Whistleblower outs NSA's secret spy room at AT&TApril 08, 2006
Mark Klein, a retired AT&T communications technician, said the company shunted all Internet traffic--including traffic from peering links connecting to other Internet backbone providers-- to semantic traffic analyzers, installed in a secret room inside the AT&T central office on Folsom Street in San Francisco. Similar rooms were built in Seattle, San Jose, Los Angeles and San Diego.
"Based on my understanding of the connections and equipment at issue, it appears the NSA (National Security Agency) is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet," Klein said. "This potential spying appears to be applied wholesale to all sorts of Internet communications of countless citizens."
In 2003, the National Security Agency set up a secret room inside the phone company's San Francisco office building that was not accessible to AT&T technicians, Klein said.
The former employee's statement, as well as several documents saved by him after he left the company in 2004, shows further evidence of domestic spying initiatives by the federal government.
Klein's statement is being incorporated into a class action filed in San Francisco federal court, in which lawyers with the Electronic Frontier Foundation (EFF), Lerach Coughlin Stoia Geller Rudman & Robbins, and Traber & Voorhees in Pasadena claim that AT&T illegally allowed the NSA taps.
"Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA [the Foreign Intelligence Surveillance Act]," Klein said.
News that the NSA was working with major telecommunications companies first surfaced shortly before Christmas. The Bush administration has acknowledged the existence of a domestic spying program, but claims the executive order was limited to those individuals with known terrorist ties.
The Electronic Frontier Foundation filed a class-action lawsuit against AT&T on January 31, 2006, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency in its massive program to wiretap and data-mine Americans' communications.
"The evidence that we are filing supports our claim that AT&T is diverting Internet traffic into the hands of the NSA wholesale, in violation of federal wiretapping laws and the Fourth Amendment," EFF Staff Attorney Kevin Bankston said in a statement.
NarusInsight Intercept Suite - Packet-level, flow-level, and application-level usage information is captured and analyzed as well as raw user session packets for forensic analysis, surveillance or in satisfying regulatory compliance for lawful intercept. The capabilities include playback of streaming media (i.e. VoIP), rendering of Web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. (source: Narus.com)
On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.
After asking for a preview copy of the documents last week, the government did not object to the EFF filing the paper under seal, although the EFF asked the court Wednesday to make the documents public.
One of the documents is titled "Study Group 3, LGX/Splitter Wiring, San Francisco," and is dated 2002. The others are allegedly a design document instructing technicians how to wire up the taps, and a document that lists the equipment installed in the secret room.
The list includes a Narus STA 6400, which is a semantic traffic analyzer. The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets.
The NarusInsight Discover Suite (NDS) captures and classifies traffic and data on monitored links in real time at true carrier speeds (up to 10G/OC-192). Detailed layer 3 to layer 7 data are collected and correlated across every link and element on the network. NDS empowers users to manage IP traffic and applications including VoIP, Skype, P2P (e.g., BitTorrent, e-Donkey/e-Mule, FastTrack/Kazaa, Gnutella, etc.), messaging (AOL IM/ICQ, Yahoo IM, MSN Messenger, Jabber, IRC, MMS), streaming media (RTP, RTCP, RTSP), e-mail (SMTP,POP3,IMAP), Web browsing and push to talk (PTT). (source: Narus)
In a letter to the EFF, AT&T objected to the filing of the documents, arguing that they contain sensitive trade secrets, Wired magazine reports.
According to court rules, AT&T has until Thursday to file a motion to keep the documents sealed. The government could also step in to the case and request that the documents not be made public, or even that the entire lawsuit be barred under the seldom-used State Secrets Privilege, says Wired.
AT&T Corp. (which was recently acquired by the new AT&T, Inc,. formerly known as SBC Communications) maintains domestic telecommunications facilities over which millions of Americans' telephone and Internet communications pass every day. It also manages some of the largest databases in the world, containing records of most or all communications made through its myriad telecommunications services.
--Mark Klein, April 6, 2006
For 22 and 1/2 years I worked as an AT&T technician, first in New York and then in California.
What I Observed First-Hand:
In 2002, when I was working in an AT&T office in San Francisco, the site manager told me to expect a visit from a National Security Agency agent, who was to interview a management-level technician for a special job. The agent came, and by chance I met him and directed him to the appropriate people.
In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco -- actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.
In October 2003, the company transferred me to the San Francisco building to oversee the Worldnet Internet room, which included large routers, racks of modems for customers' dial-in services, and other equipment. I was responsible for troubleshooting problems on the fiber optic circuits and installing new circuits.
While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet circuits by splitting off a portion of the light signal. I saw this in a design document available to me, entitled "Study Group 3, LGX/Splitter Wiring, San Francisco" dated Dec. 10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the "splitter" cabinet, which diverts some of the light signal to the secret room. The circuits listed were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.
One of the documents listed the equipment installed in the secret room, and this list included a Narus STA 6400, which is a "Semantic Traffic Analyzer". The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets. The company's advertising boasts that its technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) provides complete visibility for all internet applications."
My job required me to connect new circuits to the "splitter" cabinet and get them up and running. While working on a particularly difficult one with a technician back East, I learned that other such "splitter" cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.
What is the Significance and Why Is It Important to Bring These Facts to Light?
Based on my understanding of the connections and equipment at issue, it appears the NSA is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet -- whether that be peoples' e-mail, Web surfing or any other data.
Given the public debate about the constitutionality of the Bush administration's spying on U.S. citizens without obtaining a FISA warrant, I think it is critical that this information be brought out into the open, and that the American people be told the truth about the extent of the administration's warrantless surveillance practices, particularly as it relates to the Internet.
Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA. And unlike the controversy over targeted wiretaps of individuals' phone calls, this potential spying appears to be applied wholesale to all sorts of Internet communications of countless citizens.
Attorney contact information:
Ramsey & Ehrlich LLP
Source: Legal Pad
EFF: AT&T forwards all Internet traffic into NSA
AT&T sued over NSA eavesdropping