing up for a regime of corporate—and by extension government—monitoring. Even if AT&T needs to access certain information in order to route calls, there is no good reason for it to store this information about all of us for 26 years. And if AT&T didn’t build it, the government would not come.
The same companies that keep so much information about all of us reveal too little about their own policies for storing and sharing information about us. Despite repeated requests, AT&T and other telecommunications companies have declined to supply their customers with basic information such as what types of information are stored on each of us, how long that information is kept, and what is done with it. This is the bare minimum telephone companies owe their customers. But better yet, Americans should have a right to access the raw data telecommunications companies generate about them. We know that today mobile carriers keep track of their customers’ movements—customers should be able to get a copy of the actual data these companies keep. Only by seeing our own data will it be possible to accurately gauge its sensitivity.
Programs that depend on vast databases pertaining to innocent people should be public. Operations like the Hemisphere Project should not be kept secret. When a government surveillance program is predicated on its being able to access vast databases of information pertaining to Americans, the overwhelming majority of whom are and will always be innocent of wrongdoing, these programs should be public. Law enforcement agents are sifting through data about all of us. The existence and purpose of these databases should be disclosed. The personal information of too many innocent people is at stake, and democratic principles require that we all be given an opportunity to weigh in.