The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls, according to government officials.
The cooperation is conducted under a voluntary contract, not under subpoenas or court orders compelling the company to participate, according to the officials. The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.
The program adds a new dimension to the debate over government spying and the privacy of communications records, which has been focused on National Security Agency programs in recent months. The disclosure sheds further light on the ties between intelligence officials and communications service providers. And it shows how agencies beyond the N.S.A. use metadata — logs of the date, duration and phone numbers involved in a call, but not the content — to analyze links between people through programs regulated by an inconsistent patchwork of legal standards, procedures and oversight.
Since June, when documents leaked by the former N.S.A. contractor Edward J. Snowden began to surface, an international debate has erupted over the scope of N.S.A. surveillance and the agency’s relationships with American companies that operate networks or provide Internet communications services. Many of the companies have protested that they are legally compelled to cooperate. The AT&T-C.I.A. arrangement illustrates that such activities are not limited to the N.S.A., and that cooperation sometimes is voluntary.
AT&T has a history of working with the government. It helped facilitate the Bush administration’s warrantless surveillance program by allowing the N.S.A. to install secret equipment in its phone and Internet switching facilities, according to an account by a former AT&T technician made public in a lawsuit.
It was also one of three phone companies that embedded employees from 2003 to around 2007 in an F.B.I. facility, where they used company databases to provide quick analysis of call records. The embedding was shut down amid criticism by the Justice Department’s inspector general that officers were obtaining Americans’ call data without issuing subpoenas.