Investigation Shows AT&T Really Likes Being In The Surveillance Business

/in

The Intercept has dug up more details on AT&T’s groundbreaking efforts in worldwide surveillance. Last year, it identified a 550-foot, windowless tower in lower Manhattan as an AT&T hub where the NSA taps into phone calls, faxes, and internet communications.

According to The Intercept’s investigation, there are eight of these datacenters/hubs scattered around the United States. And the NSA is utilizing these to grab data and communications from all over the world. Like the one in Manhattan, the other AT&T/NSA structures are structurally hardened, largely devoid of windows, and bristling with communications equipment… not all of it belonging to AT&T.

Atlanta, Chicago, Dallas, Los Angeles, New York City, San Francisco, Seattle, and Washington, D.C. In each of these cities, The Intercept has identified an AT&T facility containing networking equipment that transports large quantities of internet traffic across the United States and the world. A body of evidence – including classified NSA documents, public records, and interviews with several former AT&T employees – indicates that the buildings are central to an NSA spying initiative that has for years monitored billions of emails, phone calls, and online chats passing across U.S. territory.

This isn’t just a collection of AT&T customers’ communications. Its partnerships with other telcos and internet providers allows the NSA to harvest communications from a variety of service providers. These eight locations are “backbones,” which means almost everything being carried by AT&T flows through at least one of these centers. Former AT&T employees interviewed by The Intercept indicate there has been a concerted effort made by AT&T to ensure the NSA has access to as much data and communications as possible.

“I worked with all of them,” said Philip Long, who was employed by AT&T for more than two decades as a technician servicing its networks. Long’s work with AT&T was carried out mostly in California, but he said his job required him to be in contact with the company’s other facilities across the U.S. In about 2005, Long recalled, he received orders to move “every internet backbone circuit I had in northern California” through the San Francisco AT&T building identified by The Intercept as one of the eight NSA spy hubs. Long said that, at the time, he felt suspicious of the changes, because they were unusual and unnecessary. “We thought we were routing our circuits so that they could grab all the data,” he said. “We thought it was the government listening.”

Former employee Mark Klein claimed the NSA installed its own equipment at some of the hubs several years ago. Those interviewed by the Intercept confirm this, pointing out that some hubs proactively made copies of everything flowing through these centers for the surveillance agency. Most of what’s harvested avoids the oversight of the FISA court by being obtained under Executive Order 12333. This Reagan directive granted “transit” authority, allowing the NSA to intercept foreign communications as they traversed hubs located in the United States.

As The Intercept points out, this collection has run into trouble in the FISA court. Even though AT&T apparently deploys filters to sort communications by originating IP addresses to remove as many domestic communications as possible, the NSA was still able to scoop up plenty of US persons’ communications. This led to a ruling by the FISA court ordering the NSA to fix the program or shut it down. It chose to “fix” it, which involved nothing more than tossing up a warning on analysts’ screens that the haystacks they were perusing contained domestic communications, warning them to “not read” the communications of non-target US persons. This worked about as well as you would expect, leading to a neverending string of “compliance incidents” that somehow managed to fall outside the generous coverage granted to the agency with the 2008 FISA Amendments Act.

This latest revelation isn’t going to undermine AT&T’s “Death Star” reputation. The company is awful on so many levels (routinely terrible customer service, supervillainistic behavior) that finding out it’s carrying on a nationwide relationship with the NSA is hardly a surprise. But we should expect more from the companies we trust with our data and communications. We need companies that play hard-to-get, not those that immediately assume compromising positions the moment the government hints it wants to be deep inside them.

Permalink | Comments | Email This Story

Techdirt.