Surveillance 'partnership' between NSA and telcos points to AT&T, Verizon

Newly disclosed classified document suggests firms allowed spy agency to access e-mail and phone call data by tapping into their "fiber-optic cables, gateway switches, and data networks."

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
Declan McCullagh
6 min read
The National Security Agency entered into "collection partnerships" with a pair of telecommunications companies that permitted tapping their fiber links. Evidence suggests it's AT&T and Verizon.
The National Security Agency entered into "collection partnerships" with a pair of telecommunications companies that permitted tapping their fiber links. Evidence suggests it's AT&T and Verizon.

Want to play a game of "guess who?"

A newly disclosed top secret document lauds the National Security Agency's "productive" and long-standing surveillance "partnership" with a pair of telecommunications providers -- that permitted tapping into their fiber links -- but without naming names.

This is where things get interesting for clue sleuths.

Even in the top-secret document published by the Guardian today, the firms are described only as "Company A" and "Company B." But the NSA's inspector general did disclose that, at the time the program was being formed in the wake of the September 11 attacks, the agency entered into the partnerships because Company A had access to 39 percent of international phone calls, and Company B had access to 28 percent.

Those figures closely correspond with Federal Communications Commission data (PDF). The most recent figures publicly available in late 2001, when the carrier "partnerships" were being expanded, reveal that AT&T carried 38.2 percent of international minutes billed to U.S. carriers. MCI, now part of Verizon, carried 29.1 percent.

Verizon spokesman Ed McFadden would not confirm or deny his employer's identity as company B, and told CNET today that the company "always requires appropriate legal process" when responding to requests from any government agency. AT&T did not respond to questions.

"Collection partnerships" with these two firms have allowed the spy agency to vacuum up e-mail and phone call content by tapping into their "fiber-optic cables, gateway switches, and data networks," says the 2009 report. That's consistent with previous reports that AT&T permitted the NSA to tap into its telecommunications facilities.

The disclosures, part of a 2009 report prepared by the NSA's Office of the Inspector General, emphasize how crucial -- and sensitive -- the agency's relationships with U.S. telecommunications companies have become.

These relationships also allowed the NSA to take advantage of the United States' role as an international Internet hub, which meant that an outsize share of worldwide traffic flows through the networks of AT&T, Verizon, and other U.S. providers. Even e-mail messages between Latin American and African countries, for instance, are typically routed through U.S. switches because of the lower cost.

NSA Director Keith Alexander believed, according to the inspector general's report, "if the relationships with these companies were ever terminated," the agency's eavesdropping ability would be "irrevocably damaged, because NSA would have sacrificed America's home field advantage as the primary hub for worldwide telecommunications."

Many of these relationships predated the September 11 attacks that dramatically increased the NSA's authority in a warrantless surveillance program secretly authorized by President Bush. A 1981 presidential executive order, for instance, authorized the collection of "signals intelligence information" for foreign intelligence purposes, which the NSA views as authorizing the interception of phone calls "transiting" the United States.

Soon after the 2001 attacks, according to the report, representatives of both Company A and Company B "contacted NSA and asked 'What can we do to help?'" Both had previously been "providing telephony content to NSA before 2001" under the 1981 executive order and the Foreign Intelligence Surveillance Act.

Initially, under the Bush-era program, the NSA was temporarily authorized to intercept "communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States." Then, in 2007, the Justice Department secretly authorized the agency to "analyze communications metadata associated with United States persons and persons believed to be in the United States."

Metadata is defined, according to the inspector general's report, as encompassing phone call records and "Internet Protocol" communications, which would include a person's IP address and what company or service they're communicating with. (Verizon turns over metadata of all customer calls to the NSA, meaning the logs of who called whom, every day.)

The Guardian's report today also cited a December 2012 document prepared by the NSA's Special Source Operations (SSO) directorate discussing classified programs codenamed EvilOlive and ShellTrumpet, which had "processed its one-trillionth metadata record" at the time. The newspaper, which did not make the SSO document public, summarized it as:

With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States. The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect....This new system, SSO stated in December, enables vastly increased collection by the NSA of Internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."

One interpretation of EvilOlive is that the NSA is acquiring the majority of Americans' confidential Internet and phone communications -- or at least the majority flowing through the networks of its partner telecommunications companies -- and archiving them for years. Any subsequent restrictions on access by intelligence analysts would be policy-based, not technology-based, and could be modified in the future to be more permissive.

The Obama administration has declined to discuss the NSA's vast collection apparatus in any detail. A statement last week from James Clapper, the director of national intelligence, said an analyst cannot "can eavesdrop on domestic communications without proper legal authorization" -- but, pointedly, did not say what "proper legal authorization" meant.

In an online chat earlier this month, Snowden said there were few practical restrictions on analysts' ability to target American citizens:

NSA likes to use "domestic" as a weasel word here for a number of reasons....The reality is that due to [a 2008 federal law known as FAA 702], Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications....If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time -- and can be extended further with waivers rather than warrants."

A document previously leaked by Snowden, the former NSA contractor believed to be staying in the transit area of Moscow's Sheremetyevo Airport, described "upstream" data collection from "fiber cables and infrastructure as data flows past."

Documents that came to light in 2006 in a lawsuit brought by the Electronic Frontier Foundation offer insight into the spy agency's relationship with AT&T and other Tier 1 providers. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

"This is a complete vindication," Klein, now retired and living in the San Francisco bay area, told Wired today. "They are collecting everything on everybody."

During a hearing earlier this month, Alexander, the NSA director, said his agency's surveillance programs were valuable intelligence gathering techniques that have helped to keep Americans safe:

Virtually all countries have lawful intercept programs under which they compel communications providers to share data about individuals they believe represent a threat to their societies. Communications providers are required to comply with those programs in the countries in which they operate. The United States is not unique in this capability. The U.S., however, operates its program under the strict oversight and compliance regime that was noted above, with careful oversights by the courts, Congress and the administration....We have created and implemented and continued to monitor a comprehensive mission compliance program inside NSA.

Alexander said that an analyst who wants to "target the content of a U.S. person anywhere in the world" must get a specific court warrant."

Today's disclosures about the NSA's so-called EvilOlive and other programs highlight the lack of strong encryption that would armor the communications of Internet users against warrantless surveillance.

A CNET article last week reported that, with the exception of Google, few large e-mail providers use encryption to protect their customers' privacy. And few, another article yesterday reported, use strong encryption that would shield their customers' Web browsing from government snoops.