AT&T's 'Spy Room' Expands to 8 NSA 'Fortresses'

A new report by The Intercept revealed more details about the decade-long relationship between AT&T and the NSA. It also uncovered eight “NSA fortresses” that are actually AT&T buildings enabling the agency to spy on Americans and people from many other countries with which AT&T has peering partnerships.

AT&T’s "Spy Room” (Room 641A)

Back in 2003, the NSA started a project called “Room 641A” at one of AT&T’s headquarters in San Francisco at the time, where the agency would tap into AT&T’s internet cables in order to siphon everyone’s unencrypted web traffic data and communications.

An AT&T technician discovered what was happening in that room and came forward in 2007 with this information, after the New York Times presented information about related and illegal mass surveillance operations authorized by President Bush, in 2005.

As a response to all of these revelations, Congress passed FISA in 2008 not to punish the NSA or AT&T for their illegal activities, but to grant all carriers that may have aided the NSA in such operations retroactive immunity against lawsuits.

AT&T’s “Extreme Willingness To Help” The NSA

In 2015, ProPublica published a report in which it revealed documents that showed AT&T’s “extreme willingness to help” U.S. intelligence agencies spy on Americans and foreigners.

According to the documents, the portion of the NSA’s top-secret budget in 2013 assigned to the deal it made with the AT&T was twice that assigned to the next-largest program. A year later it was also revealed that AT&T was enabling other such warrantless surveillance programs against its own customers on behalf of law enforcement, which were quite profitable for the company.

One documented obtained by ProPublica reminded NSA officials to be polite when visiting AT&T because “This is a partnership, not a contractual relationship.” What this implied was that the AT&T was going far and beyond what the law required of companies that had to cooperate with intelligence or civil law enforcement agencies.

NSA Expands AT&T “Spy Room” To Eight Spy “Fortresses”

According to the new report by The Intercept, not only has the NSA not “shut down” the Room 641A program, but it has greatly expanded it to eight AT&T spy “fortresses.” The Intercept’s documents show a top-secret NSA map that points to eight AT&T “backbone node with peering” facilities in Atlanta, Chicago, Dallas, Los Angeles, New York City, San Francisco, Seattle, and Washington, D.C.

The reason The Intercept called these facilities spy “fortresses” is because they seem to be facilities that are heavily protected either against nuclear blasts, earthquakes, or other such phenomena.

All eight facilities are also entire large buildings, unlike the single room the NSA had at the AT&T headquarters 15 years ago, which shows us just how much AT&T’s relationship with the NSA has improved as well as how much the NSA’s mass surveillance operations have expanded.

Officially, the eight buildings’ purpose is to improve AT&T’s network and enable future growth. Their real purpose is to help the NSA collect all of the data not just from AT&T’s customers but also from the customers of other ISPs, both domestic and foreign, with which AT&T has peering deals.

Spying Programs Enabled By Executive Order 12333

Foreign internet traffic is often run through the U.S., mainly because many American companies provide online services to a large population of foreign users, but also because the U.S. can connect Europe and Asia through its cables.

The fact that the NSA has this kind of programs in place is precisely why the Court of Justice of the European Union has said in the past that Safe Harbor was invalid. The U.S. government can’t be trusted not to spy on European citizens as the European citizens’ data is processed on American soil, which means EU privacy rights can’t be guaranteed as well as they need to be under the Charter of Fundamental Rights.

NSA’s mass surveillance powers that prevent American companies from guaranteeing EU citizens their privacy rights are given by the Reagan-era Executive Order 12333, which enables the agency to spy on  “communications which originate and terminate in foreign countries, but traverse U.S. territory.”

Using this program, the NSA can spy on EU citizens emailing Latin-Americans, for instance. This is precisely why following Snowden’s revelations, the EU and Brazil started discussions about connecting their own direct internet lines to each other. However, for this not to be a pointless exercise, the EU would also need to ensure that its own member states don’t hand over that data to the U.S. on a silver platter, as they’ve done in the past.

So far, AT&T hasn’t been too impacted by these revelations about its joint mass surveillance operations with the NSA, but one way to impact these activities would be for other domestic or foreign ISPs that have peering partnerships with AT&T to end those contracts and choose a competitor instead. AT&T’s direct customers could also switch to carriers that have less of such a cozy relationship with the U.S. intelligence agencies. Otherwise, AT&T and NSA's partnership could not just continue unfettered but also expand further.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • therickmu25
    Serious question: Are there any examples of an attempt to destroy a regular, non-criminal American through the use of an ill-obtained FISA or illegal spying? The only example I can think of is the current sitting president.
    Reply
  • derekullo
    Are the fortresses inside secret volcano lairs staffed with hundreds of inept guards along with a pool full of sharks with laser beams attached to their heads?
    Reply
  • why_wolf
    21087972 said:
    Are the fortresses inside secret volcano lairs staffed with hundreds of inept guards along with a pool full of sharks with laser beams attached to their heads?

    No but they do project that classic monolithic feeling of some unstoppable force beyond your comprehension. https://en.wikipedia.org/wiki/33_Thomas_Street
    Reply
  • bit_user
    21087893 said:
    Serious question: Are there any examples of an attempt to destroy a regular, non-criminal American through the use of an ill-obtained FISA or illegal spying? The only example I can think of is the current sitting president.
    That's flame-bait. Definitely not a serious question.
    Reply
  • almarcy
    Never Said Anything is not its only friend. Are you?
    Reply
  • toadhammer
    I wonder if it's a stretch to paint this as specifically AT&T facilities. If this is simply an internet exchange point where several tier 1 networks connect, it's a semi-open location open to "interested parties" to put equipment whether they are carriers or whatever. https://en.wikipedia.org/wiki/MAE-East was in a building I used to work in.
    Reply
  • dankstaog
    No way to stop this. A boycott won't happen and if it did the amount of people participating would be too small to make a dent. ATT has endless funds for what they are doing.
    Reply
  • dorsai
    Whats funny is anyone thinking they actually have privacy when using a private companies communication system...AT&T is no different than Google reading your emails (terms of service) or Twitter ghosting conservatives that challenge their ideology (fact)...business can, and will, do whatever it wants with it's network, software, or Apps. Any protection from intrusion into private life has to be legislated...or existing practice has to be ruled Unconstitutional...which a judge just did in regards to cell phone location data. In a nut shell...if you're not in your house you should have no expectation of privacy.
    Reply