In the HBO hit series The Wire, disposable cell phones were the bane of detectives' lives. Drug dealers obtained these prepaid "burners" in mass quantities with cash at multiple stores hundreds of miles away from where they were used. After a week or two of use, a crook would destroy one cheap handset and fetch a new one. The Baltimore Police detectives' inability to tap the phones stymied their investigation into one of the city's most ruthless crime families—until they found a way to track the devices.

The National Security Agency may have made a similar breakthrough. Cato Institute researcher and Ars alum Julian Sanchez recently pulled a few sentences from a 2009 declaration by NSA Director Keith Alexander. They describe an unnamed tool that routinely accessed the vast database of call records assembled by the NSA. Sanchez argues that the purpose may be to identify burner phones used by NSA targets. The tool, according to Alexander's declaration:

was automatically invoked to support certain types of analytical research. Specifically, to help analysts identify a phone number of interest. If an analyst conducted research supported by [REDACTED] the analyst would receive a generic notification that NSA’s signals intelligence (“SIGINT”) databases contained one or more references to the telephone identifier in which the analyst was interested; a count of how many times the identifier was present in SIGINT databases; the dates of the first and last call events associated with the identifier; a count of how many other unique telephone identifiers had direct contact with the identifier that was the subject of the analyst’s research; the total number of calls made to or from the telephone identifier that was the subject of the analyst’s research; the ratio of the count of total calls to the count of unique contacts; and the amount of time it took to process the analyst’s query. [REDACTED] did not return to the analyst the actual telephone identifier(s) that were in contact with the telephone identifier that was the subject of the analyst’s research and the analyst did not receive a listing of the individual NSA databases that were queried by [REDACTED].

Sanchez writes:

Let's consider, then, the very specific data this query tool was designed to return: The times and dates of the first and last call events, but apparently not the times and dates of calls between those endpoints. In other words, this tool is supporting analytic software that only cares when a phone went online, and when it stopped being used. It also gets the total number of calls, and the ratio of unique contacts to calls, but not the specific numbers contacted. Why, exactly, would this limited set of information be useful? And why, in particular, might you want to compare that information across a large number of phones there’s not yet any particular reason to suspect? One possibility that jumps out at me—and perhaps anyone else who’s a fan of The Wire—is that this is the kind of information you would want if you were trying to identify disposable prepaid "burner" phones being used by a target who routinely cycles through cell phones as a countersurveillance tactic. The number of unique contacts and call/contact ratio would act as a kind of rough fingerprint—you’d assume a phone being used for dedicated clandestine purposes to be fairly consistent on that score—while the first/last call dates help build a timeline: You’re looking for a series of phones that are used for a standard amount of time, and then go dead just as the next phone goes online.

Burner phones were also a major tool used by characters in Breaking Bad to evade surveillance by the Drug Enforcement Agency. If Sanchez's interpretation of Alexander's comments is correct, burners may also be a real-world headache to NSA analysts.

Hat tip: Schneier blog.