So Much For NSA Chief's Offer To Store Data At A 'Neutral' Site: AT&T Receiving $10 Million/Yr From CIA For Phone Records

from the well,-that's-officially-everybody dept

More news has arrived on AT&T's willing accommodation of every government agency that asks for a peek at the numbers (or a never ending, rolling 3-month haul of all records). At least this time, it's getting something more in return than boilerplate court orders with that new ink pad smell. As the New York Times reports, the CIA wants in on the action, and it doesn't need court orders -- just a big stack of cash.

The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company's vast database of phone records, which includes Americans' international calls, according to government officials.
This is all purely voluntary ($10mil of greased palms/wheels notwithstanding), hence the lack of court orders or subpoenas. Oddly enough, this voluntary system actually protects the privacy of Americans much better than the "legal" Section 215 collections.
The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said…

Because the C.I.A. is prohibited from spying on the domestic activities of Americans, the agency imposes privacy safeguards on the program, said the officials, speaking on the condition of anonymity because it is classified. Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity of the Americans and “masks” several digits of their phone numbers, the officials said.
Of course, these "masked" records can be very simply unmasked by "tipping" them to other agencies, like the FBI, which then acquires a subpoena/court order to "unmask" the records. This just goes to show that these agencies can cooperate, as long as its in the interest of furthering domestic surveillance.

Ultimately though, this news isn't surprising. Phone companies have been collecting government paychecks in exchange for data for a very long time. True, the telcos don't want to appear as though they're selling Americans' data for cash, but that's exactly what's happening. The CIA's primary focus is foreign surveillance and, thanks to AT&T, there's some minimization in place to keep the agency focused on its purview.

More interesting, however, is how this news affects General Alexander's "generous" offer to store data at a "neutral site" in order to alleviate privacy concerns. As was noted back when he made this offer, American telcos are hardly "neutral sites" given their history of swiftly coughing up anything requested with a minimum of pushback.

So, AT&T (and Verizon, etc.) are not "neutral" in any true sense of the word, but at least storing the data there would put the NSA in the position of having to bring its selectors to a third party before accessing stored records, rather than just having them conveniently available (and exploitable) in its own storage for an indefinite period of time. This would trim down the "accidental" abuse that has been displayed by the agency in the past.

More recently, ODNI lawyer Robert Litt (along with the FBI's general counsel) suggested storing data with the originators would lead to less privacy. Given what we know about the CIA's paid data plans, he might be correct, even if his motives for making that claim were completely disingenuous.

It would introduce extra steps, but it appears as though there would be a way to "tip" domestic data to the NSA by simply using the process it uses with the FBI. Restrictions on both the NSA and CIA are meant to minimize the amount of unrelated domestic metadata they have access to. The CIA's restrictions are harsher than the NSA's, but the CIA can still grab and let the NSA wrangle the paperwork needed to unmask numbers. Or vice versa. The NSA can access its on-site metadata stores (with unmasked numbers) and tip domestic call data back to the CIA.

Both of these scenarios are unlikely, but storing the data at AT&T seems to offer very minimal privacy advantages over storing it in the NSA's data centers. At best, this creates some mild speed bumps for the agency to deal with in exchange for a small amount of "peace of mind" privacy-wise. Most telcos have seemed even less interested protecting Americans' privacy than the inquiring agencies themselves. As you'll recall, AT&T went out of its way to perform phone record queries for the FBI for agents armed with nothing more legally binding than a Post-It note.

The other thing to note is that this is another bit of evidence that undercuts the telcos' repeated assurance that they "value their customers' privacy." This sentence is usually followed directly by defensive wording about "complying" with "applicable laws" -- which actually means "complying with intelligence agencies." There's very little true concern on display and little to no evidence AT&T (and Verizon) have ever made any serious attempt to push back on government requests.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Capt ICE Enforcer, Nov 8th, 2013 @ 3:32am

    Think of the children.

    So let me get this straight, our government is always broke and having to do budget cuts in areas such as education, national defense,and different healthcare ooptions. But one agency has no issues spending millions a year for information that another government agency has already spent tons of cash to have complete access to. Why can't the wrong hand talk to the left hand and save some cash for programs that will help. Like feeding the children, helping the needy or creating a large monument in aappreciation for our great leader who shows everyone that once in office you have no accountability to do the things promised to get elected.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 8th, 2013 @ 4:25am

      Re: Think of the children.

      It's all a big shell game where they hide your money and pretend their priorities are for your best interests, not those of their monied overlords.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 8th, 2013 @ 4:02am

    That's 1 percenter data

    Funny isn't it, that the NSA is really targetting rich jetsetter Americans. Because the Joe sixpack don't make international calls.

    This is 1 percenters that are being spied on here. Businessmen, jetsetters, people who travel abroad on holiday a lot.

    Go ahead 1 percenters, support Fox News and promote this agenda to make American safe... from you. Because you apparently are a threat to America.

    Nice to know isn't it, that your data goes into the big database and not Joe Sixpacks in this case!

    Ha ha! Delicious irony! Ha ha!

    Kind of bizarre/sad that they have a filter list of terrorists, that they're searching for, and instead of the law protecting privacy and only letting NSA get data related to its terrorist list, it just gets *all* the data. It even gets to store that data.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 8th, 2013 @ 4:29am

      Re: That's 1 percenter data

      I thought it was the CIA -- hang on a sec.

      "The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations ..."

      Ahhh, yeah.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    quawonk, Nov 8th, 2013 @ 4:12am

    I bet that, soon, the RIAA/MPAA might be getting in on this too.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 8th, 2013 @ 4:22am

    Condoms needed for the digital age, this getting in bed with strangers is getting absurd already.

    http://www.darkreading.com/authentication/prototype-encrypts-data-before-shipping/240163657

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Nov 8th, 2013 @ 5:46am

    These amounts are so small among billions...

    that to me seems like PR to establish the notion that is only a few -- just the 1 percenters posited above -- and so no need for much worry. Baloney.

    We don't actually KNOW, people. When you don't have any way to verfiy, never trust anything specific, but take the mere mention as indicating a limited hangout psyop. They wouldn't release this at all if weren't to their advantage. This is just a (suspiciously) nice round number put out without least proof; the only sources that could confirm or disprove are the co-conspirators. -- Besides that, could be payoffs directly to executives / sysadmins for unlimited "direct" access.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    wec, Nov 8th, 2013 @ 5:48am

    AT&T "values their customer's privacy" at $10 million a year.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 8th, 2013 @ 5:50am

    why don't they just pay us all to let them tap our phones?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Blaine (profile), Nov 8th, 2013 @ 7:50am

    Reason for lack of competition

    Maybe one reason our gov isn't pushing for REAL competition in the communication areas, is because it's easier to get cooperation from a small handful of phone and cable companies than it would be if we had dozens of options.

    Real competition in the phone/cable(isp) area may not solve the problem but it would at least make it more likely we'd find out about abuses.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    jupiterkansas (profile), Nov 8th, 2013 @ 8:11am

    "The President's Analyst" showed us all this has been happening since 1967.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 8th, 2013 @ 11:07am

    We need privacy legislation that restricts telco records to 3 years.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Nov 8th, 2013 @ 12:16pm

      Re:

      Why 3 years? I'd prefer restricting them to only storing the data that is needed for them to function, and only for exactly as long as it is needed for that purpose. It's hard to see how that duration would be much longer than a single billing cycle.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 8th, 2013 @ 1:30pm

        Re: Re:

        Let them store it as long as they want. Just prohibit government from paying for it. Money is all companies like AT&T care about. The minute the government stops paying them. They will probably stop being so eager to give it.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Nov 8th, 2013 @ 2:51pm

          Re: Re: Re:

          What counts as "paying for it?" I imagine that even if the government doesn't cut a check, companies like AT&T would be happy to play along if they know it will get them juicy government contracts.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Nov 8th, 2013 @ 2:52pm

          Re: Re: Re:

          Also, even if they never give the government any of my data, I don't want companies holding onto it for longer than they need as a matter of principle. They'll certainly sell it or share it with other companies.

           

          reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This