[imroot]

I'm no longer under this specific NDA, so, I can talk a bit about this.

It was well known in the wireless industry that ATT collected and kept the most data on all of the carriers: 7 years for text metadata, "7 years" for call history (I put that in quotations because it was rumored that ATT kept them indefinitely, but, there were technical limitations for restoring data that far back), and 7 years for the contents of the text messages themselves. Verizon was up there as well, but, I don't remember specifics.

The carrier that I worked with kept only 3 days content of the actual messages, 28 days for the text message metadata, and 28 days for the call records for their enforcement database, but, they could get calling records and sms envelope information for billing back 7 years, and at the time, we had to implement sharding at the database layer that maintained the warrant database due to the amount of traffic that we were receiving from the calling systems and the amount of queries/data that we were sending out, in near realtime, to law enforcement users who paid $10,000/month for access to that data.

AT&T wasn't storing this data out of the kindness of their heart, it was a (probably small) revenue stream for them.

[mozman]

Ah, back in the day the FBI would pay our CTO $5000/hr to talk to and work with him. On top of that we would charge them a monthly colo fee for their equipment that collected data of customers.

Sometimes they had warrants, but mostly just bought the data.

A year or so after 9/11 and that relationship lasted years.

[niutech]

Welcome to the US - claimed "praiser" of freedom, but with no respect for privacy. Even the EU is better at maintaining privacy than the US.

[twelve40]

the EU is much more aggressive at banning and censoring websites though. I can't recall the last time I ran into a website in the US that's blocked at the provider level (private moderation like e.g. Youtube is a different story). Maybe Tiktok is the most famous, but it's still around and available afaik. But in the EU, ran into "the government has decided this information is bad for you" all the time, with a nice notice from the internet provider. My hunch is that under various pretexts both societies will continue to drift towards more censorship and less privacy, perhaps with some temporary local differences.

[niutech]

It depends on the country, the EU doesn't have the same laws for Internet censorship. Still in most EU countries it is better than in the US: https://en.wikipedia.org/wiki/Internet_censorship_and_survei...

[fennecbutt]

I've never encountered anything like that while over here.

[whamlastxmas]

Retention periods seem like a moot point if the government just slurps every piece of data anyway and stores it indefinitely

[smegger001]

Not everyone in law enforcement gets to play with the NSA's toys though. Some actually have their warrant and subpoenas glanced at by a judge before it gets rubber stamped.

[mrandish]

While being briefly "glanced at" by a judge is certainly better than nothing (or just already having the data like NSA), practically it just means law enforcement needs to adapt some generic boilerplate justification text to each request.

[toomuchtodo]

Thank you for sharing this, it is helpful context when discussing data security and privacy with regulators and federal Congressional reps.

[theGnuMe]

They keep personal customer details like SSNs indefinitely despite no longer being a customer.