WASHINGTON — The CIA pays AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls, according to government officials.
The cooperation is conducted under a voluntary contract, not under subpoenas or court orders compelling the company to participate, according to the officials. The CIA supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.
The program adds a new dimension to the debate over government spying and the privacy of communications records, which has been focused on National Security Agency programs in recent months. The disclosure sheds further light on the ties between intelligence officials and communications service providers. And it shows how agencies beyond the NSA use metadata — logs of the date, duration, and phone numbers involved, not the content — to analyze links between people through programs regulated by an inconsistent patchwork of legal standards, procedures, and oversight.
Because the CIA is prohibited from spying on the domestic activities of Americans, the agency imposes privacy safeguards on the program, said the officials, speaking on the condition of anonymity because it is classified. Most of the call logs provided by AT&T involve foreign-to-foreign calls, but when the company produces records of international calls with one end in the United States, it does not disclose the identity and “masks” several phone number digits, the officials said.
Still, the agency can refer such masked numbers to the FBI, which can issue an administrative subpoena requiring AT&T to provide the uncensored data. The bureau handles any domestic investigation, but sometimes shares with the CIA the information about the American participant in those calls, the officials said.
Dean Boyd, a spokesman for the CIA, declined to confirm the program. But he said the agency’s intelligence collection activities were lawful and “subject to extensive oversight.”
“The CIA protects the nation and upholds privacy rights of Americans by ensuring that its intelligence collection activities are focused on acquiring foreign intelligence and counterintelligence in accordance with US laws,” he said. “The CIA is expressly forbidden from undertaking intelligence collection activities inside the United States ‘for the purpose of acquiring information concerning the domestic activities of US persons,’ and the CIA does not do so.”
‘We value our customers’ privacy and work hard to protect it by ensuring compliance with the law.’
Mark Siegel, an AT&T spokesman, said: “We value our customers’ privacy and work hard to protect it by ensuring compliance with the law in all respects. We do not comment on questions concerning national security.”
The CIA program appears to duplicate work performed by the NSA. But a senior US intelligence official suggested that it would be rational for the CIA to have its own program to check calling patterns linked to overseas terrorism suspects.
With on-the-ground operatives abroad seeking to disrupt terrorist activities in “time-sensitive threat situations,” the official said, the CIA requires “a certain speed, agility, and tactical responsiveness that differs” from that of other agencies. “That need to act without delay is often best met when CIA has developed its own capabilities to lawfully acquire necessary foreign intelligence information,” the official said.
Since June, when documents leaked by former NSA contractor Edward J. Snowden began to surface, an international debate has erupted over the scope of NSA surveillance and the agency’s relationships with US companies that operate networks or provide Internet communications services. The AT&T-CIA arrangement illustrates that such activities are not limited to the NSA, and that cooperation can be voluntary.
While officials in Washington are discussing whether to rein in the NSA on US soil, governments in Europe are demanding more transparency from the companies and threatening greater restraints.
AT&T is exploring a purchase of Vodafone, a European cellphone service provider, and European regulators and politicians have vowed to scrutinize such a deal.