AT&T has just released its first transparency report on government data requests, and, as we suspected, federal, state and local authorities really like to ask the company for information about its customers. AT&T said it handled 301,816 data requests last year, with tens of thousands of demands for Americans' location information.
About 223,000 of all AT&T's requests were law enforcement subpoenas — the most basic type of demand and one that doesn't require judicial approval. That's significantly more than the 164,000 subpoenas fielded by Verizon in the last year. AT&T says it doesn't comply with government requests for location information or real-time calling information without a court order or a search warrant. In 2013, the company received about 53,000 of those requests in all. Unlike Verizon, however, AT&T doesn't specify how many times it received a request for a wiretap.
AT&T also received far more National Security Letters — a special type of data request that the FBI can use without going through a judge — than Verizon in 2013: from 2,000 to 3,000 NSL requests, compared with Verizon's range of 1,000 to 2,000. The companies are able to report those numbers thanks to President Obama's recent pledges to improve surveillance transparency.
AT&T goes an extra step and estimates the number of accounts that may have been affected last year by national security requests — an important move, since without that number it's nearly impossible to assess the impact of a government demand. In all, as many as 5,000 customers may have been subjected to investigation by a National Security Letter, and as many as 36,000 could have been affected by requests made under the Foreign Intelligence Surveillance Act.
Another disclosure involves the number of requests that AT&T rejected, challenged or responded to with no information or only partial information. It's interesting to know what AT&T isn't complying with as much as it helps to know what it is responsive to.
We also know that investigators often ask for so-called tower dumps — data gathered by cell towers about customer behavior that is then handed over to the government. This data can often be used to determine a device user's approximate location, as well as other information. According to AT&T, more than 1,000 tower dumps were performed in 2013; out of all the data requests AT&T received last year, however, nearly 38,000 involved some type of request for location data. That's roughly similar to the 35,000 geolocation information requests that Verizon received.
Here are the highlights from AT&T: