"Checking every phone call ever made is an example of old think," he said.
He was alluding to databases maintained at an AT&T data center in Kansas, which now contain electronic records of 1.92 trillion telephone calls, going back decades. The Electronic Frontier Foundation, a digital-rights advocacy group, has asserted in a lawsuit that the AT&T Daytona system, a giant storehouse of calling records and Internet message routing information, was the foundation of the N.S.A.'s effort to mine telephone records without a warrant.
An AT&T spokeswoman said the company would not comment on the claim, or generally on matters of national security or customer privacy.
But the mining of the databases in other law enforcement investigations is well established, with documented results. One application of the database technology, called Security Call Analysis and Monitoring Platform, or Scamp, offers access to about nine weeks of calling information. It currently handles about 70,000 queries a month from fraud and law enforcement investigators, according to AT&T documents.
A former AT&T official who had detailed knowledge of the call-record database said the Daytona system takes great care to make certain that anyone using the database — whether AT&T employee or law enforcement official with a subpoena — sees only information he or she is authorized to see, and that an audit trail keeps track of all users. Such information is frequently used to build models of suspects' social networks.
The official, speaking on condition of anonymity because he was discussing sensitive corporate matters, said every telephone call generated a record: number called, time of call, duration of call, billing category and other details. While the database does not contain such billing data as names, addresses and credit card numbers, those records are in a linked database that can be tapped by authorized users.
New calls are entered into the database immediately after they end, the official said, adding, "I would characterize it as near real time."
(Via Bruce Schneier's blog.)