AT&T has been data-mining and willingly sharing user phone data, through its “Hemisphere” Project, which is essentially a mass surveillance program.
The NSA may be the well-known governmental entity notorious for conducting spy surveillance of its citizens and its massive record retention program, but the private sector is also capitalizing on such opportunities. AT&T, a telecommunications conglomerate with diversified revenues of more than $146 billion reported in 2015, is branching out by selling its “Hemisphere” services to the US Justice Department. AT&T has been data-mining and willingly sharing user phone data, through its “Hemisphere” Project, which is essentially a mass surveillance program. The Hemisphere program, first whispered about as early as 2013, reportedly utilizes data provided by the cell phone company dating back to the 1980s.
AT&T has not commented publically on the program, but reported documents published highlight the fact that the telephone company is providing the service through its already established infrastructure. All at the cost of additional fees to the buyer, of course.
AT&T has collected and retained, in the past, phone call logs and other “Metadata” with of extensive 380 million user database. Research conducted by the NSA revealed that telephone metadata can reveal sensitive personal information of the user. Collected meta-data consists of non-content phone user information, which can pose a threat to user privacy.
Image: The logo of the “Hemisphere Project” (AT&T)
Verizon Communications has also been the subject of a forced compliance order issued by the U.S. Foreign Intelligence Surveillance Court that resulted in handing over electronic data to the NSA. This data included all calling records maintained on a daily basis- without disclosure to the user. The order itself covered location, frequency, and duration of the calls, but not the actual content of the communication. Additionally, the user is not aware of any such privacy invasions nor may be the subject of any criminal investigations.
Previously, the NSA might have been the only entity that had the resources to support such surveillance with the infrastructure to house such extensive data. AT&T’s access to its hundreds of millions of customer, however, gave the telecommunications company ample opportunity and infrastructure to collect data on everything that happens within its network. The communication of two or more users in regards to “who”, “what”, “when”, and “where” are collected and stored. This data, accessed through AT&T’s vast user network, along with the location data provided by cell phones, leaves a distinct digital trail that law enforcement should be able to follow. We’re talking about a massive amount of information, especially considering AT&T’s market share and reach. AT&T’s landline customers alone consist of more than 75% of the entire market share.
Documents revealed confirm a link between the collections of phone data to the formation of an “alliance” with law enforcement agencies, who are eager for such information provided by AT&T’s vast network. The revenue received by AT&T for such a service, although morally or ethically ambiguous in nature, amounts to millions per year.
AT&T’s willingness to data-mine information is one unique characteristic of this alliance. Usually, a private entity provides such information under the enforcement of a legal warrant. AT&T itself seeking an alliance (a sort of public-private partnership) with a governmental agency, is a rather different type of partnership.
Cell phone providers, in the past, have hardly played such a cooperative role, and certainly not such a prosperous one. FBI’s battle with Apple regarding the San Bernardino shooter’s iPhone indicated that Apple publically opposed such an alliance. It refused to cooperate with investigators in order to create software that would unlock the shooter’s iPhone. Apple believed that creating, in essence a backdoor to unlock its software, would set a dangerous precedent. Apple ultimately propagated against the invasion of cell phone privacy by refusing to cooperate with investigators in a terrorism case. AT&T has no such reservations.
Formerly, the US-NSA has had legal authority to access phone user information under the USA Patriot Act of 2001. Some of the same powers granted to the USA Patriot Act are now available under the USA Freedom bill (2016), but with some restrictive guidelines. The NSA is also facing several lawsuits filed by the American Civil Liberties Union (ACLU) over its controversial bulk collection of phone data. Several rulings have vilified the ACLU’s claim on the basis that:
“While others who have brought legal challenges to the bulk collection program, plaintiffs [in this case] lack direct evidence that records involving their calls have actually been collected.”
AT&T’s stand on these published documents is in opposition to Snowden’s views on the matter.
[IMAGE] Edward Snowden’s on the cover of Time in 2013.
Edward Snowden, in an interview with European reporters on Oct. 26th 2016, further fueled the massive public debate on mass surveillance by cell phone service providers. Snowden claimed that the public is not able to stop targeted surveillance from huge government organizational programs. According to him, this was the reason behind the massive data breaches and cyber-attacks that have taken place in recent years:
“In our current state of the art, offense is easier than defense. This is an unfortunate artifact of the fact that governments around the world have prioritized offensive capabilities for the benefit of spying on people so much more strongly than they have defensive capabilities, preventing our countries from being hacked”.
In the continuing saga of Edward Snowden, his comments on the cooperation of AT&T with governmental agencies suggest that governmental agencies are focusing most of their resources on the offensive-end, leaving them vulnerable to defend against massive data breaches and hacks. Because of a lacking in defense, vulnerabilities can be exploited, as evidenced by the cyber-attack at the Office of Personnel Management, the recent Democratic National Committee hacks, and other such infrastructural attacks. These could have been prevented with a focus on bolstering defense:
“[Its] fear of the power grid being attacked—these were preventable problems”- Edward Snowden
If such cyber-attacks can compromise the security of private and governmental agencies, then what is the defense against such a compromise in critical sectors, such as energy or manufacturing? Previous Reports, published in 2015, have in fact stated that the energy sector in the U.S. is not prepared to defend itself against cyber threats.
Snowden’s reasoning isn’t incorrect as he makes a justifiable argument. Moreover, his narrative has consistently warned of mass surveillance activities taking place without the knowledge of the mass public. He has sacrificed his entire career on reporting breaches of user privacy by intelligence agencies. The former NSA contractor is a whistle-blower, he exposed the questionable practices of his employer, a governmental agency, but he is also an advocate of safeguarding user privacy at the hands of surveillance agencies.
You may ask, “If AT&T volunteers user phone information- is it still illegal?” The answer lies somewhere in the middle. In essence, this is capitalism at its finest, an exchange between buyer and seller that constitutes a business transaction. The information at the heart of this debate is legitimized at the source and wrapped around an added financial incentive. However, the threat of user privacy against mass surveillance is a very real one, and not just in the U.S.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.