portland independent media center  
images audio video
newswire article reposts united states

government | human & civil rights

Wired Publishes Whistleblower's Details on TIA/NSA Domestic Spying Apparatus

Please make copies and distribute these documents. Wired may be facing action from the corporations and the government for publishing these details and they may not remain online, at least on Wired's site.
Whistle-Blower's Evidence, Uncut

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the telecommunications company, which alleges that AT&T cooperated in an illegal National Security Agency domestic surveillance program.

In a public statement Klein issued last month, he described the NSA's visit to an AT&T office. In an older, less-public statement recently acquired by Wired News, Klein goes into additional details of his discovery of an alleged surveillance operation in an AT&T building in San Francisco.

Klein supports his claim by attaching excerpts of three internal company documents: a Dec. 10, 2002, manual titled "Study Group 3, LGX/Splitter Wiring, San Francisco," a Jan. 13, 2003, document titled "SIMS, Splitter Cut-In and Test Procedure" and a second "Cut-In and Test Procedure" dated Jan. 24, 2003.

Here we present Klein's statement in its entirety, with inline links to all of the document excerpts where he cited them. You can also download the complete file here (pdf). The full AT&T documents are filed under seal in federal court in San Francisco.
AT&T's Implementation of NSA Spying on American Citizens

31 December 2005

I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious Total Information Awareness program, which was attacked by defenders of civil liberties. But now it's been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.
AT&T Deploys Government Spy Gear on WorldNet Network

-- 16 January, 2004

In 2003 AT&T built "secret rooms" hidden deep in the bowels of its central offices in various cities, housing computer gear for a government spy operation which taps into the company's popular WorldNet service and the entire internet. These installations enable the government to look at every individual message on the internet and analyze exactly what people are doing. Documents showing the hardwire installation in San Francisco suggest that there are similar locations being installed in numerous other cities.

The physical arrangement, the timing of its construction, the government-imposed secrecy surrounding it and other factors all strongly suggest that its origins are rooted in the Defense Department's Total Information Awareness (TIA) program which brought forth vigorous protests from defenders of constitutionally protected civil liberties last year:

"As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant." The New York Times, 9 November 2002

To mollify critics, the Defense Advanced Research Projects Agency (Darpa) spokesmen have repeatedly asserted that they are only conducting "research" using "artificial synthetic data" or information from "normal DOD intelligence channels" and hence there are "no U.S. citizen privacy implications" (Department of Defense, Office of the Inspector General report on TIA, December 12, 2003). They also changed the name of the program to "Terrorism Information Awareness" to make it more politically palatable. But feeling the heat, Congress made a big show of allegedly cutting off funding for TIA in late 2003, and the political fallout resulted in Adm. Poindexter's abrupt resignation last August. However, the fine print reveals that Congress eliminated funding only for "the majority of the TIA components," allowing several "components" to continue (DOD, ibid). The essential hardware elements of a TIA-type spy program are being surreptitiously slipped into "real world" telecommunications offices.

In San Francisco the "secret room" is Room 641A at 611 Folsom Street, the site of a large SBC phone building, three floors of which are occupied by AT&T. High-speed fiber-optic circuits come in on the 8th floor and run down to the 7th floor where they connect to routers for AT&T's WorldNet service, part of the latter's vital "Common Backbone." In order to snoop on these circuits, a special cabinet was installed and cabled to the "secret room" on the 6th floor to monitor the information going through the circuits. (The location code of the cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay 04.) The "secret room" itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.

The normal work force of unionized technicians in the office are forbidden to enter the "secret room," which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room. In practice this has meant that only one management-level technician works in there. Ironically, the one who set up the room was laid off in late 2003 in one of the company's endless "downsizings," but he was quickly replaced by another.

Plans for the "secret room" were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from "AT&T Labs Connectivity & Net Services" and authored by the labs' consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not "leak" their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.

This problem is solved with "splitters" which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the "secret room." The cabinet is totally unnecessary for the circuit to perform -- in fact it introduces problems since the signal level is reduced by the splitter -- its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.

The above-referenced document includes a diagram showing the splitting of the light signal, a portion of which is diverted to "SG3 Secure Room," i.e., the so-called "Study Group" spy room. Another page headlined "Cabinet Naming" lists not only the "splitter" cabinet but also the equipment installed in the "SG3" room, including various Sun devices, and Juniper M40e and M160 "backbone" routers. PDF file 4 shows one of many tables detailing the connections between the "splitter" cabinet on the 7th floor (location 070177.04) and a cabinet in the "secret room" on the 6th floor (location 060903.01). Since the San Francisco "secret room" is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.

One of the devices in the "Cabinet Naming" list is particularly revealing as to the purpose of the "secret room": a Narus STA 6400. Narus is a 7-year-old company which, because of its particular niche, appeals not only to businessmen (it is backed by AT&T, JP Morgan and Intel, among others) but also to police, military and intelligence officials. Last November 13-14, for instance, Narus was the "Lead Sponsor" for a technical conference held in McLean, Virginia, titled "Intelligence Support Systems for Lawful Interception and Internet Surveillance." Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the "war on terror" had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint and Verizon. Narus founder, Dr. Ori Cohen, gave a keynote speech. So what does the Narus STA 6400 do?

"The (Narus) STA Platform consists of standalone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) is the only technology that provides complete visibility for all internet applications."

To implement this scheme, WorldNet's high-speed data circuits already in service had to be rerouted to go through the special "splitter" cabinet. This was addressed in another document of 44 pages from AT&T Labs, titled SIMS, Splitter Cut-In and Test Procedure, dated 01/13/03. "SIMS" is an unexplained reference to the secret room. Part of this reads as follows:

"A WMS (work) Ticket will be issued by the AT&T Bridgeton Network Operation Center (NOC) to charge time for performing the work described in this procedure document....
"This procedure covers the steps required to insert optical splitters into select live Common Backbone (CBB) OC3, OC12 and OC48 optical circuits."

The NOC referred to is in Bridgeton, Missouri, and controls WorldNet operations. (As a sign that government spying goes hand-in-hand with union-busting, the entire (Communication Workers of America) Local 6377 which had jurisdiction over the Bridgeton NOC was wiped out in early 2002 when AT&T fired the union work force and later rehired them as nonunion "management" employees.) The cut-in work was performed in 2003, and since then new circuits are connected through the "splitter" cabinet.

Another Cut-In and Test Procedure document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the "splitter" cabinet. One page lists the circuit IDs of key Peering Links which were "cut-in" in February 2003, including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It's not just WorldNet customers who are being spied on -- it's the entire internet.

The next logical question is, what central command is collecting the data sent by the various "secret rooms"? One can only make educated guesses, but perhaps the answer was inadvertently given in the DOD Inspector General's report (cited above):

"For testing TIA capabilities, Darpa and the U.S. Army Intelligence and Security Command (INSCOM) created an operational research and development environment that uses real-time feedback. The main node of TIA is located at INSCOM (in Fort Belvoir, Virginia)... ."

Among the agencies participating or planning to participate in the INSCOM "testing" are the "National Security Agency, the Defense Intelligence Agency, the Central Intelligence Agency, the DOD Counterintelligence Field Activity, the U.S. Strategic Command, the Special Operations Command, the Joint Forces Command and the Joint Warfare Analysis Center." There are also "discussions" going on to bring in "non-DOD federal agencies" such as the FBI.

This is the infrastructure for an Orwellian police state. It must be shut down!

homepage: homepage: http://www.wired.com/news/technology/1,70944-0.html

Wired coverage so far - well worth reading 22.May.2006 15:59


Why We Published the AT&T Docs
02:00 AM May, 22, 2006
AT&T claims information in the file is proprietary and that it would suffer severe harm if it were released. Based on what we've seen, Wired News disagrees. In addition, we believe the public's right to know the full facts in this case outweighs AT&T's claims to secrecy.

Court Deals AT&T a Setback
11:30 AM May, 17, 2006
A federal judge Wednesday shot down telecom giant AT&T's efforts to recover and suppress internal documents that a former AT&T technician says demonstrate the company's collusion in illegal government surveillance.

The Ultimate Net Monitoring Tool
08:00 AM May, 17, 2006
"Anything that comes through (an internet protocol network), we can record," says Steve Bannerman, marketing vice president of Narus, a Mountain View, California, company. "We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls."

Stumbling Into a Spy Scandal
02:00 AM May, 17, 2006
When former AT&T technician Mark Klein learned of a secret room installed in the company's San Francisco internet switching center, he was certain he had stumbled onto the Total Information Awareness program... Though the program had mostly been terminated by Congress in September 2003, portions of the program were allowed to continue. Klein believed he had found these remnants... AT&T built the secret room in 2003 and wired it up to receive a copy of the internet traffic running through its fiber-optic network... Inside the room, AT&T had installed routers, Sun Microsystems servers and traffic-analysis software from a company called Narus.

AT&T Whistle-Blower's Evidence
02:00 AM May, 17, 2006
In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.

AT&T Seeks to Hide Spy Docs
11:00 AM Apr, 12, 2006
AT&T is seeking the return of technical documents presented in a lawsuit that allegedly detail how the telecom giant helped the government set up a massive internet wiretap operation in its San Francisco facilities.

Wiretap Whistle-Blower's Account
12:25 PM Apr, 07, 2006
In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco -- actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.

Whistle-Blower Outs NSA Spy Room
11:15 AM Apr, 07, 2006
AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.

AT&T Sued Over NSA Eavesdropping
16:03 PM Jan, 31, 2006 EST
The Electronic Frontier Foundation filed a class-action lawsuit against AT&T on Tuesday, accusing the telecom company of violating federal laws by collaborating with the government's secret, warrantless wiretapping of American citizens' phone and internet usage.

Another important angle 22.May.2006 16:22


On May 5, 2006, Bush signed a presidential memorandum that allows Negroponte to authorize corporations "to conceal activities related to national security" without violating security laws.

New Presidential Memorandum Permits Intelligence Director To Authorize Telcos To Lie Without Violating Securities Law

When An Unstoppable Story Meets an Immovable Denial

In other words, the first story by the telco's is that they were not collecting any information in violation of any laws. Their new story is they are not handing any information over to the NSA. The change in stories is because the Bush administration is planning on shielding them from prosecution of all forms.


another really valuable analysis 22.May.2006 16:24


Of denials, state secrets, and network architecture

As for the government's state secrets argument, that's another story. "State secrets" is a court-created privilege that the government can invoke in the name of national security to have any lawsuit dismissed from the courts permanently. It has worked like magic every single time since its invention by the Supreme Court in 1953, and no judge has ever refused to comply when the government invokes it. Once the state secrets privilege is invoked, the lawsuit is dismissed and it's "case closed." So the state secrets privilege is sort of like kryptonite for democracy.

The consensus is that now that the government has played the state secrets trump card, the EFF's lawsuit is all but over. There's a hearing scheduled for June 23, where the judge will decide whether to honor government's state secrets privilege. If the judge decides against the government and allows the lawsuit to proceed, this would be a first.

Who needs "plausible deniability" when you have a magical lawyerproof force-field?

The key thing to remember in interpreting these denials is this: in the likely event that the government successfully invokes both the state secrets privilege and executive privilege, then the entire domestic spying program and all of its participants are 100 percent immune from any judicial and/or congressional oversight. There will simply be no formal democratic forum in which anyone can hold accountable the NSA and its telco and ISP collaborators.

In sum, Verizon and Bellsouth are free to deny away, because they've no doubt gotten assurances, possibly directly from the President's office, that they'll never be called on those denials either in the courts or in Congress. And however it shakes out, the SEC won't step in and punish them, either. The only court left is the court of public opinion, and if the two companies can keep a lid on whistleblowers then that court won't have enough evidence to convict.

And, in the latest news 22.May.2006 18:17


Gonzales announced today that publishing classified information is a federal crime that "trumps" First Amendment protections. Looks like the feds may seek to punish Wired and Klein (and perhaps a few other "uppity" journalists). Looks like the Bush admin will go for broke in an attempt to stay in power.

excellent story, excellent comments. 22.May.2006 18:31

this thing here

i can't believe the purity of what i'm witnessing.

the u.s. government needs technical support, and access to privately held internet infrastructure.

telco corporations need legal assurances, and legal protection.

you scratch my back, i'll scratch yours. forget the people.

"we're you going to tell your customers you we're monitoring their internet activities?"


"we're you going to tell your citizens that YOU were monitoring their internet activities?"


the government doesn't tell the citizens and the corporations don't tell their customers. and the people are left defenseless. it's two against one. two of the most powerful forces in any country working against the weakest.

100% pure corporatism, of the finest grade available on earth.

bye bye freedom. maybe we'll meet again in some other time and place...

betcha a wooden nickel 23.May.2006 06:41


the real payoff for AT&T et al is ownership of the internet via the bills in congress now. they spy for the the bad guys and get complete control in return. watch. it's happening now.

Blanket Immunity 23.May.2006 12:33


The conditions allegedly granted to the Big Telecoms in exchange for wholesale, unconditional Fed scrutiny of every bit and byte 24/7/forever recall the demands made by the Big Energy/Big Science folks when it came time to go into the nuclear weapon business in the mid '40s. Westinghous, DuPont, GE et al were rendered free of any present and potential liablility forever pertaining to any claims by anyone, anywhere, anytime. -- Fascism wearing a Howdy Doody mask.