The EFF's case against AT&T has barely begun, yet it has already brought to light some fascinating details about the methods behind the NSA's alleged wiretapping abilities. Mark Klein, a retired AT&T engineer who is now participating in the case as a witness, has released a statement to the media in which he outlines many of the allegations that are currently under seal. Chief among them is his claim that AT&T installed powerful traffic monitoring equipment in a "secret room" in their San Francisco switching office at the behest of the NSA.

"In 2002, when I was working in an AT&T office in San Francisco, the site manager told me to expect a visit from a National Security Agency agent, who was to interview a management-level technician for a special job. The agent came, and by chance I met him and directed him to the appropriate people. In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco—actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room."

According to Klein, this room contained (among other things) a Narus STA 6400 traffic analyzer into which all of AT&T's Internet and phone traffic was routed; Klein himself helped wire the splitter box that made this possible. In addition to AT&T's own traffic, Klein alleges that the company also routed its peering links into the splitter, meaning that any traffic that passed through AT&T's own network could be scanned. Futhermore, San Francisco wasn't the only place such secret rooms were built; Klein claims that AT&T offices in Seattle, San Jose, Los Angeles, and San Diego also have them.



A map of the NSA's alleged surveillance technologies (Source: NSAWatch

So what exactly is a Narus STA 6400? It's hard to get precise details for obvious reasons, but Narus does describe the system in general terms. Others have done a bit more digging and claim that the system can analyze more than 10 billion bits of data per second, and point out that the company sells its systems to governments worldwide. Saudi Telecom and Telecom Egypt both use Narus equipment to monitor and apparently block VoIP traffic in their countries, for instance, and they they recently inked a similar deal with Shanghai Telecom.

Given the massive scale of the spy operation in the US (and this is only one company; it's not yet clear if the NSA has partnered with other telecom firms), it's growing increasingly difficult to believe that this is truly "targeted surveillance." The equipment used and the vast scale of the information being monitored both suggest that the NSA is sifting through massive amounts of user data and phone calls. Much of the information that passes through their spy system must therefore be domestic rather than international in nature. It is possible that phone calls, for instance, that begin and end in the US are simply passed through the system without being scanned, but if so, this must certainly tempt the NSA, which has only to tweak their settings to see all that new data. What is actually being monitored is still unclear, but it looks as though this trial could bring much of it to light.