Thursday, April 13, 2006

Documents Show Link Between AT&T and Agency in Eavesdropping Case

The New York Times
Documents Show Link Between AT&T and Agency in Eavesdropping Case
By JOHN MARKOFF and SCOTT SHANE

SAN FRANCISCO, April 12 — Mark Klein was a veteran AT&T technician in 2002 when he began to see what he thought were suspicious connections between that telecommunications giant and the National Security Agency.

But he kept quiet about it until news broke late last year that President Bush had approved an N.S.A. program to eavesdrop without court warrants on Americans suspected of ties to Al Qaeda.

Now Mr. Klein and a few company documents he saved have emerged as key elements in a class-action lawsuit filed against AT&T on Jan. 31 by a civil liberties group, the Electronic Frontier Foundation. The suit accuses the company of helping the security agency invade its customers' privacy.

Mr. Klein's account and the documents provide new details about how the agency works with the private sector in intercepting communications for intelligence purposes.

The documents, some of which Mr. Klein had earlier provided to reporters, describe a mysterious room at the AT&T Internet and telephone hub in San Francisco where he worked.

The documents, which were examined by four independent telecommunications and computer security experts at the request of The New York Times, describe equipment capable of monitoring a large quantity of e-mail messages, Internet phone calls, and other Internet traffic.

The equipment, which Mr. Klein said was installed by AT&T in 2003, was able to select messages that could be identified by keywords, Internet or e-mail addresses or country of origin and divert copies to another location for further analysis.

The security agency began eavesdropping without warrants on international phone calls and e-mail messages of people inside the United States suspected of terrorist links soon after the Sept. 11 attacks.

After disclosing the program last December, The New York Times also reported that the agency had gathered data from phone and e-mail traffic with the cooperation of several major telecommunications companies.

The technical experts all said that the documents showed that AT&T had an agreement with the federal government to systematically gather information flowing on the Internet through the company's network.

The gathering of such information, known as data mining, involves the use of sophisticated computer programs to detect patterns or glean useful intelligence from masses of information.

"This took expert planning and hundreds of millions of dollars to build," said Brian Reid, director of engineering at the Internet Systems Consortium in Redwood City, Calif. "This is the correct way to do high volume Internet snooping."

Another expert, who had designed large federal and commercial data networks, said that the documents were consistent with administration assertions that the N.S.A. monitored only foreign communications and communications between foreign and United States locations, partly because of the location of the monitoring sites. The network designer was granted anonymity because he believed that commenting on the operation could affect his ability to work as a consultant.

The documents referred to a second location, in Atlanta, and suggested similar rooms might exist at other AT&T switching sites.

Mr. Klein said other AT&T technicians had told him of such installations in San Jose, Calif.; Los Angeles; San Diego; and Seattle.

The Internet hubs there carry a significant amount of international traffic. The network designer and other experts said it would be a simple technical matter to reprogram the equipment to intercept purely domestic Internet traffic.

The Department of Justice initially asked the Electronic Frontier Foundation not to file Mr. Klein's documents in court, but a review determined that they were not classified and the government dropped its objection. The foundation filed the documents under seal because of concern about releasing proprietary information.

On Monday, AT&T filed a motion with a federal judge in San Francisco asking the court to order the foundation to return the documents because they were proprietary.

The documents showed that the room in San Francisco, which Mr. Klein says was off-limits to most employees but serviced by a company technician working with the security agency, contained computerized equipment that could sift through immense volumes of traffic as it passed through the cables of AT&T's WorldNet Internet service.

According to the documents, e-mail messages and other data carried by 16 other commercial Internet providers reached AT&T customers through the San Francisco hub.

One piece of filtering equipment described in the documents was manufactured by Narus, based in Mountain View, Calif.

The equipment could be programmed to identify and intercept voice or data conversations between e-mail, telephone or Internet addresses, said Steve Bannerman, the company's vice president for marketing.

Buyers included companies trying to comply with the Communications Assistance for Law Enforcement Act of 1994, which requires that communications systems have a wiretapping capability built in.

Typically, law enforcement interceptions are done on a case by case basis and require warrants.

Mr. Bannerman said he could not comment further because Narus had not announced any sales to the federal government. William P. Crowell, a former deputy director of the N.S.A, is on the Narus board.

In an interview, Mr. Klein said he did not have a security clearance but had witnessed interactions between colleagues who did have clearances and the highly secretive N.S.A. "It was strange and sort of suspicious," he said.

Mr. Klein said he learned of an agency connection to the mysterious room in 2002 when a company manager told him to expect a visit from an N.S.A. official who wanted to speak with another senior company technician about "a special job." That technician later installed the equipment in the room, he said.

Based on his observations and technical knowledge, Mr. Klein concluded that the equipment permitted "vacuum-cleaner surveillance" of Internet traffic. Mr. Klein, 60, who retired in 2004 after 23 years with AT&T and lives near Oakland, Calif., said he decided to make his observations known because he believed the government's monitoring was violating Americans' civil liberties.

An AT&T spokesman at the company's corporate headquarters in San Antonio declined to comment on Mr. Klein's statements.

"AT&T does follow all laws with respect to assistance offered to government agencies," said Walt Sharp, the AT&T spokesman. "However, we are not in a position to comment on matters of national security."

Asked to comment, Don Weber, a spokesman for the N.S.A., said, "It would be irresponsible of us to discuss actual or alleged operational issues as it would give those wishing to do harm to the United States the ability to adjust and potentially inflict harm."

John Markoff reported from San Francisco for this article, and Scott Shane from Washington.