Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ex AT&T Tech Says NSA Monitors All Web Traffic

Posted by Zonk on from the tinfoil-hats-engaged dept.

Sir Tandeth writes "A former technician at AT&T, who alleges that the telecom giant forwards virtually all of its internet traffic into a 'secret room' to facilitate government spying, says the whole operation reminds him of something out of Orwell's 1984. Appearing on MSNBC's Countdown program, whistleblower Mark Klein told Keith Olbermann that all Internet traffic passing over AT&T lines was copied into a locked room at the company's San Francisco office — to which only employees with National Security Agency clearance had access. 'Klein was on Capitol Hill Wednesday attempting to convince lawmakers not to give a blanket, retroactive immunity to telecom companies for their secret cooperation with the government. He said that as an AT&T technician overseeing Internet operations in San Francisco, he helped maintain optical splitters that diverted data en route to and from AT&T customers. '"

6 of 566 comments (clear)

  1. I've read about this before. by morgan_greywolf · · Score: 4, Informative

    You can read Klein's April 2006 statement in his own words here and there are pictures of the secret room at AT&T here.

    Very scary stuff.

    --
    My blog
    1. Re:I've read about this before. by NoData · · Score: 3, Informative

      Also, good interview with Mark Klein on NPR's All Things Considered.
      http://www.npr.org/templates/story/story.php?storyId=16088947&ft=1&f=1
      One thing he mentions: The NSA likely has installations like this maybe a dozen of locations around the country.

  2. Re:Encrypt by 644bd346996 · · Score: 5, Informative

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Clear enough? No warrant, no searches or seizures of my stuff. They are particularly prohibited from searching through all of my correspondence without a warrant.
  3. Re:Encrypt by Shimmer · · Score: 5, Informative
    The insufficiency of analogy to more traditional means of communication (postal service in sealed envelopes, telegraph, town crier, word of mouth, whatever) is sufficient demonstration that the constitution is unclear on these matters.

    Fine. Have you by any chance ever read the 10th Amendment?

    The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
    In other words, if the Constitution is unclear and there is no relevant law then the Federal Govt. has no power whatsoever to intercept our Internet traffic.
    --
    The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
  4. Re:Encrypt by 11223 · · Score: 3, Informative

    I'm afraid you do not understand how public key crypto works. If Alice has Bob's key and has personally verified that the signature of the key, communication between Alice and Bob is secure so long as the "hard problem" that the cryptosystem depends on (e.g. discrete log for RSA) is not broken. There is no proxying which can take place; Alice encrypts her traffic with Bob's public key before sending it to him.

    Is it possible you've confused public key cryptosystems in general with systems based on Diffie-Hellman key exchange that provide protection against eavesdroppers but not man-in-the-middle attacks?

  5. Re:Encrypt by Chris+Burke · · Score: 3, Informative

    I'm afraid you do not understand how public key crypto works. If Alice has Bob's key and has personally verified that the signature of the key, communication between Alice and Bob is secure so long as the "hard problem" that the cryptosystem depends on (e.g. discrete log for RSA) is not broken. There is no proxying which can take place; Alice encrypts her traffic with Bob's public key before sending it to him.

    The first bold part is what commonly makes the second bold part untrue.

    Unless Alice has personally verified that the key she has is in fact Bob's key and vice versa, then she doesn't know for sure that it's Bob's public key that she's using. If Alice just get Bob's public key off the internet itself, then Alice doesn't know that it was Bob Alice was talking too and it may actually be Charlie's public key that she received. If it is in fact Charlie's public key, then Charlie can act as a man-in-the-middle. Alice unknowingly sends a message to Charlie with Charlie's public key, he decrypts it, re-encrypts it with Bob's public key, then sends it on to Bob. Neither will ever know.

    People get around this by using certificates which come from a Certificate Authority whom they trust and who verifies that the keys you received are really Bob's keys and not Charlie's. The same problem shows up here, though, since at the point where Alice is communicating with the certificate authority over the internet, the CA is basically Bob and she's in the same boat.

    People get around this part of the problem by having the Certificate Authority's keys hard-coded inside their browsers and OSes. There are two problems with this, one general and the other specific. The general problem is that if you get your browser over the internet, once again you can't be sure that the CA's key is really the right key and that the MD5 hash is really the MD5 hash of the unmodified browser. The specific problem is that this whole article is about the government getting telecom companies to cooperate with their spying programs. The Certificate Authority's usually fall into that category, and it would be naive to assume that they haven't handed over to the government their private keys, in which case NSA-Charlie doesn't even need to feed you a fake CA key somehow, he can just flat out pose as CA-Bob.

    It is fundamentally impossible to share cryptographic keys securely over an insecure communication network. This is known as "the key exchange problem", and it's really, literally, impossible to fix. The only way to truly be secure when exchanging keys is for Alice and Bob to step outside the insecure network and physically meet in person, and exchange keys and verify that the other person has the correct key.

    So if you're really so paranoid that you feel you must encrypt all your communications to keep the government from spying on you, just remember this, and find an off-line way to exchange public keys with everyone you wish to talk to.

    --

    The enemies of Democracy are