A former Internet expert for the FCC concludes that a secret AT&T installation was most likely used for government surveillance.
A federal court in California released a previously sealed 40-page document on Thursday in the Electronic Frontier Foundation’s lawsuit against AT&T, which bolsters allegations that the telecommunications giant built secret rooms to allow the National Security Agency to conduct widespread surveillance of Internet traffic. The document also paints a detailed scenario of how the NSA may be conducting the top-secret operation, which closely matches information given to Salon by a former AT&T employee who worked at the company’s network operations center in Bridgeton, Mo.
The document, a statement by J. Scott Marcus, a former senior advisor for Internet technology to the Federal Communications Commission, was filed under seal on April 5 on behalf of the EFF to support its class-action suit against AT&T, which alleges that the company violated a number of federal laws in aiding the government’s domestic spying operation against AT&T customers. The court sealed the document because it contained proprietary AT&T information, then ordered AT&T and EFF to work together to produce a redacted version to place in the public record, which they did on Thursday.
EFF asked Marcus to examine records from a former AT&T technician in California named Mark Klein that describe how AT&T reconfigured its network in San Francisco and installed special computer systems in a secret room, allegedly to divert and collect Internet traffic to help the NSA conduct warrantless surveillance. Were the records authentic and was it feasible that they described a government surveillance program, or could the reconfiguration and systems have been put in place for more innocuous uses?
Marcus concludes in his statement that the documents are authentic and, after considering a number of possible reasons for the reconfiguration — such as legitimate network monitoring and maintenance — writes that the system AT&T installed in a secret San Francisco room, and likely other cities, was “exceptionally well suited to a massive, distributed surveillance activity” and that “no other application provides as good an explanation for the combination of engineering choices that were made.”
He considered that the system might be set up to accommodate lawful traffic intercepts under the Communications Assistance for Law Enforcement Act, but deemed this not a credible scenario, since there are far simpler and less expensive solutions for meeting CALEA, which required Internet service providers to make their networks wiretap-ready. He also concludes that given how cash strapped AT&T was in 2002 and 2003 when the expensive changes and additions to the system were made, it is “exceedingly unlikely” that AT&T financed the project on its own. “I therefore conclude that it is highly probable that funding came from an outside source, and consider the U.S. Government to be the most likely source,” he writes in the document.
Over several pages that are redacted at key points, Marcus discusses technical details in the Klein documents that have previously been unavailable. (The Klein documents are under seal, and although some of them have made it to the Internet, others, judging by details revealed by Marcus, have never been made public.) According to Marcus, the Klein documents refer to a “private … backbone network, which appears to partition from AT&T’s main Internet backbone.” This suggests the presence of a private network, Marcus writes, whose existence is “not consistent with normal AT&T practice.”
“The most plausible inference is that this was a covert network that was used to ship data of interest to one or more central locations for still more intensive analysis,” Marcus writes.
The most interesting aspect of the Marcus statement is the clear, though speculative, scenario he provides for how the National Security Agency is likely conducting its surveillance and data collection through that network. Marcus, currently a consultant with WIK-Consult GmbH in Bad Honnef, Germany, was unavailable for comment. But in the statement, he suggests that the secret San Francisco room is connected to two separate networks — the regular commercial network on which e-mail, Web surfing and voice-over Internet Protocol traffic runs, and the second private, covert network that is partitioned off from the regular network and is used to divert traffic that has been copied and sent back to a central collection place. He suggests that massive amounts of data are collected at 15 to 20 locations around the country, where it is automatically screened and winnowed down to only “data of interest” by a special system installed in San Francisco (and likely elsewhere) before it is shipped off to one or two central collection points, where it is processed by powerful computers and analyzed by skilled staff.
This agrees with what several sources told Salon this week. A former AT&T network technician who is well acquainted with AT&T’s common backbone and asked to remain anonymous, told Salon about a secret, heavily secured room located in AT&T’s Bridgeton facility, where the company runs its technical command center from which it manages all of its backbone. From that facility, the company could send commands to any of its 1,500 to 2,000 routers around the country to filter and divert traffic from those locations. To do that, the technician said, AT&T would need to physically place network “sniffers” at key points in the company’s backbone. “There are 10 or 15 data centers located in major cities around the country,” he said. “So they would need to stick [a sniffer] in each of those data centers to capture all the information.” Then the company could easily send commands from the Bridgeton room to the routers in those locations. The commands would indicate what data to collect and where to divert it afterward.
Marcus writes that although the configuration in San Francisco was deployed in early 2003, given AT&T processes, the planning for it was probably underway six to 12 months earlier. This coincides with the timing of the Bridgeton Network Operation Center, which was put in place about eight months before the San Francisco room was configured and was the place from which the work order for the secret room in San Francisco originated.
The Bridgeton room, guarded with a high-tech mantrap with retinal and fingerprint scanners, is restricted to government workers and AT&T employees with top-secret security clearances and is likely just used for remotely monitoring and maintaining the secret rooms around the country and sending commands. Russ Tice, a former NSA officer and senior analyst until last year, told Salon that the data once collected is probably not sent to Bridgeton but instead is diverted to an NSA facility where powerful processing equipment can analyze it.
As for the kind of data collected, Marcus infers from the Klein documents that the configuration in place in San Francisco would enable surveillance of “both overseas and purely domestic traffic.” But the Klein evidence suggests that only “off net” traffic was being collected in San Francisco at the time the documents were written. “Off net” refers to traffic sent between AT&T customers and customers of other ISPs; “on net” traffic is sent strictly between one AT&T customer and another AT&T customer.
Still, this amounts to a lot of data, Marcus says. It would mean that any traffic that passed through AT&T’s network from another ISP or network would be intercepted. He suggests the possibility, however, that authorities could conceivably weed out domestic traffic to collect only international traffic exchanged between an AT&T customer and noncustomer, given that software programs exist that can help distinguish domestic Internet traffic from traffic that travels from outside the United States. But he writes that even with such weeding, some purely domestic traffic would likely slip through the filter.
A hearing on the EFF lawsuit against AT&T is being held in San Francisco Friday to determine whether the case should be thrown out. The Department of Justice has interfered in the case, calling on the court to dismiss it on grounds that national security secrets would be exposed if a trial were to proceed.
More Related Stories
- Here come the tornado truthers. Already
- Peace Corps to allow gay couples to volunteer together
- Moore officials: Funds for "safe rooms" were held up by red tape
- Rand Paul: Congress should apologize to Apple, not the other way around
- Rescue crews race to find tornado survivors
- Looting in Oklahoma?
- Hundreds of low-wage federally contracted workers strike in D.C.
- Okla. mother's tearful reunion with her 8-year-old son
- New campaign compares gun control to anti-LGBT discrimination
- Study: Salt Lake City is gay parenting capital of the U.S.
- Inhofe and Coburn: Red state hypocrites
- Teen activist to meet with Abercrombie CEO
- Watch: Family emerges from storm shelter after tornado
- Must-see morning clip: Barackalypse Now
- Okla. tornado survivor reunited with dog trapped in rubble live on camera
- Is Pope Francis an exorcist?
- Oklahoma death count confirmed at 24, 9 children
- Frantic parents search for children in tornado's wake
- Crews dig through rubble after deadly tornado
- 51 killed in massive Oklahoma tornado
- Don't cry climate-change wolf
Featured Slide Shows
The week in 10 picsclose X
- 1 of 11
Lisa Montgomery embraces her nephew Thursday after a tornado tore apart her home in Cleburne, Texas. The twister killed six people and destroyed entire swaths of the North Texas town.
Credit: AP/LM Otero
Jack McMahon, the defense attorney for abortion doctor Kermit Gosnell, speaks outside the Criminal Justice Center in Philadelphia Tuesday. His client was convicted of killing three babies in his clinic, and will serve multiple life sentences.
Credit: AP/Matt Rourke
A photo taken Monday captures Vice President Joe Biden's response to a Milwaukee second-grader's innovative proposal to end America's epidemic of gun violence. This guy!
Credit: AP/Jenny Aicher
Sen. Rand Paul, R-Ky., flanked by a grouper-eyed Michele Bachmann, addresses the IRS' admission that it targeted Tea Party groups in advance of the 2012 election. In an op-ed for CNN Thursday, the Kentucky senator slammed the president for his faux outrage.
Credit: AP/Molly Riley
Ousted IRS chief Steven Miller is sworn in on Capitol Hill Friday. Miller testified before the House Ways and Means Committee on the extra scrutiny the agency gave conservative groups applying for tax-exempt status.
Credit: AP/J. Scott Applewhite
Attorney General Eric Holder pauses as he testifies on Capitol Hill before the House Judiciary Committee Wednesday. Holder is under fire, among other things, for the Justice Department's gathering of phone records at the Associated Press.
Credit: AP/Carolyn Kaster
O.J. Simpson sits during an evidentiary hearing at Clark County District Court in Las Vegas, Nev., Thursday. Simpson, who is currently serving a nine-to-33-year sentence in state prison for armed robbery and kidnapping, is using a writ of habeas corpus to seek a new trial.
Credit: AP/Las Vegas Review-Journal/Jeff Scheid
Major Tom to ground control: On Sunday astronaut Chris Hadfield recorded the first music video from space, a cover of David Bowie's "Space Oddity."
Credit: AP/NASA/Chris Hadfield
When it rains it pours. President Barack Obama speaks during a news conference Thursday with Turkish Prime Minister Recep Tayyip Erdogan, inexplicably inspiring an #umbrellagate Twitter meme.
Credit: AP/Jacquelyn Martin
A smoke plume rises high above a road block at the intersection of County A and Ross Road east of Solon Springs, Wis., Tuesday. No injuries were reported, but the the wildfire caused evacuations across northwestern Wisconsin.
Credit: AP/The Duluth News-Tribune/Clint Austin
Recent Slide Shows
- 1 of 11
Kim Zetter is a freelance writer based near San Francisco.