HolidayBuyer's Guide

Some companies helped the NSA, but which?

Survey into domestic surveillance scheme finds no companies willing to say they participated.

This is the first in a two-part series. Part two offers a glimpse at the technical details of how the National Security Agency's electronic surveillance system seems to work.

Even after the recent scrutiny of the National Security Agency's domestic surveillance project approved by President Bush, an intriguing question remains unanswered: Which corporations cooperated with the spy agency?

Some reports have identified executives at "major telecommunications companies" who chose to open their networks to the NSA. Because it may be illegal to divulge customer communications, though, not one has chosen to make its cooperation public.

Under federal law, any person or company who helps someone "intercept any wire, oral, or electronic communication"--unless specifically authorized by law--could face criminal charges. Even if cooperation is found to be legal, however, it could be embarrassing to acknowledge opening up customers' communications to a spy agency.

A survey by CNET News.com has identified 15 large telecommunications and Internet companies that are willing to say that they have not participated in the NSA program, which intercepts e-mail and telephone calls without a judge's approval.

Twelve other companies that were contacted and asked identical questions chose not to reply, in some cases citing "national security" as the reason.

Those results come amid a push on Capitol Hill for more information about the NSA's wiretapping practices. On Monday, Attorney General Alberto Gonzales is expected to testify at a Senate Judiciary Committee hearing, and President Bush and his closest allies have been stepping up their defense of the program in preparation for it.

To be sure, there are a number of possible explanations for the companies' silence. In some cases, a company's media department could have been overworked. Another possibility is the company's lawyers were unavailable or chose not to reply for unknown reasons.

Also, some survey recipients, such as NTT Communications, responded with a general statement expressing compliance "with law enforcement requests as permitted and required by law" rather than addressing the question of NSA surveillance.

Who's helping the NSA?

CNET News.com asked telecommunications and Internet companies about cooperation with the Bush administration's domestic eavesdropping scheme. We asked them: "Have you turned over information or opened up your networks to the NSA without being compelled by law?"

Company Response
Adelphia Communications Declined comment
AOL Time Warner No [1]
AT&T Declined comment
BellSouth Communications No
Cable & Wireless* No response
Cablevision Systems No
CenturyTel No
Charter Communications No [1]
Cingular Wireless No [2]
Citizens Communications No response
Cogent Communications* No [1]
Comcast No
Cox Communications No
EarthLink No
Global Crossing* Inconclusive
Google Declined comment
Level 3* No response
Microsoft No [3]
NTT Communications* Inconclusive [4]
Qwest Communications No [2]
SAVVIS Communications* No response
Sprint Nextel No [2]
T-Mobile USA No [2]
United Online No response
Verizon Communications Inconclusive [5]
XO Communications* No [1]
Yahoo Declined comment

* = Not a company contacted by Rep. John Conyers.
[1] The answer did not explicitly address NSA but said that compliance happens only if required by law.
[2] Provided by a source with knowledge of what this company is telling Conyers. In the case of Sprint Nextel, the source was familiar with Nextel's operations.
[3] As part of an answer to a closely related question for a different survey.
[4] The response was "NTT Communications respects the privacy rights of our customers and complies fully with law enforcement requests as permitted and required by law."
[5] The response was "Verizon complies with applicable laws and does not comment on law enforcement or national security matters."

A lawsuit that could yield more details about industry cooperation is winding its way through the federal courts. Last week, the Electronic Frontier Foundation, a civil liberties group based in San Francisco, sued AT&T after a report that the company had shared its customer records database--though not its network--with the NSA.

AT&T would not respond when asked whether it participated. An AT&T spokesman, Dave Pacholczyk, said: "We don't comment on matters of national security."

The News.com survey, started Jan. 25, found that wireless providers and cable companies were the most likely to distance themselves from the NSA. Cingular Wireless, Comcast, Cox Communications, Sprint Nextel and T-Mobile said they had not turned over information or opened their networks to the NSA without being required by law.

Companies that are backbone providers, or which operate undersea cables spanning the ocean, were among the least likely to respond. AT&T, Cable & Wireless, Global Crossing, Level 3, NTT Communications, SAVVIS Communications and Verizon Communications chose not to answer the questions posed to them.

The New York Times reported on Dec. 24 that the NSA has gained access to switches that act as gateways at the borders between the United States' communications networks and international networks. But "the identities of the corporations involved could not be determined," the newspaper added.

At the water's edge
Analysts and historians who follow the intelligence community have long said the companies that operate submarine cables--armored sheaths wrapped around bundles of fiber optic lines--surreptitiously provide access to the NSA.

"You go to Global Crossing and say...once your cable comes up for air in New Jersey or on the coast of Virginia, wherever it goes up, we want to put a little splice in, thank you very much, which NSA can do," said Matthew Aid, who recently completed the first volume in a multiple-volume history of the NSA. "The technology of getting access to that stuff is fairly straightforward."

Aid was citing Global Crossing as an example, not singling it out. Global Crossing describes itself as an Internet backbone network that shuttles traffic for about 700 telecommunications carriers, mobile operators and Internet service providers. According to the International Cable Protection Committee, the company has full or partial ownership of several trans-Atlantic and trans-Pacific cables. Global Crossing spokesman Tom Topalian said "99 percent of wiretapping is done at a local phone company level" instead of at backbone providers. Topalian declined to answer questions about NSA access, and added: "All U.S. carriers have to comply with the CALEA act, and Global Crossing complies with CALEA." (CALEA is a 1994 federal law requiring certain telecommunications providers to make their networks wiretap-friendly for domestic law enforcement, not intelligence agencies.)

Videos:
Click here to Play

No warrant required
Attorney General Alberto Gonzales testifies.

Click here to Play

Is NSA spying legal?
Sen. Patrick Leahy
attacks NSA spying.


Click here to Play

Examining wiretaps
Sen. Arlen Specter
quizzes Gonzales.

Rep. John Conyers, D-Mich., last month sent a letter (click for PDF) to companies including Google, Yahoo, EarthLink, Verizon and T-Mobile asking them if they cooperated with the NSA. News.com asked similar questions, but expanded the number of companies to include backbone and submarine cable providers.

Among the companies that responded, some offered far more detail than others. Les Seagraves, EarthLink's chief privacy officer, said: "We've never even been asked to give information without the benefit of a subpoena or a court order behind it. And our policy is to require a subpoena or court order, basically to require a court of law behind the inquiry."

"We're very interested in protecting our customers' privacy and balancing that with our duties to comply with the law," Seagraves added. "Our way to balance that is to definitely make sure we have a valid legal request before we release any information."

Comcast spokesman Tim Fitzpatrick said the company "will only provide customer information pursuant to a valid court order and only if Comcast's records contain information sufficient to identify the customer account on the (date or dates) listed in the court order."

A representative of Cox Communications, David Grabert, said: "Cox has never received a request for information or a wiretap that was not accompanied by a warrant."

NSA's history of industry deals
Louis Tordella, the longest-serving deputy director of the NSA, acknowledged to overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies including Western Union secretly turning over copies of all messages sent to or from the United States.

"All of the big international carriers were involved, but none of 'em ever got a nickel for what they did," Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA's inspector general.

The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA's headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.

Like today's eavesdropping system authorized by Bush, Project Shamrock had a "watch list" of people in the U.S. whose conversations would be identified and plucked out of the ether by NSA computers. It was intended to be used for foreign intelligence purposes.

Click for info-graphic

Then-President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock's electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized a program to intercept "the communications of U.S. citizens using international facilities," meaning international calls, according to James Bamford's 2001 book titled "Body of Secrets."

Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda and the Rev. Martin Luther King Jr.

Details about Project Shamrock became public as part of a Senate investigation of the NSA. Telegraph companies participating in the program initially balked when questioned by Senate investigators. But documents turned over by the NSA "cast doubt on the veracity of the companies' claims that they could find no documentation pertaining to Shamrock," wrote Snider. "After all, this had concerned the highest levels of their corporate management for at least four years."

Another apparent example of NSA and industry cooperation became public in 1995. The Baltimore Sun reported that for decades NSA had rigged the encryption products of Crypto AG, a Swiss firm, so U.S. eavesdroppers could easily break their codes.

The six-part story, based on interviews with former employees and company documents, said Crypto AG sold its compromised security products to some 120 countries, including prime U.S. intelligence targets such as Iran, Iraq, Libya and Yugoslavia. (Crypto AG disputed the allegations.)

"Only a very few top executives"
The extent of the NSA's surveillance project in operation today remains unclear. Attorney General Gonzales has stressed that the program intercepts e-mail and phone conversations only when "one party to the communication is outside the United States."

In his book titled "State of War," New York Times reporter James Risen wrote: "The NSA has extremely close relationships with both the telecommunications and computer industries, according to several government officials. Only a very few top executives in each corporation are aware of such relationships."

Tapping into undersea copper and fiber-optic cables where they make landfall would be one way to create a virtual web of surveillance that can snare Internet packets or voice communications when they traverse U.S. borders. One benefit for the government is that one participant in the conversation is likely to be overseas--permitting Gonzales and the NSA to stress the interception's international nature.

Another method would be to seek the cooperation of backbone providers with networks entirely within the United States. That could be done with a tap hooked up to the switches at a telephone company or backbone provider, said Phill Shade, a network engineer for WildPackets who is the company's director of international support services. WildPackets sells network analysis software.

"The tap essentially splits off a copy of the traffic--it would literally take a copy of all the traffic as it moves through the wire," Shade said. "Picture a capital letter 'Y' in your head...One copy goes back out the regular wire on the right side of the wire, and the copy you're interested in splitting goes off the left side of the Y to you. These are very common networking devices, used in networks all over the world."

The tap's exact location may matter. Sen. Arlen Specter, a Pennsylvania Republican who is convening Monday's hearing, has asked Gonzales to respond to a series of questions about the legality of the program. One question Specter is posing: If intercepted calls are "routed through switches which were physically located on U.S. soil, would that constitute a violation of law or regulation restricting NSA from conducting surveillance inside the United States?"

Close
Drag