AT&T Accidentally Leaks NSA Suit Information

op12 writes "CNET has an article describing how AT&T accidentally leaked sensitive information involving the NSA lawsuit. From the article: 'AT&T's attorneys this week filed a 25-page legal brief striped with thick black lines that were intended to obscure portions of three pages and render them unreadable. But the obscured text nevertheless can be copied and pasted inside some PDF readers, including Preview under Apple's OS X and the xpdf utility used with X11. The deleted portions of the legal brief seek to offer benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center that would be designed to monitor Internet and telephone traffic. The Electronic Frontier Foundation, which filed the class action lawsuit in January, alleges that room is used by an unlawful National Security Agency surveillance program.""

Proactive protection...

[Volante3192]

So, if there really are...
benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center
then why did...
the Bush administration [submit] a 29-page brief that elaborates on its argument that the case should be tossed out of court because of the "state secrets" privilege?

Seems like if they didn't do anything illegal they have nothing to fear.

What's amazing is

[thealsir]

That the US as a whole doesn't seem to give a shit about this. Look at the results of polls. Ranges from general aloofness to "it's good for National Security(TM)." Look at T's stock price. Huh, normally a company with such an incriminating lawsuit wielded against it would take at least somewhat of a hit in price (though the markets ARE very wierd right now). It seems that the techie crowd are the very small minority of folks who actually care that their phone calls were tracked without ANY precedent in the first place. We're not talking warrantless tracking, we're talking completely random warrantless tracking. What was the saying in Rome? Feed the masses and give them entertainment, and you can do anything to them.

Re:What's amazing is

[QuantumRiff]

The population as a whole can not conceptialize the power of correlated data. They see shopping "club cards" and see that they get a better price. They watch "24", and see that the bad guys are caught cause their license plates are pulled up in 5 seconds (all bad guys drive their own vehicles, of course!).. they see stoplight cams taking pictures of license plates as making the streets safer..

We geeks deal with data every day. We understand that patterns can be drawn from it, often very incorrect patterns based off of incomplete data.

The non-geeks cannot comprehend that in the next very few short years, they will get a knock on the door, and the police will say, On Thursday, at 8am, you shopped at the grocery store on 10th street, bought a bunch of bannana's and some milk. 20 minutes later, you were seen driving buy at 3MPH over the speed-limit on this street, which is only 5 minutes from the grocery store. You had better account for exactly what you did during that 15 minutes, because we are placing you under arrest for a crime that was commited in that area at that time. We also see that you have called your nephew 3 times in the last month, who was served 6 months (several years ago) in jail for an assault. And you give money to the ACLU, which makes our job harder.

Re:What's amazing is

[rbochan]

That the US as a whole doesn't seem to give a shit about this....

The US government must think that Americans are lazy, brainless sheep who will shut out even the most obvious evidence that criminals are running the country. I mean seriously, only the most idiotic... Oh look! American Idol is on!

When will they learn?

[cdavies]

I swear, I've heard about so many instances of this exact same attack, I stop feeling sorry for the idiots who are surely going to get fired for this.

If it's not people who don't really understand how postscript works, it's people who don't realise those 4MB word files contain more than just the visible part of the document....

Re:Here's why _you_ should dismiss the case...

[packetmon]

Cryptome has had copies of these documents for some time (about a week). You should take some time to read them. This gentleman falls in line with Michael Lynn who lost his job for disclosing Cisco's flaws. With the government wanting to monitor everything and its mother, I think it serves them right to have the truth exposed. If you'd like an interesting read, read on:

mass surveillance of the entire population is logically plausible if NSA's domestic spying is not looking for terrorists, but looking for something else, something that is not so rare as terrorists. For example, the May 19 Fox News opinion poll of 900 registered voters found that 30% dislike the Bush administration so much they want him impeached. If NSA were monitoring email and phone calls to identify pro-impeachment people, and if the accuracy rate were .90 and the error rate were .01, then the probability that people are pro-impeachment given that NSA surveillance system identified them as such, would be p=.98, which is coming close to certainty (p_1.00). Mass surveillance by NSA of all Americans' phone calls and emails would be very effective for domestic political intelligence.

But finding a few terrorists by mass surveillance of the phone calls and email messages of 300 million Americans is mathematically impossible, and NSA certainly knows that. The Politics of Paranoia and Intimidation

Anyhow, here's an unredacted excerpt:

In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco -- actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.

Dumb and dumber....

[gweihir]

Every educated person should now know that black bars in PDF do not remove what is under them. There were several high-profile cases in the press by now.

In addition, do these people not employ any security experts that tell them how to do this right? Making clean (text) documents is really easy: Export to ASCII, remove text, import as ASCII. But obviously this low-tech approach needs a qualified high wizard of computing today.

Not that I mind that these amoral scum got bitten.

Re:Dumb and dumber....

[jandrese]

That destroys the formatting and makes your work look very unprofessional. There are better ways to redact information from a PDF.

The biggest problem is that it's a paradigm shift for these people and they're not ready for it. The "Black Bars" always worked with regular documents, but when they were forced (against their will) to switch to electronic documents many people tried to find ways to make all of their old procedures work with the new format. This always happens when you force people to switch to technologies they're not comfortable with, and throughout history has been an enormous source of lost productivity and security leaks. The kind of people who are making these mistakes aren't the kind of people who read Slashdot, they're the ones that are thankful when they can finally go home every night and get away from those godforsaken computers for the rest of the day.

Re:Dumb and dumber....

[(H)elix1]

Not that I mind that these amoral scum got bitten.

But did they? I mean, if I wanted to sow disinformation, hiding something with the intent it might be found is a great way to it.

(/me double checks tinfoil hat... and peeks outside for black helicopters)

Why are they suing AT&T?

You think they would sue the ones actually responsible for making this all happen, you know, the fucking government?

  Suing AT&T really misses the point...

Re:Why are they suing AT&T?

[Spy+der+Mann]

Suing AT&T really misses the point...

No, it tells companies that the government isn't the only one they should fear.

Re:Why are they suing AT&T?

[deblau]

You think they would sue the ones actually responsible for making this all happen, you know, the fucking government?

Under settled principles of sovereign immunity, the United States, as sovereign, is immune from suit, save as it consents to be sued. United States v. Dalm, 494 U.S. 596, 608 (1990) (internal quotes omitted). A necessary corollary of this rule is that when Congress attaches conditions to legislation waiving the sovereign immunity of the United States, those conditions must be strictly observed, and exceptions thereto are not to be lightly implied. Block v. North Dakota, 461 U.S. 273, 287 (1983).

Point me to a statute that explicitly recognizes the right of a private citizen to bring suit against the NSA for this kind of thing, and then we'll continue the discussion. (The Fourth Amendment might be used, in conjunction with Article III section 2 and 28 U.S.C. 1331 or 28 U.S.C. 1346(a)(2), but there's a tricky issue of standing to be resolved. Without at least some evidence of the NSA spying on the plaintiff individually, there's no way to support a claim of actual injury, and the case will be dismissed on a Rule 12(b)(6) motion.)