The name of the project is Hemisphere, and its database contains CDRs (including for long distance and international phone calls) for any telephone carrier that uses an AT&T switch to process a telephone call. The records are provided in response to federal, state, and local administrative / grand jury subpoenas.
The Hemisphere Project is not a classified project, but has been kept on the down-low. "All requestors are instructed to never refer to Hemisphere in any official document," instructs the leaked presentation detailing the project's capabilities. "If there is no alternative to referencing a Hemisphere request, then the results should be referenced as information obtained from and AT&T subpoena."
The database receives around 4 billion new CDRs daily, and these records also contains roaming information that can identify the location of the callers at the time of the call.
It seems amazing that AT&T is keeping call records that go back to the 1980s, especially when the NSA stores phone call logs for nearly all calls in the US for only five years.
The Obama administration points out that, for once, it's not one of its agencies that stores all this data, but on the other hand any federal agency (in this case the DEA) has access to it by issuing an "administrative subpoena".
It's interesting to note that the Hemisphere project has some unique capabilities such as an algorithm and advanced search features that can find a suspect's possible replacement phones or additional phones he or she is using.
And then there are other new options:
The existence and the use of such a database was not exactly secret, but everyone involved obviously went to great lengths to keep it hidden from the greater public.
While the reason behind this effort is easily explained by the need for criminals to be oblivious to law enforcement agents' capabilities to track them down via their cell phones, it doesn't mean that another reason for the secrecy could have been that it would be very hard to justify it to the public or the courts - as Jameel Jaffer, deputy legal director of the ACLU pointed out.
An AT&T spokesman declined to comment on anything regarding this revelation except for noting that they, like all other companies must respond to valid subpoenas issued by law enforcement.
It is still unknown whether other big US telecoms like Verizon and Sprint have a similar project in place.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.