New light on NSA spying

A former Internet expert for the FCC concludes that a secret AT&T installation was most likely used for government surveillance.


New light on NSA spying

A federal court in California released a previously sealed 40-page document on Thursday in the Electronic Frontier Foundation’s lawsuit against AT&T, which bolsters allegations that the telecommunications giant built secret rooms to allow the National Security Agency to conduct widespread surveillance of Internet traffic. The document also paints a detailed scenario of how the NSA may be conducting the top-secret operation, which closely matches information given to Salon by a former AT&T employee who worked at the company’s network operations center in Bridgeton, Mo.

The document, a statement by J. Scott Marcus, a former senior advisor for Internet technology to the Federal Communications Commission, was filed under seal on April 5 on behalf of the EFF to support its class-action suit against AT&T, which alleges that the company violated a number of federal laws in aiding the government’s domestic spying operation against AT&T customers. The court sealed the document because it contained proprietary AT&T information, then ordered AT&T and EFF to work together to produce a redacted version to place in the public record, which they did on Thursday.

EFF asked Marcus to examine records from a former AT&T technician in California named Mark Klein that describe how AT&T reconfigured its network in San Francisco and installed special computer systems in a secret room, allegedly to divert and collect Internet traffic to help the NSA conduct warrantless surveillance. Were the records authentic and was it feasible that they described a government surveillance program, or could the reconfiguration and systems have been put in place for more innocuous uses?

Marcus concludes in his statement that the documents are authentic and, after considering a number of possible reasons for the reconfiguration — such as legitimate network monitoring and maintenance — writes that the system AT&T installed in a secret San Francisco room, and likely other cities, was “exceptionally well suited to a massive, distributed surveillance activity” and that “no other application provides as good an explanation for the combination of engineering choices that were made.”

He considered that the system might be set up to accommodate lawful traffic intercepts under the Communications Assistance for Law Enforcement Act, but deemed this not a credible scenario, since there are far simpler and less expensive solutions for meeting CALEA, which required Internet service providers to make their networks wiretap-ready. He also concludes that given how cash strapped AT&T was in 2002 and 2003 when the expensive changes and additions to the system were made, it is “exceedingly unlikely” that AT&T financed the project on its own. “I therefore conclude that it is highly probable that funding came from an outside source, and consider the U.S. Government to be the most likely source,” he writes in the document.

Over several pages that are redacted at key points, Marcus discusses technical details in the Klein documents that have previously been unavailable. (The Klein documents are under seal, and although some of them have made it to the Internet, others, judging by details revealed by Marcus, have never been made public.) According to Marcus, the Klein documents refer to a “private … backbone network, which appears to partition from AT&T’s main Internet backbone.” This suggests the presence of a private network, Marcus writes, whose existence is “not consistent with normal AT&T practice.”

“The most plausible inference is that this was a covert network that was used to ship data of interest to one or more central locations for still more intensive analysis,” Marcus writes.

The most interesting aspect of the Marcus statement is the clear, though speculative, scenario he provides for how the National Security Agency is likely conducting its surveillance and data collection through that network. Marcus, currently a consultant with WIK-Consult GmbH in Bad Honnef, Germany, was unavailable for comment. But in the statement, he suggests that the secret San Francisco room is connected to two separate networks — the regular commercial network on which e-mail, Web surfing and voice-over Internet Protocol traffic runs, and the second private, covert network that is partitioned off from the regular network and is used to divert traffic that has been copied and sent back to a central collection place. He suggests that massive amounts of data are collected at 15 to 20 locations around the country, where it is automatically screened and winnowed down to only “data of interest” by a special system installed in San Francisco (and likely elsewhere) before it is shipped off to one or two central collection points, where it is processed by powerful computers and analyzed by skilled staff.

This agrees with what several sources told Salon this week. A former AT&T network technician who is well acquainted with AT&T’s common backbone and asked to remain anonymous, told Salon about a secret, heavily secured room located in AT&T’s Bridgeton facility, where the company runs its technical command center from which it manages all of its backbone. From that facility, the company could send commands to any of its 1,500 to 2,000 routers around the country to filter and divert traffic from those locations. To do that, the technician said, AT&T would need to physically place network “sniffers” at key points in the company’s backbone. “There are 10 or 15 data centers located in major cities around the country,” he said. “So they would need to stick [a sniffer] in each of those data centers to capture all the information.” Then the company could easily send commands from the Bridgeton room to the routers in those locations. The commands would indicate what data to collect and where to divert it afterward.

Marcus writes that although the configuration in San Francisco was deployed in early 2003, given AT&T processes, the planning for it was probably underway six to 12 months earlier. This coincides with the timing of the Bridgeton Network Operation Center, which was put in place about eight months before the San Francisco room was configured and was the place from which the work order for the secret room in San Francisco originated.

The Bridgeton room, guarded with a high-tech mantrap with retinal and fingerprint scanners, is restricted to government workers and AT&T employees with top-secret security clearances and is likely just used for remotely monitoring and maintaining the secret rooms around the country and sending commands. Russ Tice, a former NSA officer and senior analyst until last year, told Salon that the data once collected is probably not sent to Bridgeton but instead is diverted to an NSA facility where powerful processing equipment can analyze it.

As for the kind of data collected, Marcus infers from the Klein documents that the configuration in place in San Francisco would enable surveillance of “both overseas and purely domestic traffic.” But the Klein evidence suggests that only “off net” traffic was being collected in San Francisco at the time the documents were written. “Off net” refers to traffic sent between AT&T customers and customers of other ISPs; “on net” traffic is sent strictly between one AT&T customer and another AT&T customer.

Still, this amounts to a lot of data, Marcus says. It would mean that any traffic that passed through AT&T’s network from another ISP or network would be intercepted. He suggests the possibility, however, that authorities could conceivably weed out domestic traffic to collect only international traffic exchanged between an AT&T customer and noncustomer, given that software programs exist that can help distinguish domestic Internet traffic from traffic that travels from outside the United States. But he writes that even with such weeding, some purely domestic traffic would likely slip through the filter.

A hearing on the EFF lawsuit against AT&T is being held in San Francisco Friday to determine whether the case should be thrown out. The Department of Justice has interfered in the case, calling on the court to dismiss it on grounds that national security secrets would be exposed if a trial were to proceed.

Kim Zetter is a freelance writer based near San Francisco.

More Related Stories

Featured Slide Shows

  • Share on Twitter
  • Share on Facebook
  • 1 of 11
  • Close
  • Fullscreen
  • Thumbnails
    Burger King Japan

    2014's fast food atrocities

    Burger King's black cheeseburger: Made with squid ink and bamboo charcoal, arguably a symbol of meat's destructive effect on the planet. Only available in Japan.

    Elite Daily/Twitter

    2014's fast food atrocities

    McDonald's Black Burger: Because the laws of competition say that once Burger King introduces a black cheeseburger, it's only a matter of time before McDonald's follows suit. You still don't have to eat it.


    2014's fast food atrocities

    Domino's Specialty Chicken: It's like regular pizza, except instead of a crust, there's fried chicken. The company's marketing officer calls it "one of the most creative, innovative menu items we have ever had” -- brain power put to good use.


    2014's fast food atrocities

    Arby's Meat Mountain: The viral off-menu product containing eight different types of meat that, on second read, was probably engineered by Arby's all along. Horrific, regardless.


    2014's fast food atrocities

    KFC'S ZINGER DOUBLE DOWN KING: A sandwich made by adding a burger patty to the infamous chicken-instead-of-buns creation can only be described using all caps. NO BUN ALL MEAT. Only available in South Korea.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Waffle Taco: It took two years for Taco Bell to develop this waffle folded in the shape of a taco, the stand-out star of its new breakfast menu.

    Michele Parente/Twitter

    2014's fast food atrocities

    Krispy Kreme Triple Cheeseburger: Only attendees at the San Diego County Fair were given the opportunity to taste the official version of this donut-hamburger-heart attack combo. The rest of America has reasonable odds of not dropping dead tomorrow.

    Taco Bell

    2014's fast food atrocities

    Taco Bell's Quesarito: A burrito wrapped in a quesadilla inside an enigma. Quarantined to one store in Oklahoma City.

    2014's fast food atrocities

    Boston Pizza's Pizza Cake: The people's choice winner of a Canadian pizza chain's contest whose real aim, we'd imagine, is to prove that there's no such thing as "too far." Currently in development.


    2014's fast food atrocities

    7-Eleven's Doritos Loaded: "For something decadent and artificial by design," wrote one impassioned reviewer, "it only tasted of the latter."

  • Recent Slide Shows



Comment Preview

Your name will appear as username ( settings | log out )

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>