AT&T's First Transparency Report Reveals Warrantless Demands for Customer Data

This was originally posted by the ACLU of Northern California.

In the wake of our shareholder advocacy, AT&T has now joined Verizon and released its first transparency report. AT&T's report shows how federal, state, and local governments have requested large volumes of customer information, typically without a warrant. While we welcome AT&T's move, the American public remains in the dark about a lot of what's happening behind the scenes. Greater transparency is still needed from AT&T and the federal government. 

Here's a breakdown of the many demands AT&T received in 2013. As we have long suspected, the vast majority of these demands lacked a warrant:

  • AT&T received 301,816 demands related to criminal and civil litigation. Only 16,685 of these demands included a warrant based on probable cause.
  • AT&T received 223,659 subpoenas for customer information. This is significantly more than the 164,184 subpoenas Verizon received during the same period.
  • AT&T received 37,839 demands for location information. At least 21,000 of these demands lacked a warrant. AT&T's full report saysa warrant is "almost always required to obtain real-time location information."
  • AT&T also received 1,034 demands for "cell tower searches" last year, some of them compelling the company to identify the numbers of all phones that connected to a specific cell tower during a given period of time. Cell tower information is ripe for misuse—we know of at least one instance where a cell tower request was made for all phones within the vicinity of a planned labor protest.

AT&T also included information on national security requests (though, not the complete story):

  • AT&T reported receiving between 2,000 and 3,000 National Security Letters (NSLs) from the federal government for customer information including name, address, length of service, and toll billing records. NSLs do not require prior approval from courts andthe government has been criticized for misusing them. 4,000 to 4,999 AT&T customers were affected by NSLs last year. Note:Verizon has not yet revealed how many customers were affected by the NSLs it received.
  • AT&T also released information about federal government demands for customer content under the Foreign Intelligence Surveillance Act (FISA), demands that may result in government access to the telephone and Internet communications of US citizens and persons abroad. For the first six months of 2013, AT&T received 0-999 requests for content that ultimately affected 35,000-35,999 customers. In fact, more AT&T customers were affected by FISA content requests in the first half of 2013 than the combined number of Facebook, Google, and Microsoft customers affected by the same sort of requests during that period.
  • Unfortunately, the report omits important information on the metadata that the government reportedly obtains from AT&T under the call records program (currently being challenged by the ACLU in federal court). Phone metadata includes the phone numbers of parties to a conversation, a call's duration, and device identifiers—information that can paint a very detailed picture of private lives.We know that the government justifies its access to phone metadata with a section of the FISA law, yet AT&T's report states that only 0-999 customers were affected by such "non-content" requests. On its own, this lack of detail misleads the millions of AT&T customers whose phone metadata may be subject to these demands.

In addition to a clearer explanation of national security requests, we hope that AT&T's future reports will also address the following shortcomings: 

  • The current report does not include the number of customers or individuals affected by all of the government demands. Thecompany claims that it is "difficult" to tally this information.
  • The report does not describe statistics on how often AT&T complies with demands.
  • This report includes very limited information about demands from foreign governments.

AT&T's transparency report, limited in what it reveals, also highlights just how essential it is for privacy laws to be updated in both the national security and law enforcement contexts. Technology has advanced exponentially and our privacy laws are still in the digital dark ages, enabling the government to engage in a largely unsupervised shopping spree of the personal data held by AT&T and other companies. This is why you should tell your member of Congress to support the USA Freedom Act and an update to the federalElectronic Communications Privacy Act. We also urge AT&T to play a larger role by pushing for greater transparency, including far more detail in its future reports, and advocating for stronger privacy protections.

View comments (1)
Read the Terms of Use

Anonymous

I wonder why MY phone service has never been mentioned in any of these articles.
It's starting to worry me a tad more than I'd like it to.

All I know about the two companies mentioned is that they charge an arm, a leg, fingers and toes on the remaining limbs just to even HAVE a plan with them.
I want nothing to do with either of them but one especially more than the other, b/c they told me I have bad credit when it wasn't true.
I have NO credit and that ISN'T the same as bad credit, and a damn company that deals with credit should know that more than I do.
Anyway, it was a fat flaming lie when they wrote on their rejection letter that I have bad credit. Since they've done that I've been rejected for everything everywhere and there's not a DAMN thing I can do about it.

The reason I have no credit is truly a despairing story of vast stupidity on MY part. I always let my husband use his already established card to make purchases for me, b/c I never had any chance to get credit on account of nobody would be co-signer. Not even he would co-sign for me to have a card. After we separated I asked again if he'd co-sign for me to have my own card and he convinced me to just let him make the purchase on his own card, saying I could pay him back over time. What talked me into the deal was when he said "it's not like I'm going anywhere soon. I'm going to be around for a long time."
He thought he'd be around for 40 or 50 YEARS. Maybe at least 40, long enough to grow old anyway, and I believed him without much thinking about it.
Well I certainly never thought he would literally speaking be blasted out of reality so effectively that we've never received a single PHYSICAL remain to make it a "confirmed death" instead of a "confirmed missing."
He died on September 11, 2001 in Tower 1.
It doesn't really matter how it happened, the point is that I still have no credit b/c I have no money to start any: even preapproved requires a LITTLE money and you'll never have that as long as every single penny you see is tied up in survival and there's NEVER any disposable income.
People just have no idea what this entire mass murder scheme has actually done to relatives who DIDN'T receive money from the government b/c legally they couldn't claim it but were still important to the person in other ways.

I have NO credit, not bad credit and now I have every place I try to do any business with thinking I have a bad credit history no thanks to that company.
That's only my personal reason for hating them. The other reason is that they've been against net neutrality forever, they're probably STILL against it.
I have no use for either of them.

Stay Informed