From the archive, originally posted by: [ spectre ]

This page, excerpted by Klein from a 44-page document, purportedly
shows AT&T re-rerouting its high-speed data circuits through the
splitter cabinet that performs the physics of the alleged wiretaps. The
work was apparently overseen by AT&T’s Network Operations Center in
Bridgeton, Missouri. “‘SIMS’ is an unexplained reference to the secret
room” in which the equipment was stored, Klein wrote.


EFF CLASS ACTION SUIT,70944-0.html?tw=wn_index_2,70621-0.html,70619-0.html?tw=wn_index_1


“As the director of the effort, Vice Adm. John M. Poindexter, has
described the system in Pentagon documents and in speeches, it will
provide intelligence analysts and law enforcement officials with
instant access to information from internet mail and calling records to
credit card and banking transactions and travel documents, without a
search warrant.” The New York Times, 9 November 2002

“To mollify critics, the Defense Advanced Research Projects Agency
(Darpa) spokesmen have repeatedly asserted that they are only
conducting “research” using “artificial synthetic data” or information
from “normal DOD intelligence channels” and hence there are “no U.S.
citizen privacy implications” (Department of Defense, Office of the
Inspector General report on TIA, December 12, 2003). They also changed
the name of the program to “Terrorism Information Awareness” to make it
more politically palatable. But feeling the heat, Congress made a big
show of allegedly cutting off funding for TIA in late 2003, and the
political fallout resulted in Adm. Poindexter’s abrupt resignation last
August. However, the fine print reveals that Congress eliminated
funding only for “the majority of the TIA components,” allowing several
“components” to continue (DOD, ibid). The essential hardware elements
of a TIA-type spy program are being surreptitiously slipped into “real
world” telecommunications offices.

In San Francisco the “secret room” is Room 641A at 611 Folsom Street,
the site of a large SBC phone building, three floors of which are
occupied by AT&T. High-speed fiber-optic circuits come in on the 8th
floor and run down to the 7th floor where they connect to routers for
AT&T’s WorldNet service, part of the latter’s vital “Common Backbone.”
In order to snoop on these circuits, a special cabinet was installed
and cabled to the “secret room” on the 6th floor to monitor the
information going through the circuits. (The location code of the
cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay
04.) The “secret room” itself is roughly 24-by-48 feet, containing
perhaps a dozen cabinets including such equipment as Sun servers and
two Juniper routers, plus an industrial-size air conditioner.

The normal work force of unionized technicians in the office are
forbidden to enter the “secret room,” which has a special combination
lock on the main door. The telltale sign of an illicit government spy
operation is the fact that only people with security clearance from the
National Security Agency can enter this room. In practice this has
meant that only one management-level technician works in there.”

Former AT&T technician Mark Klein has come forward to support the EFF’s
lawsuit against AT&T for its alleged complicity in the NSA’s electronic
surveillance. Here, Wired News publishes Klein’s public statement in
its entirety.

Statement: Mark Klein, April 6, 2006

“For 22 and 1/2 years I worked as an AT&T technician, first in New York
and then in California.
What I observed first-hand:

In 2002, when I was working in an AT&T office in San Francisco, the
site manager told me to expect a visit from a National Security Agency
agent, who was to interview a management-level technician for a special
job. The agent came, and by chance I met him and directed him to the
appropriate people.

In January 2003, I, along with others, toured the AT&T central office
on Folsom Street in San Francisco — actually three floors of an SBC
building. There I saw a new room being built adjacent to the 4ESS
switch room where the public’s phone calls are routed. I learned that
the person whom the NSA interviewed for the secret job was the person
working to install equipment in this room. The regular technician work
force was not allowed in the room.

In October 2003, the company transferred me to the San Francisco
building to oversee the Worldnet Internet room, which included large
routers, racks of modems for customers’ dial-in services, and other
equipment. I was responsible for troubleshooting problems on the fiber
optic circuits and installing new circuits.

While doing my job, I learned that fiber optic cables from the secret
room were tapping into the Worldnet circuits by splitting off a portion
of the light signal. I saw this in a design document available to me,
entitled “Study Group 3, LGX/Splitter Wiring, San Francisco” dated Dec.
10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24,
2003, which instructed technicians on connecting some of the already
in-service circuits to the “splitter” cabinet, which diverts some of
the light signal to the secret room. The circuits listed were the
Peering Links, which connect Worldnet with other networks and hence the
whole country, as well as the rest of the world.

One of the documents listed the equipment installed in the secret room,
and this list included a Narus STA 6400, which is a “Semantic Traffic
Analyzer”. The Narus STA technology is known to be used particularly by
government intelligence agencies because of its ability to sift through
large amounts of data looking for preprogrammed targets. The company’s
advertising boasts that its technology “captures comprehensive customer
usage data … and transforms it into actionable information…. (It)
provides complete visibility for all internet applications.”

My job required me to connect new circuits to the “splitter” cabinet
and get them up and running. While working on a particularly difficult
one with a technician back East, I learned that other such “splitter”
cabinets were being installed in other cities, including Seattle, San
Jose, Los Angeles and San Diego.”


STATE SECRETS PRIVILEGE,1282,68894,00.html


“The DaytonaTM data management system is used by AT&T to solve a wide
spectrum of data management problems. For example, Daytona is managing
over 312 terabytes of data in a 7×24 production data warehouse whose
largest table contains over 743 billion records as of Sept 2005.
Indeed, for this database, Daytona is managing over 1.924 trillion
records; it could easily manage more but we ran out of data.

Daytona’s architecture is based on translating its high-level query
language CymbalTM (which includes SQL as a subset) completely into C
and then compiling that C into object code. The system resulting from
this architecture is fast, powerful, easy to use and administer,
reliable and open to UNIX tools. In particular, two forms of data
compression plus robust horizontal partitioning and effective SPMD
parallelization enable Daytona to handle terabytes with ease. Fast,
large-scale in-memory operations are supported by in-memory tables and
scalar and tuple-valued multi-dimensional associative arrays.

Daytona offers all the essentials of data management including a
high-level query language, data dictionary, B-tree indexing, locking,
transactions, logging, and recovery. Users are pleased with Daytona’s
speed, its powerful query language, its ability to easily manage large
amounts of data in minimal space, its simplicity, its ease of
administration, and its openness to other tools. In particular, Daytona
supports SQL, Perl DBI, and JDBC.”

AT&T whistle-blower Mark Klein says this secret room in an AT&T
switching center is home to data-mining equipment that can spy on
internet communications.

Page 1 diagrams the new connection through the splitter cabinet, and
Page 2 shows the company phasing in fiber-optic splitters on high-speed
links connecting AT&T’s WorldNet to other ISPs, “including ConXion,
Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing,
C&W, UUNET, Level 3, Sprint, Telia, PSINet, and Mae West,” Klein wrote.
“It’s not just WorldNet customers who are being spied on.”

“Since the San Francisco ‘secret room’ is numbered 3, the implication
is that there are at least several more in other cities (Seattle, San
Jose, Los Angeles and San Diego are some of the rumored locations),
which likely are spread across the U.S.,” Klein wrote.


“at&t Inc. is one of the world’s largest telecommunications holding
companies and is the largest in the United States. They are recognized
as the leading worldwide provider of IP-based communications services
to business and as the leading U.S. provider of high-speed DSL
Internet. NarusInsight is deployed across at&t’s backbone network,
and is integral to their ability to manage and secure their traffic.”

“As the foundation for the industry’s most advanced IP security,
intercept and traffic classification applications, NarusInsight is
unique in its ability to simultaneously provide deep packet inspection
from layer 3 to layer 7 and complete correlation across every link and
element on the network. NarusInsight provides carriers with the
flexibility and superior price performance benefits associated with
deployment either at the network edge, the high-speed core or both

“Recent mandates and the resulting standards referenced under CALEA in
the United States and ETSI in Western Europe aim to preserve the right
of law enforcement agencies to conduct authorized electronic
surveillance in an effort to protect the public and its right to
privacy. However, these mandates create IT headaches for carriers as
they struggle to meet the requirements. With a suite of products
targeted at meeting lawful intercept requirements, Narus simplifies
lawful intercept tasks helping carriers and agencies meet requirements
without experiencing any degradation in service quality. ”

“Board of Directors’ William P. Crowell is an independent security
consultant and holds several board positions with a variety of
technology and technology-based security companies. Since 9/11 he has
served on the Defense Advanced Research Projects Agency (DARPA) Task
Force on Terrorism and Deterrence, the National Research Council
Committee on Science and Technology for Countering Terrorism and the
Markle Foundation Task Force on National Security in the Information
Age. Bill’s past positions have included President and Chief
Executive Officer of Cylink, a leading provider of e-business security
solutions as well as a series of senior positions at the National
Security Agency, including Deputy Director of Operations and Deputy
Director of the Agency. He has also served as chairman of the
President’s Export Council (PEC) Subcommittee on Encryption, which
worked with the Administration, Congress and private industry to
substantially loosen restrictions on the export of encryption products
and technology.”