Background Information on Hemisphere/DAS

More information on the aforelinked secret program that provides U.S. law enforcement with trillions of phone call records, including location data, from the EFF:

“Hemisphere” came to light amidst the public uproar over revelations that the NSA had been collecting phone records on millions of innocent people. However, Hemisphere wasn’t a program revealed by Edward Snowden’s leaks, but rather its exposure was pure serendipity: a citizen activist in Seattle discovered the program when shocking presentations outlining the program were provided to him in response to regular old public records requests.

This slide deck hosted by the EFF is one of those presentations, and worth your attention. The system’s capabilities are terrifying. From page 9 of that deck, highlighting Hemisphere’s “Special Features”:

  • Dropped Phones — Hemisphere uses special software that analyzes the calling pattern of a previous target phone to find the new number. Hemisphere has been averaging above a 90% success rate when searching for dropped phones.

  • Additional Phones — Hemisphere utilizes a similar process to determine additional cell phones the target is using that are unknown to law enforcement.

So if a target throws away their phone, switches to a new burner phone, but continues calling the same people, Hemisphere claims a 90 percent success rate identifying that new phone.

  • Advanced Results — Hemisphere is able to provide two levels of call detail records for one target number by examining the direct contacts for the original target, and identifying possibly significant numbers that might return useful CDRs.

So the system analyzes not just the phone records of the target, but the records of every single number the target calls.

Page 20 of the deck is highly redacted:

  • Hemisphere can capture data regarding local calls, long distance calls, international calls, cellular calls [???]

  • Hemisphere does NOT capture █████████████████████████ subscriber information [???]

  • Highlights of any basic request include: █████████████████████████ █████████████████████████████████ temporary roaming and location data, and traffic associated with international numbers

I’m using “[???]” to denote spots where I suspect information has been redacted, and “█” to indicate obvious redactions. I sure would love to know what’s redacted there. Again, my mind runs to text messages.

Tuesday, 21 November 2023