Main Topic Privacy

What’s in Your File, Part IV: Verizon

What's in your (Verizon) file?

What's in your (Verizon) file?

A couple of months ago, I sent a FOIA request to the NSA, asking for a copy of my call detail records. The NSA denied my request, and I’ve since filed an appeal. While the appeal process runs its course, I decided to reach out to Verizon, to see if they were willing to provide a copy of my call detail records.

Here’s the letter I wrote to Verizon on January 18th:

Earlier this year, the Guardian published a copy of a national security letter, which compelled Verizon to produce

all call detail records or “telephony metadata” created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls.

I would like to request a copy of my call detail records,

  • for calls originating from my home phone number 781-648-1083,
  • for the one-month period 12/1/2013–12/31/2013,
  • in the same record format that you would have been compelled to
    deliver, under the national security letter mentioned above.

I’d prefer to receive this information in electronic form.

If it’s not possible to deliver an electronic copy, I’d be willing to accept a paper copy; it shouldn’t be more than a page or two.

Thanks for your time and attention.

Here is Verizon’s response, dated January 30, 2014.

Verizon letter, in response to request for call detail records.

In a sentence: we’re not going to respond to you in writing, but please call our customer service line during normal business hours.

I called Verizon’s customer support line (800-837-4966) on February 7th. While navigating the support system menus, the automated attendant informed me

Your privacy is your right, and our responsibility.

Let’s see if Verizon stands up to the claims of their automated voice attendant.

The customer service fellow I spoke with was very helpful, and diligently tried to locate a database containing my call detail records (CDRs). I was told that Verizon had several CDR databases internally, but the customer service representative wasn’t able to find one that contained CDRs for Massachusetts customers. They guy really tried: put me on hold a few times to do research, talked to a couple of supervisors. All told, the call lasted over 30 minutes.

Towards the end of the call, I brought up the national security letter published by the Guardian. “If Verizon was compelled to turn over CDRs to the National Security Agency, then surely you have copies of those records, no?”

At this point, Verizon’s rep said he couldn’t provide any more information, and suggested I call their Legal Compliance Office instead.

Verizon’s Legal Compliance office can be reached at 888-483-2600. I’d like to point out an irony here: Legal Compliance’s phone number ends in “2600“.

The legal compliance guy was somewhat surprised by my call. Legal compliance generally deals with warrants, subpoenas, law enforcement, and other types of legal requests. They generally don’t deal with ordinary customers, asking for copies of their call detail records. The legal compliance guy gave me customer service’s phone number, and suggested I call them instead.

“I spoke to customer service earlier today. They advised me to get in touch with you”.

I talked with the legal compliance guy for a while. Here’s a summary of what I learned.

  • If you have a land line with an unlimited calling plan (which I do), then CDRs aren’t necessary for billing, and Verizon doesn’t retain them. In the words of the legal compliance guy, “If we don’t have the records, we can’t turn them over. This would be our response to any legal request.”
  • Verizon keeps regional and long distance CDRs for up to 18 months, but that’s done for customer convenience (i.e., for customers who want a copy of the long distance numbers they’ve dialed). For local calls, Verizon doesn’t retain CDRs at all.

At first, this sounds very positive. If you have an unlimited calling plan, then Verizon doesn’t need your CDRs, doesn’t save your CDRs, and therefore could not turn your CDRs over to the NSA. At least for land lines.

A day later, I told this story to a few people at a security conference, and their opinions were less optimistic. “You have to remember that the National Security Letter compelled Verizon to turn over future call detail records, not existing ones. I’d assume that Verizon made a separate copy for the NSA, independent of the information they kept for billing.”

That’s a good point. I’d encourage anyone who wants to call Verizon Legal Compliance at 888-483-2600, and ask them about the distinction.

According to the EFF’s Who Has Your Back? 2013 report, Verizon earned a failing grade of zero stars — for the third year in a row. So perhaps I shouldn’t be optimistic. Bear in mind that the EFF report was issued in April 2013, before the Snowden revelations, and some of the Verizon ratings are no longer accurate. For example, Verizon now publishes a transparency report. In 2013, Verizon “received approximately 320,000 requests for customer information from federal, state or local law enforcement in the United States”. Based on a 40 hour work week, that’s 2.56 law enforcement requests per minute, or one request every 24 seconds.

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.