New light on NSA spying

A former Internet expert for the FCC concludes that a secret AT&T installation was most likely used for government surveillance.

By Kim Zetter

Read more: AT&T, Politics, News, National Security Agency

June 23, 2006 | A federal court in California released a previously sealed 40-page document on Thursday in the Electronic Frontier Foundation's lawsuit against AT&T, which bolsters allegations that the telecommunications giant built secret rooms to allow the National Security Agency to conduct widespread surveillance of Internet traffic. The document also paints a detailed scenario of how the NSA may be conducting the top-secret operation, which closely matches information given to Salon by a former AT&T employee who worked at the company's network operations center in Bridgeton, Mo.

The document, a statement by J. Scott Marcus, a former senior advisor for Internet technology to the Federal Communications Commission, was filed under seal on April 5 on behalf of the EFF to support its class-action suit against AT&T, which alleges that the company violated a number of federal laws in aiding the government's domestic spying operation against AT&T customers. The court sealed the document because it contained proprietary AT&T information, then ordered AT&T and EFF to work together to produce a redacted version to place in the public record, which they did on Thursday.

EFF asked Marcus to examine records from a former AT&T technician in California named Mark Klein that describe how AT&T reconfigured its network in San Francisco and installed special computer systems in a secret room, allegedly to divert and collect Internet traffic to help the NSA conduct warrantless surveillance. Were the records authentic and was it feasible that they described a government surveillance program, or could the reconfiguration and systems have been put in place for more innocuous uses?

Marcus concludes in his statement that the documents are authentic and, after considering a number of possible reasons for the reconfiguration -- such as legitimate network monitoring and maintenance -- writes that the system AT&T installed in a secret San Francisco room, and likely other cities, was "exceptionally well suited to a massive, distributed surveillance activity" and that "no other application provides as good an explanation for the combination of engineering choices that were made."

He considered that the system might be set up to accommodate lawful traffic intercepts under the Communications Assistance for Law Enforcement Act, but deemed this not a credible scenario, since there are far simpler and less expensive solutions for meeting CALEA, which required Internet service providers to make their networks wiretap-ready. He also concludes that given how cash strapped AT&T was in 2002 and 2003 when the expensive changes and additions to the system were made, it is "exceedingly unlikely" that AT&T financed the project on its own. "I therefore conclude that it is highly probable that funding came from an outside source, and consider the U.S. Government to be the most likely source," he writes in the document.

Over several pages that are redacted at key points, Marcus discusses technical details in the Klein documents that have previously been unavailable. (The Klein documents are under seal, and although some of them have made it to the Internet, others, judging by details revealed by Marcus, have never been made public.) According to Marcus, the Klein documents refer to a "private ... backbone network, which appears to partition from AT&T's main Internet backbone." This suggests the presence of a private network, Marcus writes, whose existence is "not consistent with normal AT&T practice."

"The most plausible inference is that this was a covert network that was used to ship data of interest to one or more central locations for still more intensive analysis," Marcus writes.

Next page: A detailed look at how the NSA wound its way into the Internet