
AT&T Helped N.S.A. Spy on an Array of Internet Traffic - denzil_correa
http://www.nytimes.com/2015/08/16/us/politics/att-helped-nsa-spy-on-an-array-of-internet-traffic.html?hp&action=click&pgtype=Homepage&module=first-column-region&region=top-news&WT.nav=top-news&_r=0
======
evook
Cases like this reinforce my opinion, that there is an increasing demand to
educate consumers how to prevent getting data leaked to government
institutions like intelligence services. Especially the consequences of
picking the wrong service provider.

Luckily I am now in a position where I am fully responsible and aware of the
routes my data takes. Yet we as a B2B ISP constantly get requests by
intelligence services to provide information regarding our customers.
Strangely they always assume that's totally okay to -just- ask for the data,
instead of going the formal way. If we demand the judicial permissions they
always rant about emergencies and so on. We can't help but follow the law, and
the law disallows us to keep specific data for more than 60 days. I am really
curious about how many ISPs voluntarily provide their customer data without
asking for judicial permission beforehand.

Such conversations are coming around 2 or 3 times a week.

~~~
Animats
There's one cellular provider which has the obligation under CALEA to do
wiretaps. They comply with the law strictly, which annoys the FBI.

First, CALEA requires that the company provide a "senior official" as a point
of access for law enforcement, and a backup 24/7 contact. Their senior
official is their general counsel, and the backup is another lawyer. It's not
their network operations center. Their general counsel wants to see a warrant,
and checks back with the court to make sure it's valid. This is the way to do
it; bring in Legal.

There's a procedure for "emergency requests" in advance of a warrant under
CALEA. This telco immediately faxes the law enforcement requester a brief form
to fill in for those. It requires name, police department, office address,
badge number, and a brief explanation of why there's no warrant yet. The form
to be signed by the law enforcement official contains a statement that the
official will provide a warrant within 48 hours, and in the event that they
fail to do so, their department will take full responsibility for their
actions, including indemnifying the telco against any costs and damages.
That's followed by a statement that in the event the law enforcement
organization fails to authorize the actions of their official, the official
will be personally responsible for said costs. The telco also reserves the
right to disclose requests for which a court order does not follow.

This discourages fake "emergency" requests. Get your legal people to draft
something like that. The key to this is that law enforcement's interface to
your company should go through your legal department.

(I used to have a link for this, including their forms, but can't find it now.
Can anyone else find it? )

~~~
evook
I am very interested in these forms and would be grateful if someone could
provide a link to them. If they're watertight, we could probably reduce some
overhead with them. Although I dislike the idea of using an employee as an
"responsibility-shield" for failing government agencies.

~~~
gkop
I am interested in discovering the carrier with the most onerous forms in
order to procure service from them.

------
thembones
Where have you all been?

[http://archive.wired.com/science/discoveries/news/2006/05/70...](http://archive.wired.com/science/discoveries/news/2006/05/70908)

10 years old and not even close to the oldest evidence.

~~~
comrade1
This was an interesting and early revelation, but it wasn't until the Snowden
documents that we understood what this closet really meant. We had no idea the
government was recording every phone conversation in the u.s., every email,
etc... We still had some hope that the rule of law as being followed and that
this closet was just a way to make targeted surveillance easier.

~~~
PopeOfNope
> but it wasn't until the Snowden documents that we understood what this
> closet really meant.

> We had no idea the government was recording every phone conversation in the
> u.s.

> We still had some hope that the rule of law as being followed

All lies. This was well covered on slashdot when it happened. We all knew
exactly what it meant.

Snowden's release was iron clad and incontrovertible, which was refreshing,
but it also detailed the extent to which private tech companies outside of
AT&T were aiding the federal government in their illegal activities.

Even the most paranoid nutbag commenting on those old slashdot threads
couldn't imagine how bad it was going to get. Reality outpaced the conspiracy
theorists.

~~~
brazzledazzle
This is my recollection too. I think everyone held their breath hoping we'd
pull away from the edge.

------
danso
Worth reading: ProPublica (who co-published with NYT on this story) has an
explainer of how they followed the trail of documents to break this story:

[https://www.propublica.org/article/a-trail-of-evidence-
leadi...](https://www.propublica.org/article/a-trail-of-evidence-leading-to-
atts-partnership-with-the-nsa)

------
olympus
Is this really a surprise to anyone? We've known that the N.S.A. has gotten
(or coerced) support from communications companies in the past, and AT&T in
particular (the article mentions it going back as far as 2003
[https://en.wikipedia.org/wiki/Room_641A](https://en.wikipedia.org/wiki/Room_641A)).

Did anybody really think it stopped when the secret room was uncovered in
2006? Telecom companies make no promise that your traffic is protected. It's
up to you to protect yourself.

~~~
comrade1
Spying on the u.n. based on terrorism legislation is a revelation. Recording
of all telephone conversations in the u.s. is a revelation. Recording of all
emails, skype, sms, etc is a revelation.

Before discovery of that room everyone knew that there was close cooperation
between the telecoms and the government, but we had no idea it was this close
and we were shocked at especially the recording of all phone conversations in
the u.s.

~~~
DanBC
Even though we had pretty thorough proof of this with ECHELON? Including the
EU parliamen report into echelon; and the stuff about the US using it to
provide commercial advantage to their aerospace industry?

Risk assessment has always been part of security. And people have always said
that you should probably assume a well funded government can and does read
everything. This was more of an assumption, but the fact that governments do
listen to everything should not have been a surprise.

~~~
comrade1
No, not really with ECHELON. That would have required all phone calls in the
u.s. to be routed outside of the u.s., and really the only cooperating country
was the UK, even though Canada was part of the group. It wasn't practical to
route all communications from the u.s. through the UK, and it probably would
have been noticed.

------
facetube
The NSA's giant database will be breached. It's only a matter of time. It
could be state-sponsored (e.g. like the OPM theft), or it could be due to the
NSA's own lack of internal security oversight. Maybe not this year, maybe not
next. I certainly won't have anything to do with it. But it'll eventually
happen. What then?

~~~
revelation
What makes you think they are not already breached?

By any available evidence, these guys can't even maintain a simple download
counter on their wiki. A random IT contractor like Snowden was already gone
for a month and they had no idea. I think they still have no clue what he has.

All the science fiction gives this very distorted picture when really the
people working at the NSA are private-sector leftovers, and even if someone
with half a brain slips into their ranks, a layer of ignorance and government
inefficiency will promptly suffocate them. It's a good thing, their
incompetence is our only protection.

~~~
knowaveragejoe
Wow, if you really believe this, you've got another thing coming.

~~~
bediger4000
Do you even have anecdotes to back this up? I'd prefer some kind of data, a
citation or a revelation from you, but even anecdotes allow me to consider
internal consistency.

Lately, I'm becoming very suspicious of infosec people who imply huge threats,
or mystical capabilities.

------
ErikRogneby
This should surprise no one.
[https://en.wikipedia.org/wiki/Room_641A](https://en.wikipedia.org/wiki/Room_641A)

~~~
harry8
You should also be unsuprised to have it pointed out that your surprise level
is wholly is irrelevant and rather silly to mention. Murder is unsurprising
and we don't ignore it. The "And this surprises you?" Meme response should
always be "Adults are talking."

------
white-flame
> At the same time, the government has been fighting in court to keep the
> identities of its telecom partners hidden.

And because of that, we can trust nobody, and work to encrypt everything at
the most fundamental layers we have access to. Good for individual privacy,
but you can't help but note that the NSA continues to shoot itself in the foot
in pursuing its goals.

There has to be willful ignorance at the top of the food chain. They can't
believe this stuff actually works, or is in any way actually related to
national security. But it must be so, so they double-think themselves into
believing it. Having met people at that level in other government branches, I
can't see it as anything else.

------
niteskunk
My favorite part of this was the not 1 but /3/ AT&T U-verse advertisements
embedded in the mobile page.

"Gee guys, any idea why our conversion rates are so low?"

------
RexRollman
It must be so nice for AT&T; making money twice on the same customer.

------
rwhendrix
It's interesting that they released this report on a Saturday, when markets
are closed.

~~~
Istof
let's keep it on the front page until Monday

------
nickysielicki
What we really need is less centralization and more communities able to invest
in 21st century infrastructure. We might be too far gone, though.

Take this for example: I am a student at the University of Wisconsin. There's
a nonprofit/cooperative in Wisconsin called wiscnet [1]. They provide(d)
libraries and schools with Internet. A Wisconsin telecom association (mostly
backed by AT&T) was able to use their lobby to push it out. Millions in
infrastructure made useless because it was argued to be anticompetitive.

The story is told much better by Ars. [2]

[1]: [http://wiscnet.net/](http://wiscnet.net/)

[2]: [http://arstechnica.com/tech-policy/2011/06/wisconsin-
public-...](http://arstechnica.com/tech-policy/2011/06/wisconsin-public-
internet-fights-telecoms-attempts-to-kill-it-off/)

~~~
mrbill
I think a lot of states have (if not active, legacy) Internet backbones where
schools and such had connectivity back in the day before the "general public".

Oklahoma's is "OneNet"[1], and we had a T1 at usao.edu back in '93 [2].

[1] [https://onenet.net/](https://onenet.net/)

[2] I set up the very first USAO web site as a summer Independent Study
project in '95, running a web server on our VAX 4700. People told me "You have
to have a Sun box to run a web server!" and I proved them wrong. It was a fun
9-week gig, because the actual work only took me a couple of weeks, including
creating a HTML version of the Student Handbook. Bits of the site I created
persisted for almost a decade.

------
c3534l
“We don’t comment on matters of national security”

Wow, they really think that's what they're doing, don't they? Nothing above
and beyond here, right?

BTW, I was actually surveyed by AT&T on the phone when the news that they were
doing this first broke over a decade ago.

------
kfcm
Geez, what a yawner. This has been either assumed or an open secret for
decades.

------
louithethrid
Could the actual physical infrastructure be decentralised? At least in Citys?

------
eternalban
"news": The "Alphabet" companies help one another.

------
known
Cuckoo's nest?

------
comrade1
Hopefully companies and organizations like the UN start moving away from AT&T.
AT&T is a publicly traded company and so the only thing they understand is
profit and loss.

The snowden releases cost u.s. tech companies $100B+, including a 10% drop in
Cisco quarterly revenues. Hopefully this continues as multinationals continue
to move their business outside the u.s.

Let the u.s. government spy on Americans all they want since Americans seem to
like being spied on, while the rest of us move on. I know that mindset doesn't
match many of the people here on HN, but Americans are mostly Authoritarian
and seem to like the comfort they feel from programs like this.

~~~
jonknee
It's very hard to move away from telecom companies. You may switch your direct
services, but whoever you switch to will still use AT&T backbones and the
like. All the big telecoms are guilty of being complicit with the government,
what would make a difference is one taking a stand like Apple/Google has
regarding encryption. That would put pressure on the others to follow suit.

~~~
toomuchtodo
Could Google, Facebook, Amazon, and Apple create a non-profit that owns their
own dark fiber and parcels out capacity?

Think municipal fiber, but at a wholesale level.

~~~
haroldp
Each of those companies has been implicated as complicit in cooperating with
the NSA's warrantless domestic spying.

~~~
us0r
Not sure why you are down voted but the US Intelligence Agencies are Amazon's
single biggest customer.

~~~
chinathrow
Also not sure why we haven't heard anything about Amazon/AWS within the
Snowden docs... yet. Anyone?

~~~
fnordfnordfnord
That was the CIA.

~~~
chinathrow
The customer yes, but I ment some relevations about tapping AWS internally by
the NSA.

