AT&T gets paid millions by the CIA to give up user data

7 Nov, 2013 16:57 / Updated 11 years ago

The second-largest telecom company in the United States has been on the Central Intelligence Agency’s payroll to the tune of $10 million a year in exchange for voluntarily handing over troves of phone logs, the New York Times reported Thursday.

Citing federal officials with knowledge of the program, The Times’ Charlie Savage wrote that telecommunication giant AT&T has been routinely collaborating in CIA investigations by surrendering phone records to the agency and even scouring vast archives of dated logs on their behalf since at least 2010, adding yet another scandalous chapter in the sordid story of the telecom’s long-lasting and often elusive relationship with the government.

The exchange has not been codified into any official program or covered under a specific law, Savage said, but is rather done through a voluntary contract in which AT&T is awarded millions of dollars annually in exchange for searching its databases for the CIA in instances where the agency provides the phone number of an overseas terrorism suspect whose contacts are then called into question.

AT&T will scour these databases to search for information on foreign targets, Savage wrote, collecting in the process collateral intelligence about American persons who may have been in contact with the overseas suspect at any time in the past.

Representatives for both the CIA and AT&T declined to confirm the existence of the program to the Times, with the intelligence agency acknowledging that it is forbidden from “acquiring information concerning the domestic activities of US persons.” According to Savage, however, AT&T has indeed handed over information pertaining to American citizens, the likes of which are supposedly subject to privacy safeguards — that could then be bypassed by other US agencies.

Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity of the Americans and ‘masks’ several digits of their phone numbers,” Savage said officials told him.

At that point, he added, the CIA could contact the Federal Bureau of Investigation and ask for an administrative subpoena compelling AT&T to provide information about the American subject.

The bureau handles any domestic investigation, but sometimes shares with the CIA the information about the American participant in those calls,” Savage again said his sources informed him.

Speaking on behalf of the CIA, spokesman Dean Boyd told the Times that the agency “protects the nation and upholds privacy rights of Americans by ensuring that its intelligence collection activities are focused on acquiring foreign intelligence and counterintelligence in accordance with US laws.”

We value our customers’ privacy and work hard to protect it by ensuring compliance with the law in all respects. We do not comment on questions concerning national security,” AT&T spokesman Mark Siegel added.

Should Savage’s claim hold true, however, the conduct of the telephone company could fall directly counter to promises made on its website, particularly one sentence on a page that lists “Our privacy commitments.”

We will not sell your personal information to anyone, for any purpose. Period,” AT&T assures its customers.

A caveat says that AT&T will indeed share personal information, however, to “Comply with court orders, subpoenas, lawful discovery requests and other legal or regulatory requirements, and to enforce our legal rights or defend against legal claims.” Another says information could be shared with “a responsible governmental entity in emergency or exigent circumstances or in situations involving immediate danger of death or serious physical injury.”

According to Savage’s sources, however, no court order is necessary for the sort of specific collaboration cited in the Times, and the exchange of millions of dollars annually suggests that the relationship is one that involves legitimate business transactions — with one party being the intelligence arm of the United States.

But as Savage and others were quick to point out, the CIA’s conduct in this case all too much emulates the behavior of another major intelligence community player: the National Security Agency. The NSA has maintained an alliance with AT&T that has been highly documented for years, raising additional questions about the immense scope — and cost — of the federal government’s efforts to infiltrate the telecom industry.

In 2007, former AT&T technician Mark Klein blew the whistle on a program that involved the NSA tapping all Internet data traveling into one of the company’s major California data hubs. Then just this year, intelligence contractor-turned-leaker Edward Snowden revealed that the NSA was collecting millions of call records from multiple telecoms on a regular basis while also working hand-in-hand with certain Internet services to eavesdrop on online communications. According to one document released by Snowden, the NSA has paid those companies millions of dollars in order to cover the cost of maintaining that Internet surveillance program, code-named PRISM.

Elsewhere in their Privacy Policy, AT&T acknowledges, “We share your Personal Information with companies that perform services for us” and adds “we cannot guarantee that your Personal Information will never be disclosed in a manner inconsistent with this Policy.”