Writing AT&T Search Warrants

November 18, 2023
Featured image for “Writing AT&T Search Warrants”

Telecommunication service providers are the driving force behind our mobile phones’ capabilities, offering a range of services such as transmitting voice, data, text, sound, and video. These services are facilitated by a sophisticated mix of wired and wireless technologies, enabling seamless global communication. While the focus is often on the technology within our smartphones, the underlying infrastructure that transmits our voices and data around the world at incredible speeds is equally remarkable. For law enforcement, the potential to collect evidence from these telecommunication providers is equally astounding, opening new avenues for investigations and intelligence gathering. This article focuses specifically on AT&T how their tech works, and writing AT&T search warrants.

AT&T Background

AT&T Inc. is an American multinational conglomerate holding company that provides landline telephone, wireless communications, broadband internet, digital television, and managed networking. It is the world’s largest telecommunications company, and the second largest provider of mobile telephone services. AT&T’s telecommunications branch provides wireless services in the United States, Puerto Rico and the U.S. Virgin Islands and is the largest wireless carrier in the United States with over 176 million subscribers. AT&T also owns the cellular provider Cricket Wireless.
As one of its many products, AT&T offers internet connectivity to both residential and commercial customers through its “AT&T Internet” service. AT&T delivers most U-verse service over a fiber communication network that carries all data (Internet, IPTV, and Voice over IP) between the service provider and the customer’s home. AT&T is also recognized for its advancements in 5G technology.

Regardless if the target account is a landline, internet or wireless customer, search warrants must be addressed to:

Attn: Global Legal Demands Center
11760 US Highway 1, Suite 300
North Palm Beach, FL 33408
Phone: (800) 635-6840
Fax: (888) 938-4715
Additionally, AT&T requests that search warrants be served via email: gldc@att.com

Drafting AT&T Search Warrants

AT&T search warrants require a base understanding of telecommunications networks and those features unique to AT&T. Similar to T-Mobile, the bulk of available records are Call Data Records (CDR). CDRs are logs that document the details of a telephone call or other telecommunications transactions that passes through the telecom. They were originally created to track calls for billing purposes and some CDR returns still how cost per minute charges. AT&T’s Call Detail Records (CDR) consist of:

  • Incoming & outgoing calls (phone numbers included)
  • Sent & received SMS & MMS (no content)
  • IMEI & IMSI numbers (if present)
  • Service codes that indicate call actions (ie. call forwarded, sent to voicemail, etc.)
  • Duration of the call and completed or answer status.
  • Cell tower(s) that the handset connected to during the call. (beginning, ending and in between)
  • Mobile data usage as bytes uploaded / downloaded.Location data known as PCMD

AT&T has a limitation in their CDR system that limits calls to 60 minutes in their records. If the caller has an active call that is longer than 60 minutes, a second “call” will be logged in the CDR.

Another interesting aspect of AT&T’s network is how calls and data are handled differently. When phones on the AT&T network are on calls, they prefer to connect to the closest tower. This ensures the best quality signal and helps to prevent dropped calls. Although calls and mobile data are sent through the same antennas on a tower, AT&T may provide mobile data from a different tower that may not be the closest.

AT&T is the only major telecom that stores text message content. Text messages are limited to Simple Message Service (SMS) and Multimedia Messaging Service (MMS); AT&T cannot produce the contents of messages sent through third-party apps like iMessage or WhatsApp. California law enforcement should be aware that anything beyond subscriber information must comply with the California Electronic Communications Privacy Act (CalECPA)

Per Call Measurement Data & Location

Per Call Measurement Data (PCMD) is used to determine the distance of a mobile phone from a specific cell tower during a call. AT&T uses Timing Advance (TA) for E911 services to pinpoint a subscriber’s location​ with a reported accuracy of about 10 meters. Timing Advance achieves this by measuring the time it takes for a signal to travel from a mobile device to three or more network antennas, thereby determining a more precise position of the device​. AT&T’s PCMD records were known as “NELOS” data, but they have since retired that name after switching to a system similar to T-Mobiles. The accuracy of Timing Advance locations can vary widely based on a variety of factors, often environmental with some as good as 6 meters or as poor as 1,000+ meters.

AT&T Landline and Internet

AT&T got their start providing wired telephone services to residential and business customers and maintains the largest landline telephone network. The records available for landline customers also consist of subscriber information and CDRs, however, Call Data Records will not have tower or location records. They will consist of incoming calls, outgoing calls, duration, answered/missed status, and records of voicemails. AT&T Internet, also known as AT&T U-Verse, maintains records of both the subscriber’s billing address and service address as well as data usage.