This post was originally published on August 24, 2015.
When Edward Snowden told the world the NSA had friends in the American telecom industry, he didn’t name names. Nor did the documents he released mention any specific companies. But thanks to a recent investigation by ProPublica and the New York Times, the identity of the NSA’s most valuable partner in the business has been revealed: it’s AT&T.
“Extreme willingness to help”
The investigation reveals AT&T not only complied with NSA data requests, they were “highly collaborative” and showed “extreme willingness to help” with the spy agency’s mass surveillance on American communications. The documents reveal this partnership to be one of the the oldest in the NSA’s history, beginning in 1985 shortly after AT&T became its own company.
The news is no doubt shocking to many of AT&T’s millions of customers. But to those who remember a certain report from 2006, these recent revelations are simply a confirmation of a long-held suspicion.
That report, published in 2006 by Salon and Wired, comes from former AT&T technician Mark Klein, who attempted to blow the whistle on a series of “secret rooms” installed by the NSA in AT&T facilities. The report claimed these rooms contained equipment that tapped into high-speed fiber-optic circuits through which “every individual message on the Internet” passed, feeding its contents straight to the NSA.
No one’s data is safe
“Every individual message on the Internet” may sound like a gross exaggeration, but it’s probably closer to the truth than you think. Klein also claimed AT&T’s corporate relationships with other providers routinely filter their traffic through the same circuits that the NSA taps in their secret rooms, meaning just because you’re not an AT&T subscriber doesn’t mean your emails haven’t passed through their hands.
Klein has been largely forgotten in the almost 10 years since his first public statement. But this new analysis of the NSA documents has more or less completely vindicated him.
Old evidence, new analysis
So why did it take several years for Snowden’s documents to reveal AT&T as the NSA’s prime ally? The leaked documents never mention AT&T by name, instead using the code name “Fairview” to describe their partner organization.
The authors of the investigation also published a walkthrough of their path through the “breadcrumbs” on the trail of evidence that led them to establish AT&T as the true partner. These breadcrumbs include:
- ? The date August 5, 2011. An NSA newsletter claimed data collection resumed on this date following an outage caused by an earthquake. According to the Japanese station servicing that area, only one cable was put back into service on that date, and according to the FCC that cable is operated by AT&T.
- ? Proprietary acronyms. Descriptions of Fairview programs in NSA documents use the terms “SNRC” and CBB”, which ex-AT&T employees confirmed is jargon specific to AT&T.
- ? U.N. contracts. Internal documents revealed the NSA tapped fiber-optic data from the U.N. headquarters with the help of Fairview. Separate records indicate AT&T operated the U.N.’s fiber-optic network at the time.
In response to the findings, Reuters quoted a representative from AT&T:
We do not voluntarily provide information to any investigating authorities other than if a person’s life is in danger and time is of the essence. For example, in a kidnapping situation we could provide help tracking down called numbers to assist law enforcement.
“Not voluntarily” is hard to reconcile with “extreme willingness to help”. Clearly someone isn’t telling the truth, or maybe the representative is actually just clueless. One has to wonder how many AT&T employees are even aware of the secret partnership. In any case, it is certainly within AT&T’s best interests to downplay the relevance of this story.
Are we even surprised?
It’s hard to shock the public anymore when it comes to the extent of the NSA’s reach. The real news story here isn’t that your emails are being tapped, or that AT&T is the culprit. It’s that at least a few AT&T employees did it with smiles on their faces.
From a practical standpoint, you should assume that any message you send over the Internet can be intercepted by corporate or government spies, regardless of whether you’re an AT&T customer. That’s why encryption is important. You can’t stop your data from being collected, but you can make it very difficult to read.