FOIA Litigation Win Frees Up A Little More Info About The DEA’s Hemisphere Program
A startling government surveillance program that involved government investigators embedded in AT&T offices was accidentally released in response to an FOIA request (seeking documents about something else entirely) more than a decade ago.
But, since 2013, there’s still plenty that’s unknown about the DEA’s Hemisphere program. What’s known is this: the DEA was able to collect phone records in pretty much real-time, on-demand from AT&T. This went further than even the NSA’s bulk collection of phone records under its Section 215 authority — something that was ultimately shuttered by the agency after it found it impossible to comply with legislated reforms. On top of that, pulling data from landlines was far less useful than it used to be before everyone moved to mobile phones.
The DEA’s program, however, may still be running. If it is, it certainly can’t have improved over the last decade. We do know its problematic and easily abused — something made (almost) clear by a 2019 report by the DOJ Inspector General.
We still don’t have access to a fully un-redacted report. Unbelievably, the Inspector General’s office allowed the DEA to tell it what to redact from its 2019 report, allowing it to control the narrative, at least to a certain extent. Fortunately, some of those redactions have been excised, thanks to FOIA litigation by the Cato Institute.
In apparent response to a successful Cato Institute administrative appeal under the Freedom of Information Act (FOIA), the Department of Justice Inspector General’s (DoJ IG) office released today additional, highly revelatory data on a Drug Enforcement Administration (DEA) mass electronic surveillance program code-named HEMISPHERE.
[…]
Today, that less redacted version of the DoJ IG report was released on the IG’s website, and it provides further disturbing evidence of the symbiotic relationship between federal law enforcement and major telecommunications providers in the employment of warrantlessly obtained commercially collected data for surveillance and investigative purposes.
The full(er) report [PDF] provides a few more details to the Hemisphere picture. What’s known is that AT&T has generated “billions” of call records and provided access to them for more 15 years. Unlike the phone data harvested by the NSA under Section 215, there’s no expiration date on this data and, since it’s technically held by a private company, it’s up to AT&T to decide when (or if) the phone records are purged. Additionally, AT&T provided location data for mobile service users, something the NSA’s bulk collection didn’t contain.
What gets a bit more revealed here is the massive legal gray area that the program operated in. Both the DEA and the FBI requested more legal clarity from the DOJ. The FBI seemed to have genuine concerns about possible illegal misuse of this database. The DEA seemed a bit more interested in just getting a blanket “this all looks legal to us” green light from the office of legal counsel.
Even though the program had been in use since early 2007, it was more than a half-decade later that any sort of legal memo was issued. What arrived was way too little, far too late. Here’s the Inspector General’s take on the so-called legal authority the DEA relied on to exploit this ultra-cozy relationship with AT&T:
We found no evidence of any written legal analysis of the legal issues described above or of any other expected DEA use of Hemisphere in advance of the program. Indeed, it was not until January 2013, more than 5 years after the program began, that the DEA completed a robust written legal assessment, albeit in a draft memorandum that [name redacted] never memorialized into a final product or distributed to users. We believe that several earlier events should have alerted the DEA to the need for a careful legal review.
The 2019 report notes that the program is inactive. But it does state that — due to this lack of legal clarity — there’s nothing preventing the DEA (or FBI) from seeking this sort of arrangement with phone service providers in the future. It recommends the DEA seek a full legal assessment of this program, as well as any others it might be pursuing to replace it and have that in place before it moves forward with similar bulk record access. As Senator Ron Wyden made clear in 2023, the DEA has already moved forward with a program that’s basically Hemisphere 2.0. And, given that the DEA has refused to discuss this newer program with congressional leaders, it’s a safe bet there’s no controlling legal assessment in place to prevent history from repeating.