- Stores CDRs (Call Detail Records), many or all of which are collected via …
- … some kind of back door into the AT&T switches that many carriers use. (See Slide 2.)
- Has also included “subscriber information” for AT&T phones since July, 2012.
- Contains “long distance and international” CDRs back to 1987.
- Currently adds 4 billion CDRs per day.
- Is administered by a Federal drug-related law enforcement agency but …
- … is used to combat many non-drug-related crimes as well. (See Slides 21-26.)
Other notes include:
- The agencies specifically mentioned on Slide 16 as making numerous Hemisphere requests are the DEA (Drug Enforcement Agency) and DHS (Department of Homeland Security).
- “Roaming” data giving city/state is mentioned in the deck, but more precise geo-targeting is not.
I’ve never gotten a single consistent figure, but typical CDR size seems to be in the 100s of bytes range. So I conjecture that Project Hemisphere spawned one of the first petabyte-scale databases ever.
Hemisphere Project unknowns start:
- Is that “back door into AT&T switches” inference really reliable? (I’m basing it on just a few words in the deck, and such decks can have inaccuracies in them.)
- Just which calls’ metadata is currently being collected?
- How long has this approximate rate of CDR collection been going on; can we just extrapolate back from the current 4 billion calls/day?
It seems that a primary use case for Project Hemisphere is to guess what phone numbers baddies are using, especially those of disposable “burner” cell phones that are otherwise very hard to trace. (The key benefit mentioned to such analysis is that those new phones can then be tapped.) There aren’t many details as to how the phone numbers are inferred, but since almost nothing is initially known about the target phone numbers except calling patterns, those are surely a huge part of the puzzle. In particular, it doesn’t seem to have been disclosed which other databases, if any, are linked into the analysis. There is no hint in the deck that the Hemisphere program directly collects telephone call contents. Rather, it’s used to help determine which telephone numbers to tap.
The government apparently trains its people to keep Hemisphere secret, to the point of lying about it, even though Slide 2 states that Hemisphere is “an unclassified program”.
- Slide 8-12 generally emphasize the Hemisphere program’s secrecy.
- Slide 10 seems to advocate outright deception. Specifically — and this is both complicated and ironic — it seems to say that the government should get subpoenas for information it already had without subpoena, so that those subpoenas can be the claimed source of the information when applying for yet other subpoenas.
So it seems as if Hemisphere is yet another example of the pattern:
- The US government has long lied about how far it invades privacy …
- … and about the assistance it receives from the telecom/technology industry in doing so.
- Little tangible harm has been done by those invasions, except to those who clearly deserved it.
Up to a point, this is reassuring. But it still bodes badly for a future in which there are many more ways surveillance can be used to hurt us than were possible before.