Law Enforcement’s Secret “Super Search Engine” Amasses Trillions of Phone Records for Decades
EFF Fights For More Disclosure About Hemisphere Program
Although the government still hides too much information about a secret telephone records surveillance program known as Hemisphere, we have learned through EFF’s Freedom of Information Act (FOIA) lawsuits that police tout the massive database of private calls as “Google on Steroids" [pdf].
Hemisphere, which AT&T operates on behalf of federal, state, and local law enforcement, contains trillions of domestic and international phone call records dating back to 1987. AT&T adds roughly four billion phone records to Hemisphere each day [.pptx], including calls from non-AT&T customers that pass through the company’s switches.
The Drug Enforcement Agency (DEA) and other federal, state and local police use Hemisphere to not only track when and who someone is calling, but to perform complicated traffic analysis that can dynamically map people’s social networks and physical locations. This even includes knowing when someone changes their phone number.
And federal officials often do it without first getting permission from a judge.
Indeed, Hemisphere was designed to be extremely secret, with police instructed to do everything possible to make sure the program never appeared in the public record. After using Hemisphere to obtain private information about someone, police usually cover up their use of Hemisphere by later obtaining targeted data about suspects from phone providers through traditional subpoenas, a process the police call “parallel construction” and that EFF calls “evidence laundering.”
Government Treats Same Information Differently in FOIA Cases
Government secrecy about Hemisphere has extended to refusing to disclose basic records about the program, and EFF has had to sue federal and California law enforcement to win access to this critical information. EFF filed another round of briefing in federal court in November calling on the government to provide records as soon as possible, given that we made our FOIA request almost two years ago. The delayed resolution in federal court has stalled a related lawsuit EFF brought against California law enforcement agencies for access to their records about Hemisphere.
We aren’t the only ones suing: the Electronic Privacy Information Center filed similar litigation, which has allowed us to learn even more about Hemisphere, including how the federal government has used inconsistent arguments to avoid public scrutiny of the program.
In EFF’s case earlier this month, the government filed a list of Hemisphere records that the government is withholding from both EFF and EPIC. This list shows the government treated the two requesters differently. Specifically, the chart shows that out of the 161 pages common to both lawsuits, the government claimed more than twice as many legal reasons to withhold the majority of pages from EFF. The government withheld 151 pages from EFF (but not EPIC) on the grounds that disclosure could interfere with an ongoing law enforcement investigation. And it withheld 107 pages from EFF (but not EPIC) because disclosure would supposedly out confidential informants.
The government has yet to explain why it treated the exact same information so differently in EFF’s and EPIC’s respective FOIA requests. Absent any explanation, the disparate treatment appears highly arbitrary. Moreover, it highlights the large power imbalance between the government and FOIA requesters seeking records.
Agencies know exactly what the documents contain and are in the best position to use or abuse FOIA’s exemptions to withhold them. This asymmetry is often to the government’s advantage. The government’s inconsistent treatment of EFF’s and EPIC’s FOIA requests show why FOIA should better limit officials’ discretion to treat requesters so differently, and better ensure judicial oversight over the entire FOIA process.
Disclosed Docs Show Police View Hemisphere as a “Super Search Engine”
Before the Hemisphere Program came to light in 2013, when a presentation was inadvertently released to a privacy activist, the public knew nothing about the massive phone records dragnet.
Through the program, AT&T assists federal and local law enforcement—often by stationing company staff in police “Fusion Centers”—in accessing and analyzing AT&T’s massive database of call detail records (CDRs). This information includes phone numbers dialed and calls received, as well as the time, date, and length of the call, and sometimes location information. This information isn’t limited to AT&T customers either.
From the records that have been disclosed in EFF’s lawsuits, we’ve learned that police view the astonishing size and scope of the database as an asset, referring to it as the “Super Search Engine” and “Google on Steroids.” Such descriptions confirm EFF’s worst fears that Hemisphere is a mass surveillance program that threatens core civil liberties.
The program poses severe Fourth Amendment concerns because police are obtaining detailed private information from the call records and learning even more about people’s social connections and physical movements based on pattern analysis. Federal officials do all of this without a warrant or any judicial oversight.
But beyond the Fourth Amendment problems, Hemisphere also poses acute risks to the First Amendment rights of callers caught in the program’s dragnet. Specifically, Hemisphere allows police to see a person’s associations, shedding light on their personal connections and political and social networks. It’s not hard to see such a tool being trained on activists and others critical of law enforcement, or being used by the government to identify entire organizations. We know that law enforcement officials have subjected Black Lives Matter activists to automated social media monitoring, and subjected attendees at gun shows to surveillance by automated license plate readers. Government officials can easily use Hemisphere in similar ways.
The Hemisphere program could not operate without AT&T’s full cooperation. It’s time for AT&T to reconsider its responsibility not only to its customers, but to all Americans who pick up the phone.
Recent DeepLinks Posts
Mar 27, 2017
Mar 27, 2017
Mar 27, 2017
Mar 27, 2017
Mar 26, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games