A Virginia-based law enforcement data sharing ring, which allows signatory police agencies to share and analyze seized "telephone intelligence information," was first proposed by federal prosecutors, according to new documents obtained by Ars. Federal involvement suggests that there could be more such databases in other parts of the country.

"It’s unsurprising to see the feds encouraging local law enforcement agencies to create these localized databases," Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, told Ars. "In fact, there’s a whole division within the Department of Justice that focuses on educating and advancing local law enforcement interests, the National Institute of Justice. And so I would imagine there are others."

As Ars reported last month, according to a memorandum of understanding (MOU) first published by the Center for Investigative Reporting, the police departments from Hampton, Newport News, Norfolk, Chesapeake, and Suffolk all participate in something called the "Hampton Roads Telephone Analysis Sharing Network," or HRTASN.

The database compiles both content copied from phones and metadata gleaned from phone usage—some obtained under the authority of a warrant, some via a court order, and some via a mere subpoena. Some state legal experts have questioned whether such an umbrella database is legal under Virginia law. Rob Poggenklass, a staff attorney at the American Civil Liberties Union of Virginia, told Ars that he believes the database is in violation of Virginia's Government Data Collection and Dissemination Practices Act.

A document that Ars recently obtained under a public records request from the City of Norfolk shows that an analyst from the United States Attorney’s Office in the Eastern District of Virginia was, in fact, the creator of HRTASN. That document, which appears to date from 2011, is called "A Proposal for Creation of the Hampton Roads Telephone Intercept Sharing Network."

The 13-page presentation was authored by Paul Swartz, an investigative analyst. His LinkedIn profile indicates that, prior to joining the federal government, Swartz worked for over 20 years at the Newport News Police Department, retiring at the rank of sergeant. Swartz initially did not return Ars’ requests for comment, but then referred Ars to Joshua Stueve, a US Attorney's Office spokesman, who also did not respond to requests for comment.

Welcome to the “Wire Room”

The document explains just how revelatory data obtained about and from a mobile phone can be. Not surprisingly, law enforcement can identify "family members," "legitimate business associates," and "criminal associates" by looking at phone records. By using "cell-site monitoring," better known as a stingray, law enforcement can also glean "methods of operation."

The proposal also indicates that pen registers, which can record phone numbers dialed and received and are easily obtained through a court order, may not be quite as pervasive as some critics have feared—due to expense.

Getting a judge to sign off on a pen register is a far lower standard than being forced to show probable cause for a search warrant or wiretap order. Such a wiretap order requires law enforcement to not only specifically describe the alleged crimes but also to demonstrate that all other means of investigation had been exhausted or would fail if they were attempted.

In the pre-cellphone era, a "pen register, trap and trace order," which is granted by a judge, allowed law enforcement to obtain someone's calling metadata in near real-time. Now, that same data can also be gathered directly by the cops themselves through the use of a cell-site simulator, also known as a stingray. Stingrays, however, also can be used to intercept calls and text messages—and the device doesn't just work against one target phone but also against other phones that may happen to be nearby.

The document seems to suggest that the Newport News Police Department—which operates in a city of 180,000 people—had only conducted 77 pen registers at the time that the document was written. Meanwhile, the Peninsula Narcotics Enforcement Task Force had undertaken 29, while the Virginia Beach Police Department had done just six.

"Mostly deferred to federal agencies," the document notes, citing the FBI, Drug Enforcement Agency, and Immigration and Customs Enforcement as agencies better equipped to handle such techniques.

So why don’t more cities try to use pen registers in police operations? Local cops apparently aren’t trained in how to gather, store, and analyze such data. Plus, getting that data isn’t cheap; mobile phone companies charge anywhere from $1,500 to $3,000 for 60 days of access.

The slide deck also shows a picture of the federally run "David G. Wilhelm Wire Room"—which, amazingly enough, sports a poster of the hit HBO TV show The Wire. Wilhelm was an Atlanta-based Immigration and Customs Enforcement (ICE) Assistant Special Agent in Charge (ASAC) who was killed in the line of duty in 2005. A diagram seems to suggest that the "wire room" is the heart of the entire operation.

"The goal is to try to avoid costs or at least bring down costs by letting more law enforcement agencies access the data from one pen register," Jesselyn Radack, a well-known national security attorney and former ethics adviser to the United States Department of Justice, told Ars after reviewing the presentation. (She is also currently one of the attorneys representing whistleblower Edward Snowden.)

The documents do not fully explain what is being done, but they seem to suggest that each time a pen register order is granted or phone data is seized, this information is compiled into a larger database for later querying.

"I would imagine they would still need pen register authority to actually query the database and get the records, but perhaps this tech enables them to get the records themselves rather than go to the provider every time?" Fakhoury added. "I’m not really sure. Plus I think pooling all the data for analysis and mining probably reduces the need to get pen register orders as the investigation continues."

“The bigger problem is the lack of oversight”

Radack also noted that there was another larger problem here.

"What jumps out most though is the surveillance creep it reflects—the idea that all intelligence and law enforcement agencies need access to the biggest possible haystack—an idea that has not proven successful given the originator of the ‘big haystack’ mentality [the National Security Agency] has been unable to properly gather intelligence from the data, and in fact misses actionable intelligence," she added. "The goal here seems to be to get local law enforcement agencies to do more digital surveillance or at least be able to get a piece from the databases."

However, some of the tactics outlined in the presentation may no longer be legal as per the unanimous California v. Riley Supreme Court decision from earlier this year, which found that law enforcement cannot search a mobile phone without a warrant.

Specifically, the document asks: "How many local [law enforcement] agencies download/document the contents of seized phones? Many."

"There are certainly privacy implications at giving more agencies access to the information," Radack concluded.

"The bigger problem is the lack of oversight. A court authorizes a pen register for one target in one investigation and then that information is moved to a database for who knows what future investigation or what future target or suspected target. It’s not clear who—if anyone—is making sure stored info is used legitimately."