[funsec] AT&T's database of 1.92 trillion phone calls

Richard M. Smith rms at bsf-llc.com
Sat Feb 25 08:36:37 CST 2006


Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data 


He was alluding to databases maintained at an AT&T data center in Kansas,
which now contain electronic records of 1.92 trillion telephone calls, going
back decades. The Electronic Frontier Foundation, a digital-rights advocacy
group, has asserted in a lawsuit that the AT&T Daytona system, a giant
storehouse of calling records and Internet message routing information, was
the foundation of the N.S.A.'s effort to mine telephone records without a

An AT&T spokeswoman said the company would not comment on the claim, or
generally on matters of national security or customer privacy.

But the mining of the databases in other law enforcement investigations is
well established, with documented results. One application of the database
technology, called Security Call Analysis and Monitoring Platform, or Scamp,
offers access to about nine weeks of calling information. It currently
handles about 70,000 queries a month from fraud and law enforcement
investigators, according to AT&T documents.

A former AT&T official who had detailed knowledge of the call-record
database said the Daytona system takes great care to make certain that
anyone using the database - whether AT&T employee or law enforcement
official with a subpoena - sees only information he or she is authorized to
see, and that an audit trail keeps track of all users. Such information is
frequently used to build models of suspects' social networks.

The official, speaking on condition of anonymity because he was discussing
sensitive corporate matters, said every telephone call generated a record:
number called, time of call, duration of call, billing category and other
details. While the database does not contain such billing data as names,
addresses and credit card numbers, those records are in a linked database
that can be tapped by authorized users.

New calls are entered into the database immediately after they end, the
official said, adding, "I would characterize it as near real time." 

According to a current AT&T employee, whose identity is being withheld to
avoid jeopardizing his job, the mining of the AT&T databases had a notable
success in helping investigators find the perpetrators of what was known as
the Moldovan porn scam.

In 1997 a shadowy group in Moldova, a former Soviet republic, was tricking
Internet users by enticing them to a pornography Web site that would
download a piece of software that disconnected the computer user from his
local telephone line and redialed a costly 900 number in Moldova. 

While another long-distance carrier simply cut off the entire nation of
Moldova from its network, AT&T and the Moldovan authorities were able to
mine the database to track the culprits.

More information about the funsec mailing list