This page can be viewed at http://www.historycommons.org/entity.jsp?entity=sprint_nextel_1
Starting in 1997, the FBI constructs a sophisticated surveillance system that can perform near-instantaneous wiretaps on almost any telephone, cell phone, and Internet communications device, according to documents declassified in August 2007. The system is called the Digital Collection System Network, or DCSNet. It connects FBI wiretapping rooms to switches controlled by land-line operators, Internet-telephony companies, and cellular providers. The documents show that DCSNet is, in reporter Ryan Singel’s words, “far more intricately woven into the nation’s telecom infrastructure than observers suspected.” Steven Bellovin, a computer science professor and surveillance expert, calls DCSNet a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS [short message service, a protocol allowing mobile devices to exchange text messages], and push-to-talk systems.” The system is an entire suite of software that together collects, sifts, and stores phone numbers, phone calls, and text messages. The system directly connects FBI wiretapping offices around the country to a sprawling private communications network. DCSNet is composed of three main clients:
The DCS-3000, also called “Red Hook,” handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information but not communications content.
The DCS-6000, or “Digital Storm,” captures and collects the content—the spoken or written communications—of phone calls and text messages.
The most classified system of the three, the DCS-5000, is used for wiretaps targeting spies or terrorists.
Between the three, the system can allow FBI agents to monitor recorded phone calls and messages in real time, create master wiretap files, send digital recordings to translators, track the location of targets in real time using cell-tower information, and stream intercepts to mobile surveillance vans. The entire system is operated through a private, secure and self-contained backbone that is run for the government by Sprint. Singel gives the following example: “The network allows an FBI agent in New York, for example, to remotely set up a wiretap on a cell phone based in Sacramento, California, and immediately learn the phone’s location, then begin receiving conversations, text messages and voicemail pass codes in New York. With a few keystrokes, the agent can route the recordings to language specialists for translation.” Dialed numbers are subjected to data mining, including so-called “link analysis.” The precise number of US phones being monitored and recorded in this way is classified.
Genesis of DCSNet - The system was made possible by the 1994 Communications Assistance for Law Enforcement Act (CALEA) (see January 1, 1995), which mandated that telecom providers must build “backdoors” in US telephone switches to be used by government wiretappers. CALEA also ordered telecom firms to install only switching equipment that met detailed wiretapping standards. Before CALEA, the FBI would bring a wiretap warrant to a particular telecom, and that firm would itself create a tap. Now, the FBI logs in directly to the telecom networks and monitors a surveillance target itself through DCSNet. FBI special agent Anthony DiClemente, chief of the Data Acquisition and Intercept Section of the FBI’s Operational Technology Division, says the DCS was originally intended in 1997 to be a temporary solution, but has grown into a full-featured CALEA-collection software suite. “CALEA revolutionizes how law enforcement gets intercept information,” he says. “Before CALEA, it was a rudimentary system that mimicked Ma Bell.” Now, under CALEA, phone systems and Internet service providers have been forced to allow DCSNet to access almost all of its data (see 1997-August 2007 and After).
Security Breaches - The system is vulnerable to hacking and security breaches (see 2003). (Singel 8/29/2007)
Senior AT&T technician Mark Klein (see July 7, 2009), working near the National Security Agency (NSA)‘s “secret room” in the firm’s Folsom Street, San Francisco facility (see October 2003), receives two documents pertaining to the equipment in that secret room. (In a 2007 interview with PBS, Klein will cite a third document as well, that he found lying on top of a router.) The two documents are entitled “SIMS Splitter Cut-In and Test Procedure Issue 2, 01/12/03” and “SIMS Splitter Cut-In and Test Procedure OSWF Training Issue 2 January 24, 2002.” “OSWF” stands for “On-Site Work Force.” As for “SIMS,” all Klein knows is that it is an acronym associated with the secret room. Reading over the documents, Klein realizes that they indicate the secret room contains a “splitter cabinet,” installed in February 2003 (see February 2003), containing “optical splitters” that “cut in” to signals sent through 16 “Peering Links” between AT&T and 16 other major carriers and Internet exchange points. He later recalls: “I brought them back to my desk, and when I started looking at it, I looked at it more, and I looked at it more, and finally it dawned on me sort of all at once, and I almost fell out of my chair, because this showed, first of all, what they had done, that they had taken working circuits, which had nothing to do with a splitter cabinet, and they had taken in particular what are called peering links which connect AT&T’s network with the other networks. It’s how you get the Internet, right? One network connects with another. So they took 16 high-speed peering links which go to places like Qwest [Communications] and Palo Alto Internet Exchange and places like that.… These circuits were working at one point, and the documents indicated in February 2003 they had cut into these circuits so that they could insert the splitter so that they can get the data flow from these circuits to go to the secret room. So this data flow meant that they were getting not only AT&T customers’ data flow; they were getting everybody else’s data flow, whoever else might happen to be communicating into the AT&T network from other networks. So it was turning out to be like a large chunk of the network, of the Internet.” The documents, he later says, name “the circuit IDs… the companies they belong to… [and] the cut date. And they were all in February , when they were cut into the splitter” (see February 2003). The 16 carriers include ConXion, Verio, XO, Genuity, Qwest, PAIX (Palo Alto Internet Exchange), Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE West (the Metropolitan Area Exchange for AT&T’s Western region). In plain English, the splitter in the NSA room is duplicating the electronic data being sent through AT&T’s equipment, and sending the duplicated signals somewhere else, presumably to NSA computers for later processing. Klein is given the documents by a veteran AT&T technician who is preparing to retire. Klein, in a casual conversation with the colleague who gave him the documents, remarks, “It seems obvious to me, given that the secret room is next to the 4ESS (see January 2003), that they’re listening to phone calls.” Klein’s colleague shakes his head and says: “No, Internet.… I’ll show you.” (In 2007 Klein will learn from a telecommunications expert that since AT&T was transferring its long-distance telephone traffic onto Internet fiber cables, the splitter was most likely picking up both telephone and Internet traffic.) Klein’s colleague shows him the cabinet containing the splitters. Klein later tells a reporter: “[T]here were optical splitters, which basically were connected by fiber-optic cable down to the secret room on the sixth floor.… The analogy I can give you, which most people are familiar with is, say you get cable TV in your living room and then want to watch all the channels you get in the living room, you want to get all those same channels in your bedroom. So they install on the cable what they call a splitter, which splits off all the signals, duplicates of the same signals which go to the bedroom.… What the splitter does is make a duplicate copy of all the signals going across the fiber-optic cables.… We’re talking about billions and billions of bits of data going across every second, right? And it’s going into the router, and it’s coming back from the routers in that office. So what they do with the splitter is they intercept that data stream and make copies of all the data, and those copies go down on the cable to the secret room.” Klein confirms from his colleague and from the documents that show the splitters are connected directly to the equipment in the secret room. (PBS Frontline 5/15/2007; Klein 2009, pp. 34-35)
Narus, a firm which manufactures telecommunications hardware, co-sponsors a technical conference in McLean, Virginia, titled “Intelligence Support Systems for Lawful Interception and Internet Surveillance.” As AT&T engineer Mark Klein (see July 7, 2009) will later write: “Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the ‘war on terror’ had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint, and Verizon. Narus founder Dr. Ori Cohen gave a keynote speech.” Also speaking at the conference is William Crowley, the former deputy director of the National Security Agency (NSA). Narus is providing some of the key hardware components used in the NSA’s domestic surveillance program (see January 16, 2004). (PBS Frontline 5/15/2007; Klein 2009, pp. 39)
The National Security Telecommunications Advisory Committee (NSTAC), created in September 1982 by then-president Ronald Reagan’s Executive Order 12382, (National Communications System 7/19/2006) is apparently facilitating US telecommunication firms’ cooperation with the NSA in conducting surveillance against US citizens. According to journalist Tim Shorrock, NSTAC, which he calls “kind of a murky organization [that] meets twice a year with people at the White House,” advises the White House on national security issues involving the telecommunications system. Vice President Dick Cheney participated in their most recent meeting. NSTAC is chaired by F. Duane Ackerman, the president and CEO of BellSouth, and is made up of executives from a number of telecom companies and other companies that are involved in telecommunications, including Verizon. Shorrock observes, “[T]hey all contract with the intelligence community to do various kinds of work, and, you know, they brag about it in their testimony. They say, you know, ‘We have a long record of cooperation with intelligence,’ and so on. So, these relationships go back many, many years, and I think what we have now is a group of people that meet, and they all have high—they all have security clearances to do this.” (Democracy Now! 5/12/2006)
Seven telecommunications executives confirm to the press that large telecommunications companies such as AT&T, MCI, and Sprint have cooperated with the National Security Agency’s domestic warrantless wiretapping program. Those firms, along with BellSouth, previously denied they had cooperated with the NSA (see October 2001). In typical domestic investigations, telecom companies require court warrants before mounting any surveillance operations, but this has not been the case with the NSA program. Apparently, the companies decided to assist the NSA in tracking international telephone and Internet communications to and from US citizens and routed through “switches” which handle millions of communications, both domestic and international, every day. The telecom firms in question have undergone several mergers and reorganizations—BellSouth, another firm accused of cooperating with the NSA, is now part of AT&T, MCI (formerly WorldCom) was recently acquired by Verizon, and Sprint has merged with Nextel. The companies comply with the NSA requests for information once the NSA determines that there is a “reasonable basis” for believing that the communications may have a connection with militant Islamic organizations such as al-Qaeda. The firms do not require court warrants, but rather implement the monitoring on nothing more than oral requests from senior NSA officials. (Cauley and Diamond 2/5/2006)
An internal FBI audit reveals that US telecommunications companies have repeatedly terminated FBI access to wiretaps of suspected terrorists and other criminal suspects because bureau officials failed to pay outstanding phone bills. The report, written by Justice Department Inspector General Glenn Fine, finds that over half of the nearly 1,000 telecommunications bills reviewed by investigators were not paid on time. One unidentified field office allowed a $66,000 invoice to go unpaid. In another instance, a wiretap conducted under a FISA warrant was terminated because of “untimely payment.” The report notes, “Late payments have resulted in telecommunications carriers actually disconnecting phone lines established to deliver surveillance results to the FBI, resulting in lost evidence.” (Eggen 1/11/2008) Some of the problems stem from telecoms billing multiple times for single surveillance warrants, which ratchets up the bills quickly. Cox Communications, for example, billed the FBI $1,500 for a single, 30-day wiretap order. Telecoms also bill the FBI for Internet connections and phone lines connecting the carrier’s wiretap-ready switches with the FBI’s own wiretap software system, known as the Digital Collection System. Each field office’s computers are connected together with the other offices, and with FBI headquarters, through a secure fiber optic network managed by Sprint. In some cases, FBI officials were confused about whether to use confidential case funds or general funds to pay the telecom bills. Sometimes they were so confused that when the telecoms sent refunds, the officials returned the refunds to the carriers. (Singel 1/10/2008) The report faults the agency for poor handling of money used in undercover investigations, which it says makes the agency vulnerable to theft and mishandled invoices. (Reuters 1/10/2008) This is the latest in a string of audits by Fine’s office that has found serious financial and management problems at the bureau. FBI spokesman Richard Kolko says that in every case the outstanding bills were eventually paid and the intercepted information was recovered. “No evidence was lost in these cases,” he says. FBI assistant director John Miller blames an “inadequate” financial management system for the failures to pay telecom bills. Previous reports have noted a persistent failure to account for hundreds of computers and weapons, and a pattern of careless bookkeeping that spans a much wider area than the wiretapping program. The audit itself, a detailed, 87-page document, is too sensitive for public release, says the Justice Department, and only a seven-page summary is released. The American Civil Liberties Union calls on the FBI to release the entire document. ACLU counsel Michael German, himself a former FBI agent, questions the motives of the telecom firms, who in many instances have allowed the government to operate wiretaps on their systems without court warrants. “It sounds as though the telecoms believe it when the FBI says the warrant is in the mail, but not when they say the check is in the mail,” he says. (Eggen 1/11/2008)
Except where otherwise noted, the textual content of each timeline is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike