Well here’s an interesting development. Wired Magazine has published the full text of some of the documents that Mark Klein has provided against AT&T. The court had placed a gag order on the Electronic Frontier Foundation to prevent the information from being released to the public, ostensibly because it contained proprietary technical information, which, if released, would harm AT&T’s business. Apparently, “How To Spy On Americans” is a trade secret. Wired released the documents anyways, claiming that they “believe the public’s right to know the full facts in this case outweighs AT&T’s claims to secrecy.”
According to Wired, since the gag order applied only to “the EFF, its representatives and its technical experts,” and not to Mark Klein or any of the other news agencies, Wired was free to release the information they had. I’m not a lawyer of course, but I have a funny feeling that AT&T may try to sue anyways.
The interesting part though, is not that Wired released the documents. The interesting part is that, so far as I can tell, Mark Klein’s evidence basically consists of “AT&T installed a Narus STA 6400 in Room 641a.” Which basically doesn’t mean anything unless you know what a Narus STA 6400 is.
First, a bit of explanation of how the Internet works. The vast majority of internet traffic is transferred using a protocol called TCP, or Transmission Control Protocol. TCP works by splitting up the data that needs to be sent between two computers into “packets” — smaller chunks of information that are sent independently and reassembled on the other end. This allows for reliable communication across unreliable network infrastructure, because, if one packet is lost in transmission, and the receiving computer doesn’t acknowledge that the packet was received, the sending computer will automatically resend the data. That way only that tiny chunk of data will have to be resent instead of the whole thing. Even better, packets don’t have to be sent directly from the sending computer to the receiving computer. The underlying protocol for TCP — IP, or the Internet Protocol — allows packets to be relayed between several different computers before arriving at the final destination computer.
Now, back to the whole spying business… If you want to spy on everybody, everywhere, there’s really only one way to do it. You need to function as a man-in-the-middle. And if you want to do that, you need to locate the major hubs of communication and tap into them. This sort of thing is much simpler with circuit-switched networks (such as standard telephone calls) because all the information is basically sent in one go, across a single route for the whole transmission. But with packet-switched networks (the Internet), because they break everything up into chunks of data, if you want to get at that information, you have to first reassemble the packets.
Which is where the Narus STA 6400 comes in apparently. From what I can gather (there’s not much information to be had on the thing, for obvious reasons), Narus’s “Semantic Traffic Analyzer” technology reassembles the packets back into the full data that was sent, and is able to identify exactly what type of data it is, whether it be email, VOIP/Skype, P2P/filesharing, web-browsing, instant messaging, or streaming media.
Now, of course, there are plenty of reasons why a carrier would install one of these things, and by itself, evidence that AT&T had installed one probably wouldn’t mean anything illegal was going on. But there’s only one obvious reason the NSA would install one inside a secret room in a carrier’s headquarters. And that’s why Mark Klein is now the key witness for the EFF in their class-action lawsuit against AT&T for illegally working with the NSA on warrentless wiretaps.
What makes this whole thing especially alarming though, is that by tapping into AT&T, the NSA actually has access to much more than just AT&T customers’s data. Qwest was apparently the only major US telecom company that refused to work with the NSA on this program. So let’s say you’re a Qwest customer. You instant message a friend of yours who, unfortunately, is an AT&T customer. Because of the nature of IP routing, your traffic may very well have been routed through the NSA’s no longer very secret room even though you have no relationship with AT&T at all. According to Wired, ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West were all compromised as a result of the fiber optic splitters that were installed at AT&T. The claim that this is targetted surveillance is growing much harder to believe, .
By the way, Narus, by their own admission, is a <sarcasm>really delightful company</sarcasm>. They also appear to be the guys who are supplying the equipment that allows telecoms to stomp all over the concept of “net neutrality” and it seems that they’re the ones supplying the Voice Over IP identification and blocking equipment. (They help block VOIP to prevent “revenue leakage” of course.)