The Whistleblower Who Uncovered the NSA’s ‘Big Brother Machine’
On January 20, 2006, the front doorbell rang at the Electronic Frontier Foundation’s offices on Shotwell Street in the Mission District of San Francisco. At the time, Shotwell Street wasn’t the glamorous part of the Mission. Our offices sat between two auto repair shops, across the street from a utility substation. The sidewalk was often dotted with homeless people’s tents. At one point, San Francisco did a survey, and our block of Shotwell Street had the highest reported amount of human feces in the whole city.
We had many people down on their luck ring that doorbell. Some were just lost. Others sought us out because they believed, quite sincerely, that the government or aliens had put a chip or magnet in their brains. We tried to be sympathetic and point them to other resources, but generally we had to turn them away.
Because of this, it was with friendliness but some caution that our executive director, Shari Steele, answered the bell.
“Do you folks care about privacy?” the guy asked. He was in a tan trench coat, looked to be in his early 60s, with gray hair, intense eyes, and a raspy voice.
“Why yes, we do,” Shari answered.
“Then I have some information for you. I am a retired AT&T technician. I know how the NSA is tapping into the internet at an AT&T facility downtown.”
“Well, come on in.”
Shari found EFF attorney Kevin Bankston in his tiny office. They talked for a long time. After the man left, Kevin and Lee Tien, another EFF attorney, burst into my office.
“This guy named Mark Klein, who just came to the door, has something,” Kevin said, with more excitement than I had seen from him in a long time. I was immediately intrigued, but what they told me blew past my highest expectations. Mark had presented us with unequivocal evidence that the National Security Agency was engaged in mass, untargeted spying in the U.S. by tapping into the internet backbone. And it was doing this from an AT&T building just a short distance from our offices.
The backstory to Mark knocking on EFF’s door starts in 2001 with the government’s response to the horrific 9/11 attacks. The first of these was the Patriot Act.
In the seven weeks between its introduction and passage in 2001, Lee and I stayed up countless nights trying to parse the three-inch-thick printout of the proposed legislation to identify the sections that affected the internet. We needed to understand what laws the government wanted to change, spot overreach and unconstitutionality, and marshal appropriate support or resistance where necessary.
The draft legislation had been rolled out so quickly that we had the impression it was just sitting in an envelope on someone’s desk, with a note that read, “Open at the next crisis.” Our theory was confirmed when we saw that a good chunk of the proposed law was nearly the same package of legal changes that the FBI had tried — and failed — to push after the Oklahoma City bombing in 1995.
One big change impacting surveillance was clear: Prior to September 11, the U.S. had what could reasonably be called a “wall” separating foreign surveillance for national security purposes done by the NSA from domestic surveillance for law enforcement purposes done by the FBI. The theory was that those powers would never be turned on in the U.S. and used against its own people. The Patriot Act, however, helped erode that wall.
“Do you folks care about privacy?”
Soon, folks at EFF started to hear whispers of mass domestic surveillance programs. We were told confidentially that the NSA was gathering all the telephone records from America’s leading telecommunications companies. We separately heard that the NSA was now sitting on the wire in the U.S. We even heard that the agency was collecting metadata on our online activities from both telecommunications companies and some internet companies. Friends in the industry would say things like, “You wouldn’t believe what the NSA is doing in the United States now,” and “I can’t tell you anything without getting in trouble, but it’s massive.”
All sounded wildly illegal under the Foreign Intelligence Surveillance Act (FISA) and the Patriot Act. Several people reached out to us, and each time we sat down with them to see if we had enough provable facts to bring a case. But no one who reached out to talk to us was willing to go on the record, much less provide documentary evidence we could use in court.
The information Mark gave us made the whispers we had heard over the years from our friends at telecommunication companies make more sense. By his account, mass spying involved the internet’s deepest layer, known as the “backbone.” A set of large providers — big companies, academic institutions, and governments — operate a series of powerful computers that provide the backbone’s main data routes.
AT&T operated part of the internet backbone from the Folsom Street facility. One component of Mark’s job was to maintain the section of the AT&T system that routed traffic from AT&T’s internal networks to the internet backbone via a set of connections called “peering links.” What Mark was telling us, and what his documents were showing, was that the NSA was now tapping in at these junctures.
Mark had been a technician at AT&T for many years. In mid-2003, he was transferred to the Folsom Street building and charged with maintaining the room where AT&T’s own fiber-optic network connected to the rest of the internet.
Mark told us that the fiber-optic cables carrying traffic to and from AT&T’s portion of the backbone converged on the seventh floor of the Folsom Street building. This was reasonable. But he showed us that those cables also connected down to the sixth floor of the building. The sixth floor was where the weirdness happened. Sometime in 2002, a “secret room” (designated 641A) had been built on that level of the building, accessible only to workers with NSA clearances. Mark didn’t have clearance himself, but he knew and worked with the person who did and had access to that room.
Next to the secret room was a “splitter cabinet.” On one side, the internet-connecting fiber-optic cables that came down from the seventh floor fed into it. On the other side, two sets of fiber-optic cables came out. One set snaked back up to the seventh floor to carry traffic onto the wider internet. But a second set of cables went into the secret room.
Outside the room, the splitter cabinet and newly installed wiring meant that when the communications came down from the seventh floor, they were “split” there. One copy of the communication went into the secret room, while the other went to the intended recipient. In this way, the NSA could be sitting “on the wire” inside the U.S., the fiber-optic cables that carry everyone’s communications, since it could make and capture a copy of all the traffic passing through the juncture. The NSA could then review the traffic separately, without slowing it down or leaving any trace of what it was actually doing on the public network. Mark called it the “Big Brother machine.”
I tried hard to keep my jaw from dropping as Mark explained both the banality of the technical infrastructure — so clear that I could easily understand how it worked — and the audacity of what the NSA and AT&T had built together to undermine the privacy of likely hundreds of millions of innocent people, including millions of AT&T’s own customers. His revelation was not entirely unexpected; what was unexpected was someone knocking on our front door and handing us the actual schematics.
We talked with several telecommunications experts, and they confirmed that this setup was a reasonable method for the NSA to “sit on the wire” in a way that would allow it to operate surreptitiously while remaining effective. One expert we talked to, who had been involved in the development of several critical internet technologies, including email, web, and document representation and transmission, said, “This isn’t a wiretap, it’s a country tap.”
We had our evidence. This was that crucial confirmation, in a form admissible in court, that we had been hoping for. We knew, and could now prove, that AT&T had facilitated illegal domestic surveillance of internet communications. As part of the legal strategy we had been crafting, this evidence would help us bring a lawsuit against mass surveillance.
It was nearing the end of January. With Mark Klein’s direct evidence about AT&T in hand, the next thing to do was to get him his own lawyers. We needed him as a star witness, so we couldn’t have him be our client. The risk of conflicts of interest between Mark and AT&T customers wasn’t great, but it was real, especially if Mark faced prosecution or a civil claim from AT&T. We all knew — as did Mark — that he had serious legal risk. We made some calls and were overjoyed when an all-star team readily signed on.
On March 31, we filed our motion for a preliminary injunction, including Mark’s declaration and the AT&T documents he had provided. As a courtesy, I also called the Department of Justice and left a message informing them of Mark’s declaration and the evidence.
The person who returned my call was DOJ attorney Tony Coppolino. Tony and I had actually become friendly over the years. He was a nice guy and a smart and fair-minded opponent. I’ll never forget the first voicemail I got from him after we filed Mark’s evidence.
“Hi Cindy, it’s Tony Coppolino calling about your Hepting case. I’m baaaack. Call me.”
I did, on a Friday afternoon. “Hi Tony, are you handling this case? This will be fun.”
“Yes, it looks like it. But this is serious; we need to see the documents you filed right away to see if they are classified. If so, it is illegal for you to even have them.”
“I don’t think they are classified, Tony. They aren’t marked as ‘classified’ or anything like that. I’m happy to show them to you. Can’t you get them directly from the court?”
“This isn’t a wiretap, it’s a country tap.”
“With all due respect, Cindy, you don’t know if they are classified since they don’t have to have markings and can still be classified. Only we can tell. We also can’t get them from the court if they are classified. Can you have someone bring another copy down to the SCIF [sensitive compartmentalized information facility] in the federal building so that they can be sent to us in DC?”
“Sure. We’ll do that right away. How will you get them?”
“Well, there is a very slow but very secure fax machine in the San Francisco SCIF that will get them to us in DC, page by page.”
“Well, OK, but I could FedEx them, or fax or even email them . . .”
“No. None of those ways are secure enough. This is the only way. And if they are classified, you are likely in trouble.”
After I got off the phone, we quickly arranged for another set of the documents to be delivered to the federal building. After we sent off the documents, we all started to get a little nervous. We looked up, again, the potential prison sentence for illegal possession of classified information. We reminded ourselves that we didn’t think the documents were classified, and even if they were, they revealed a flatly illegal and unconstitutional program. The classification system is not supposed to be used to hide illegal government actions. After all, we were only showing them to a federal court, under seal, to try to get the law applied to have the program stopped. That couldn’t get us in trouble, right?
The truth was, we were all a little worried.
Cindy Cohn is Executive Director of the Electronic Frontier Foundation. From 2000 to 2015, she served as EFF’s Legal Director and General Counsel. Today, she leads a team of more than 120 lawyers, activists, and technologists dedicated to ensuring that technology supports speech, privacy, and innovation for all people around the world. Cindy is the author of “Privacy’s Defender,” from which this article is adapted.
