Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Accidentally Leaks NSA Suit Information

Posted by ryuzaki0 on from the that's-a-big-oops dept.

op12 writes "CNET has an article describing how AT&T accidentally leaked sensitive information involving the NSA lawsuit. From the article: 'AT&T's attorneys this week filed a 25-page legal brief striped with thick black lines that were intended to obscure portions of three pages and render them unreadable. But the obscured text nevertheless can be copied and pasted inside some PDF readers, including Preview under Apple's OS X and the xpdf utility used with X11. The deleted portions of the legal brief seek to offer benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center that would be designed to monitor Internet and telephone traffic. The Electronic Frontier Foundation, which filed the class action lawsuit in January, alleges that room is used by an unlawful National Security Agency surveillance program.""

22 of 274 comments (clear)

  1. DMCA anyone? by MarkByers · · Score: 5, Funny

    But the obscured text nevertheless can be copied and pasted inside some PDF readers, including Preview under Apple's OS X and the xpdf utility used with X11.

    Looks like Slashdot is informing readers how to avoid document protection mechanisms. I hope you don't get sued under the DMCA!

    --
    I'll probably be modded down for this...
  2. Oh crap by Intron · · Score: 4, Funny

    Now xpdf will be banned under the DMCA.

    --
    Intron: the portion of DNA which expresses nothing useful.
  3. Proactive protection... by Volante3192 · · Score: 5, Insightful

    So, if there really are...
    benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center
    then why did...
    the Bush administration [submit] a 29-page brief that elaborates on its argument that the case should be tossed out of court because of the "state secrets" privilege?

    Seems like if they didn't do anything illegal they have nothing to fear.

  4. What's amazing is by thealsir · · Score: 5, Insightful

    That the US as a whole doesn't seem to give a shit about this. Look at the results of polls. Ranges from general aloofness to "it's good for National Security(TM)." Look at T's stock price. Huh, normally a company with such an incriminating lawsuit wielded against it would take at least somewhat of a hit in price (though the markets ARE very wierd right now). It seems that the techie crowd are the very small minority of folks who actually care that their phone calls were tracked without ANY precedent in the first place. We're not talking warrantless tracking, we're talking completely random warrantless tracking. What was the saying in Rome? Feed the masses and give them entertainment, and you can do anything to them.

    --
    Do not downmod posts "overrated" simply because you disagree with them.
    1. Re:What's amazing is by QuantumRiff · · Score: 5, Insightful

      The population as a whole can not conceptialize the power of correlated data. They see shopping "club cards" and see that they get a better price. They watch "24", and see that the bad guys are caught cause their license plates are pulled up in 5 seconds (all bad guys drive their own vehicles, of course!).. they see stoplight cams taking pictures of license plates as making the streets safer..

      We geeks deal with data every day. We understand that patterns can be drawn from it, often very incorrect patterns based off of incomplete data.

      The non-geeks cannot comprehend that in the next very few short years, they will get a knock on the door, and the police will say, On Thursday, at 8am, you shopped at the grocery store on 10th street, bought a bunch of bannana's and some milk. 20 minutes later, you were seen driving buy at 3MPH over the speed-limit on this street, which is only 5 minutes from the grocery store. You had better account for exactly what you did during that 15 minutes, because we are placing you under arrest for a crime that was commited in that area at that time. We also see that you have called your nephew 3 times in the last month, who was served 6 months (several years ago) in jail for an assault. And you give money to the ACLU, which makes our job harder.

      --

      What are we going to do tonight Brain?
    2. Re:What's amazing is by rbochan · · Score: 4, Insightful

      That the US as a whole doesn't seem to give a shit about this....

      The US government must think that Americans are lazy, brainless sheep who will shut out even the most obvious evidence that criminals are running the country. I mean seriously, only the most idiotic... Oh look! American Idol is on!

      --
      ...Rob
      The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
    3. Re:What's amazing is by iminplaya · · Score: 5, Interesting

      Oh look! American Idol is on!

      US pop show victor attracts more votes than any president

      --
      What?
  5. When will they learn? by cdavies · · Score: 4, Insightful

    I swear, I've heard about so many instances of this exact same attack, I stop feeling sorry for the idiots who are surely going to get fired for this.

    If it's not people who don't really understand how postscript works, it's people who don't realise those 4MB word files contain more than just the visible part of the document....

  6. Re:Here's why _you_ should dismiss the case... by packetmon · · Score: 5, Insightful
    Cryptome has had copies of these documents for some time (about a week). You should take some time to read them. This gentleman falls in line with Michael Lynn who lost his job for disclosing Cisco's flaws. With the government wanting to monitor everything and its mother, I think it serves them right to have the truth exposed. If you'd like an interesting read, read on:

    mass surveillance of the entire population is logically plausible if NSA's domestic spying is not looking for terrorists, but looking for something else, something that is not so rare as terrorists. For example, the May 19 Fox News opinion poll of 900 registered voters found that 30% dislike the Bush administration so much they want him impeached. If NSA were monitoring email and phone calls to identify pro-impeachment people, and if the accuracy rate were .90 and the error rate were .01, then the probability that people are pro-impeachment given that NSA surveillance system identified them as such, would be p=.98, which is coming close to certainty (p_1.00). Mass surveillance by NSA of all Americans' phone calls and emails would be very effective for domestic political intelligence.

    But finding a few terrorists by mass surveillance of the phone calls and email messages of 300 million Americans is mathematically impossible, and NSA certainly knows that. The Politics of Paranoia and Intimidation
    Anyhow, here's an unredacted excerpt:

    In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco -- actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.
    --
    Infiltrated dot Net
  7. Dumb and dumber.... by gweihir · · Score: 4, Insightful

    Every educated person should now know that black bars in PDF do not remove what is under them. There were several high-profile cases in the press by now.

    In addition, do these people not employ any security experts that tell them how to do this right? Making clean (text) documents is really easy: Export to ASCII, remove text, import as ASCII. But obviously this low-tech approach needs a qualified high wizard of computing today.

    Not that I mind that these amoral scum got bitten.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Dumb and dumber.... by jandrese · · Score: 4, Insightful

      That destroys the formatting and makes your work look very unprofessional. There are better ways to redact information from a PDF.

      The biggest problem is that it's a paradigm shift for these people and they're not ready for it. The "Black Bars" always worked with regular documents, but when they were forced (against their will) to switch to electronic documents many people tried to find ways to make all of their old procedures work with the new format. This always happens when you force people to switch to technologies they're not comfortable with, and throughout history has been an enormous source of lost productivity and security leaks. The kind of people who are making these mistakes aren't the kind of people who read Slashdot, they're the ones that are thankful when they can finally go home every night and get away from those godforsaken computers for the rest of the day.

      --

      I read the internet for the articles.
    2. Re:Dumb and dumber.... by (H)elix1 · · Score: 4, Insightful

      Not that I mind that these amoral scum got bitten.

      But did they? I mean, if I wanted to sow disinformation, hiding something with the intent it might be found is a great way to it.

      (/me double checks tinfoil hat... and peeks outside for black helicopters)

      --
      +++ UGUCAUCGUAUUUCU
  8. Why are they suing AT&T? by Anonymous Coward · · Score: 5, Insightful

    You think they would sue the ones actually responsible for making this all happen, you know, the fucking government?

      Suing AT&T really misses the point...

    1. Re:Why are they suing AT&T? by Spy+der+Mann · · Score: 5, Insightful

      Suing AT&T really misses the point...

      No, it tells companies that the government isn't the only one they should fear.

    2. Re:Why are they suing AT&T? by DragonWriter · · Score: 5, Interesting

      AT&T is the one prohibited by law from providing this information; the government isn't prohibited from receiving it, though they are prohibited from seizing it.

      So they are suing the people that broke the law.

      Plus, of course, sovereign immunity makes it difficult to sue the government unless it voluntarily decides to let you.

    3. Re:Why are they suing AT&T? by deblau · · Score: 4, Insightful
      You think they would sue the ones actually responsible for making this all happen, you know, the fucking government?

      Under settled principles of sovereign immunity, the United States, as sovereign, is immune from suit, save as it consents to be sued. United States v. Dalm, 494 U.S. 596, 608 (1990) (internal quotes omitted). A necessary corollary of this rule is that when Congress attaches conditions to legislation waiving the sovereign immunity of the United States, those conditions must be strictly observed, and exceptions thereto are not to be lightly implied. Block v. North Dakota, 461 U.S. 273, 287 (1983).

      Point me to a statute that explicitly recognizes the right of a private citizen to bring suit against the NSA for this kind of thing, and then we'll continue the discussion. (The Fourth Amendment might be used, in conjunction with Article III section 2 and 28 U.S.C. 1331 or 28 U.S.C. 1346(a)(2), but there's a tricky issue of standing to be resolved. Without at least some evidence of the NSA spying on the plaintiff individually, there's no way to support a claim of actual injury, and the case will be dismissed on a Rule 12(b)(6) motion.)

      --
      This post expresses my opinion, not that of my employer. And yes, IAAL.
  9. This "leak" is intentional. by jthill · · Score: 4, Informative

    This is a multinational corporation with its global reputation on the line, not some band of trolls that can't abide sunlight. They have very, very smart people running their response. Their bland, everything's-fine, "we're just innocent li'l good boys doing what we should" arguments aren't even remotely plausible candidates for secret filings. It's a dodge, meant to convince the people who want to trust them and divert the ones who don't.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
  10. You see? by cno3 · · Score: 4, Funny

    This is what happens when you outsource your redacting responsibilities to overseas contractors.

  11. Amazingly Sloppy by flooey · · Score: 4, Informative

    Considering they're apparently working with the NSA, it's amazing they were this sloppy. If you've ever seen an NSA release of a classified document that's been scrubbed, it's always very clear that it's either a document that someone has physically overwritten with a black marker and then scanned (such as here), or a document that was edited on a computer, printed out, and then scanned back in again (such as here). They do that precisely so there's no traces of old information left in there. I'm surprised they didn't lend their trick to AT&T.

  12. Re:Here's why _you_ should dismiss the case... by Speare · · Score: 4, Funny

    Here's a little "political-cartoon-style" diagram I put together a week ago on this topic: http://halley.cc/2006-05-16.hidden.agenda.jpg

    --
    [ .sig file not found ]
  13. Re:Here's why _you_ should dismiss the case... by packetmon · · Score: 5, Informative
    You're wrong. FACT #1: Novak wrote the column. Cheney and Libby Scooter leaked it to him, read the court documents and get your information correct. FACT#2 Cryptography such as PGP is unbreakable as it is known. Assume? We know the breakdown of that term. FACT#3 If the NSA should decide to sniff encrypted traffic, and if by slight chance they had enough disk space and time to break the message, chances are, within the amount of time needed to break the encryption, an act of terrorism would have been acted out making their sniffing worthless. Takes time to break codes so I suggest you read up on the problems of cracking codes (A Tutorial on Linear and Differential Cryptanalysis)

    128-bit encryption: 0.25 sextillion years. That's barebones SSL. PGP with a 4096 bit key? Right...

    --
    Infiltrated dot Net
  14. What the lawyers hid from you by Anonymous Coward · · Score: 5, Informative
    For those who cannot read the redacted pdf brief online, here are the parts in bold italics that the lawyers did not want you to read.
    Plaintiffs contend that the Klein Declaration is itself sufficient to make out a prima facie case on their statutory claims. But even if one focused only on the two claims as to which plaintiffs make any argument, the Court could not determine the validity of those claims without first evaluating information covered by the government's state secrets assertion. Plaintiffs' suggestion that they need only show that certain communications have been split off into a "secret room" strips multiple elements from the statutes on which their claims are based and glosses over numerous issues that would have to be explored if their claims were ever to be fully litigated.

    AT&T cannot confirm or deny any of the facts on which plaintiffs' complaint is based. But it is certain that the Klein Declaration and its associated exhibits are insufficient to demonstrate any illegal conduct by AT&T. Plaintiffs offer no evidence regarding what, if anything, actually happens to any data once it allegedly enters the alleged "secret room." Plaintiffs' purported expert provides merely "suggestive" configurations between unknown equipment in an AT&T facility. See Declaration of J. Scott Marcus In Support of Motion for Preliminary Injunction (Dkt. 32) 74. His strongest opinion, explicitly based "in terms of media claims" is conditioned entirely on a supposition: "if the government is in fact in communication with this infrastructure." Id. 39. Plaintiff's purported expert, of course, has no knowledge whether this is true or not.

    Even accepting their allegations as true, plaintiffs' declarations fail to establish their claims. Key factual issues that bear directly on the viability of their legal claims and AT&T's defenses are subject to the Government's state secrets assertion and are unavailable. Without either confirming or denying the plaintiffs' assertions, AT&T notes that the facts recited by plaintiffs are entirely consistent with any number of legitimate Internet monitoring systems, such as those used to detect viruses and stop hackers. Although the plaintiffs ominously refer to the equipment as the "Surveillance Configuration," the same physical equipment could be utilized exclusively for other surveillance in full compliance with the terms of FISA - which even the plaintiffs themselves would not contend is unlawful. See id. 40 ("The SG3 Configurations could be used for a number of legitimate purposes."). The mere existence of these so-called configurations, even if plaintiffs' allegations were accurate, would not by itself be prima facie evidence of what - if any - information is intercepted or divulged or by whom. And it certainly is not prima facie evidence of any illegality. Plaintiffs fail to establish even a prima facie case that there has been an "interception" of "contents" within the meaning of 18 U.S.C. 2510(4) & (8), whether there has been "electronic surveillance" within the meaning of 50 U.S.C. 1801(f), and whether particular statutory exemptions do not apply, see, e.g., 18 U.S.C. 2702(c). Certainly nothing compels the inference that the contents of communications of "millions of ordinary Americans," (Motion for Preliminary Injunction (Dkt. 30) at 11), have been divulged to the government, in contradiction of the government's statement that communications are intercepted only if the government has "a reasonable basis to conclude that one party to the communication is a member of al Qaeda," or otherwise affiliated with al Qaeda. Press Briefing by Attorney General Alberto Gonzales and General Michael Hayden, Plaintiffs' Request for Judicial Notice (Attachment 2) (Dkt. 20).