DEA says AT&T still provides access to billions of phone records

A program that allows drug agents to obtain a pool of billions of call records from AT&T is “still active,” according to a watchdog report.

The report, published Thursday by the Justice Department inspector general, confirmed the program — named in the report only as Project C — continues to provide access to “billions” of domestic and international call records to Drug Enforcement Administration agents. The program allows agents to pull information about the callers and when and where a call was made from the telecoms provider operating the program without requiring a court order.

Details of Project C — known internally as Hemisphere — was first revealed in 2013, almost a decade after the program began in 2007. According to the watchdog report, the telecoms provider — said to be AT&T — “maintains and analyzes” its own collection of bulk phone record data and allows access to several law enforcement agencies.

Hemisphere is said to collect more phone records than the National Security Agency’s once hotly contested phone records collection program, first disclosed by whistleblower Edward Snowden. The NSA’s program collected some 500 million call records in 2017 but was effectively shuttered last year.

A document obtained under a Freedom of Information Act lawsuit by the Electronic Frontier Foundation detailing the breadth of AT&T’s Hemisphere program (Image: EFF)

The AT&T-run program collects information on every call that passed through one of its systems, including by other cell carriers and network providers. The database reportedly contains call records dating back three decade, including the location of callers. It also provides IMSI and IMEI numbers to identify callers.

But the Justice Department’s watchdog said the program posed legal problems because agents may need a higher authority to access the data than an agency-issued subpoena, which doesn’t require judicial oversight.

Bill Blier, deputy inspector general for the Justice Department, said the DEA “failed to conduct a comprehensive legal analysis prior to using its administrative subpoena authority.”

The watchdog recommended the DEA issue a legal opinion on the permissible uses of the program.

Law enforcement was accused of using the database for “parallel construction,” a way of allowing police to discover potentially criminal acts but reverse-engineer their findings to prevent public disclosure of the database. But the watchdog found “nothing inherently inappropriate” about using parallel construction to re-create information for use in a court filing.

AT&T said it, like all companies, is “required by law to provide information to government and law enforcement entities by complying with court orders, subpoenas, lawful discovery requests and other legal requirements.” The company added: “We provide voluntary assistance to law enforcement when a person’s life is in danger and in other immediate, emergency situations,” and: “we ensure that requests for assistance are valid and that we act in compliance with the law.”

DEA spokesperson Katherine Pfaff told TechCrunch that the agency “agrees” with the watchdog’s recommendations and “has already begun enhancing these processes.”

The agency declined to name the telecoms provider.

Updated with comment from AT&T.