The most interesting aspect of the Marcus statement is the clear, though speculative, scenario he provides for how the National Security Agency is likely conducting its surveillance and data collection through that network. Marcus, currently a consultant with WIK-Consult GmbH in Bad Honnef, Germany, was unavailable for comment. But in the statement, he suggests that the secret San Francisco room is connected to two separate networks -- the regular commercial network on which e-mail, Web surfing and voice-over Internet Protocol traffic runs, and the second private, covert network that is partitioned off from the regular network and is used to divert traffic that has been copied and sent back to a central collection place. He suggests that massive amounts of data are collected at 15 to 20 locations around the country, where it is automatically screened and winnowed down to only "data of interest" by a special system installed in San Francisco (and likely elsewhere) before it is shipped off to one or two central collection points, where it is processed by powerful computers and analyzed by skilled staff.
This agrees with what several sources told Salon this week. A former AT&T network technician who is well acquainted with AT&T's common backbone and asked to remain anonymous, told Salon about a secret, heavily secured room located in AT&T's Bridgeton facility, where the company runs its technical command center from which it manages all of its backbone. From that facility, the company could send commands to any of its 1,500 to 2,000 routers around the country to filter and divert traffic from those locations. To do that, the technician said, AT&T would need to physically place network "sniffers" at key points in the company's backbone. "There are 10 or 15 data centers located in major cities around the country," he said. "So they would need to stick [a sniffer] in each of those data centers to capture all the information." Then the company could easily send commands from the Bridgeton room to the routers in those locations. The commands would indicate what data to collect and where to divert it afterward.
Marcus writes that although the configuration in San Francisco was deployed in early 2003, given AT&T processes, the planning for it was probably underway six to 12 months earlier. This coincides with the timing of the Bridgeton Network Operation Center, which was put in place about eight months before the San Francisco room was configured and was the place from which the work order for the secret room in San Francisco originated.
The Bridgeton room, guarded with a high-tech mantrap with retinal and fingerprint scanners, is restricted to government workers and AT&T employees with top-secret security clearances and is likely just used for remotely monitoring and maintaining the secret rooms around the country and sending commands. Russ Tice, a former NSA officer and senior analyst until last year, told Salon that the data once collected is probably not sent to Bridgeton but instead is diverted to an NSA facility where powerful processing equipment can analyze it.
As for the kind of data collected, Marcus infers from the Klein documents that the configuration in place in San Francisco would enable surveillance of "both overseas and purely domestic traffic." But the Klein evidence suggests that only "off net" traffic was being collected in San Francisco at the time the documents were written. "Off net" refers to traffic sent between AT&T customers and customers of other ISPs; "on net" traffic is sent strictly between one AT&T customer and another AT&T customer.
Still, this amounts to a lot of data, Marcus says. It would mean that any traffic that passed through AT&T's network from another ISP or network would be intercepted. He suggests the possibility, however, that authorities could conceivably weed out domestic traffic to collect only international traffic exchanged between an AT&T customer and noncustomer, given that software programs exist that can help distinguish domestic Internet traffic from traffic that travels from outside the United States. But he writes that even with such weeding, some purely domestic traffic would likely slip through the filter.
A hearing on the EFF lawsuit against AT&T is being held in San Francisco Friday to determine whether the case should be thrown out. The Department of Justice has interfered in the case, calling on the court to dismiss it on grounds that national security secrets would be exposed if a trial were to proceed.
About the writer
Kim Zetter is an investigative reporter based in the San Francisco Bay Area.
Related Stories
Is the NSA spying on U.S. Internet traffic?
Salon exclusive: Two former AT&T employees say the telecom giant has maintained a secret, highly secure room in St. Louis since 2002. Intelligence experts say it bears the earmarks of a National Security Agency operation.
06/21/06
Story finder (3 ways to search Salon)
Salon Directory (browse by topic)