Wow, just made a crazy realization. A while back I was downtown with my 5yo kid, and we were by the bus stop right next to this building (You can actually see the bus stop in the picture). The bus was late, and my kid was hyper, and he tried going through the revolving doors. They were locked, no big deal. After a while, he tried going through the doors again. At this point, three security guards with ballistic vests come busting out of the door with their hands on their holsters, and chewed me out for letting him play near the door.
I know my way around the security industry. These weren't normal security guards that get paid to watch cctv and call the real cops. They don't give those guys guns or ballistic vests. To me it was completely bizarre that a telecom building would have that sort of security. Now it all makes sense. I actually wouldn't be surprised if they were actually military in disguise.
Like a lot of federal agencies, NSA has its own police force to secure their buildings. A few years ago they somewhat infamously shot someone who drove through the Fort Meade gate and then refused an order to stop. They were driving a stolen car, but apparently made a wrong turn.
There is also a lot of security theater in telecom/datacenter stuff to impress the rubes. The Switch datacenter in Las Vegas had armed guards with AR-15s and body armor for a while. Network engineers who visit and enter a lot of these facilities joke about it all the time.
The Seattle location - 1122 3rd Ave - is an interesting spot. According to Google Maps[0], next door is the FBI Seattle Division office. On street view, the building itself has a street-level office with signs for both AT&T and CenturyLink.
3rd Ave itself is slightly notorious - hosting the surface entrances for the Seattle bus tunnel, and a large number of inter-city routes, the area has a reputation for crime and the occasional death by shooting. It was a bit worrying to commute through, as a bus rider, and seems like an odd location for an ISP street-level office.
Its choice of location is nothing nefarious. It was built in the mid 1950s as a Pacific Northwest Bell telco central office, for phone lines serving downtown Seattle, in the days when dialtone rotary pulse-dial phone systems were the highest technology available. The PNW Bell phone system and its interconnections with the AT&T Long Lines system had some sites which were mutually shared with military AUTOVON and other federal government long distance telecom circuits (such as those which fed the giant SAGE installations at McChord and in Moses Lake).
It became a USWest site in 1984 through the breakup of the Bell monopoly system, and then Qwest and eventually Centurylink.
There used to be some SAGE equipment at the Computer History Museum in Mountain View. I don't know if it's still there or not, but it was definitely interesting to see. The "light gun" user interface and the control consoles have a really pleasing aesthetic.
And the building has "reinforced concrete foundations"! Wow, sounds exotic! Just kidding... not sure if they mean something else, but "reinforced concrete foundations" might be the most commonplace thing in structural engineering. (Most foundations involve concrete, and most concrete is reinforced.) So this is a bit like saying your car has a paint job. But hey I used to be a structural engineer, and unfair ballbusting of the poor hapless journalist aside, I'm still kind of curious what feature they were actually describing.
Edit: I'll wager it's a seismic upgrade. The building's vintage is from back when they didn't have as good of a handle on the seismic stuff. And the Cascadia Subduction Zone is no joke!
Yes, journalism working hard to spread awareness of a massive global surveillance systems, with rubberstamp oversight, that threaten fundamental rights found in all western countries against dragnets and warrantless privacy invasion = must be the Russian boogiemen at work.
"Soviet genocide"? There are numerous problems with that concept, besides the obvious fact that USSR ceased to exist decades ago. Where is the genocide occurring? Is it Libya? Iraq? Yemen? Somalia? Niger?
Every major north american city has a legacy telco central office in downtown, in a very central location, from the days of pulse-dial and then DTMF dial analog phones. Always owned by whatever corporate entity the Bell System and then ILEC eventually became.
Yeah, you have to remember that in pulse dial days a central office station had a reach of roughly 3 miles. The longer you go, the more you're paying for cable, repeaters, or just losing quality. 90 volt AC for ringing has a limited range!
> How do they colour-code the wires to identify them?
It’s actually pretty simple. There are only 10 colors: blue, orange, green, brown, slate, white, red, black, yellow, and violet. They’re grouped in “binders” (using colored strings). You’re likely familiar with the first four pairs from network cables (which omit the white/slate pair). After cylcling through blue through slate paired with white through violet (25 pairs), the wires are bundled with binders starting with blue/white string. That gets you to 625 pairs (the first picture posted above is 600 or 625 pairs). After that, the binder groups are bound in a similar fashion (typically if you’re going beyond 625, the slate/violet binder is omitted to get a nice round 600 in the first group).
100-pair cable is only about 3/4” diameter. I have a 24-line 1A2 telephone that uses 75 pairs just to connect to the phone switch and two 100-pair cables feeding a telephone display case in my living room.
It takes me about a half hour to punch down 100 pairs on a 66-block. Old school telecom guys could probably do it in under 10 minutes.
Once I learned to recognize what an telephone exchange looks like, I have a hard time not seeing them. All over the place. Downtown, neighborhoods, etc. Big, unmarked buildings with no windows, mostly concrete, lots of infrastructure on top, and various telco trucks parked around at all hours.
They look surprisingly similar to electricity substations, with the key differences being style (substations are usually older) and the vehicles parked in front.
3rd Ave wouldn't be my first choice to locate a new ISP store, or any new retail location. 4th or 5th would be better. Going up the hill to somewhere like Boren and Madison might be easier for people across the city to reach.
The historic reasons from other posters give good justification for the current location.
That's a few blocks away from the notorious 3rd and Pike area. All of 3rd downtown is a bit rough around the edges due to being a transit corridor with lots of transient riders and homeless people, but besides 3rd and Pike it's nowhere near as dangerous as similar places in rust-belt cities.
Completely anecdotal evidence, but every morning I walk by this building and without failure I run into wireless interference of some sort on different frequency bands (GSM, bluetooth, etc.).
Not saying correlation is causation here, but the interfernce is definitely a little unnerving.
One wonders if a CDN might advertise, "we promise once your data enters our network at our edge locations outside of the US, it does not traverse any AT&T networks while reaching your server inside the US". Same with cloud companies' private networks across regions.
If your communication is encrypted it shouldn't matter if it passes AT&T networks.
Either
A. Popular and well known encryption algorithms are not broken by the NSA, and your communication is private.
B. Popular and well known encryption algorithms are broken by the NSA, but the fact that it's broken is top secret and the state will not do any actions that revel the secret. Your communications are not safe, and while what you communicate might make you the target of an investigation (if you're an appealing enough target), the communications will not be directly used against you in court.
EDIT:
There is a third option, that your communication is being stored until the encryption algorithm is broken or computation reaches a point where brute force is possible (quantum computers). Long term storage of encrypted communication is only economically feasible for a small subset of all encrypted communication, so it's only a concern for targeted individuals where the communication will be relevant to the state decades from now.
> If your communication is encrypted it shouldn't matter if it passes AT&T networks.
That assumes metadata is irrelevant. The destination, time of day, and volume of the traffic all have value separately and especially so when together. The destination can be masked if you control both sides and AT&T is a go between, but timing issues are subject to analysis unless you are a large enough player to give safety in numbers or you push noise across your pipes.
Hear, hear. The stream of encrypted packets that makes up someone's web browsing traffic is a very telling one and transactions of various web apps have telling signatures, which can be then correlated with eg social media updates or other signals that ripple to the target's contacts.
Cellphones are a pain, that's true. I was mainly thinking about Internet metadata.
If you really care, one option is having multiple phones, under different identities. Each one only gets used in a distinct set of locations, for distinct projects, with distinct recipients. When not in use, you store phones in labeled Faraday bags. That is, compartmentalization.
Another option is to nuke the radio in your phone, use only WiFi and VPNs for internet access, and use hosted cellphones from multiple providers. You can still compartmentalize, but need only carry one phone. But you depend on WiFi access.
> If your communication is encrypted it shouldn't matter if it passes AT&T networks.
IIRC, the signals intelligence agencies like the NSA learn almost as much from traffic analysis (e.g. who's talking to who and when) and metadata than from actual message content. Mere encryption itself often doesn't protect much from that.
I'd argue that metadata is more important than content. It enables suspicion-by-association lines of inquiry. Once you know whos' involved in a conversation, it's much easier to target them for closer attention, such as hacking their machine or rubber-hose cryptography, both of which nullify any crypto you might have used.
Isn't metadata, practically speaking, a subset of content?
Importantly to how we think about communication, no.
Metadata is the signature that accompanies or encapsulates content, viewable to the world. You can completely conceal content, through encryption for example, but you can't completely conceal metadata.
In other words there must be a physical exchange of energy somewhere (communication), and metadata tells you something about how the exchange happened, irrespective and ignorant of what the content is.
You can do it with a very high cost (in overhead, latency, and availability) by having a large number of people all send and receive messages, on a fixed or randomized schedule, exceeding their maximum possible amount of communication with one another. Then someone monitoring the network knows that each of the participants in this system could have communicated with any other participant, but not whether or not the communication took place.
Even ignoring the practicality part, it becomes a timing game, because "empty" messages - even if they were filled with unintelligible "random" hex - would traverse the network differently than ones with variable length/size content and would be able to be filtered out pretty quickly.
The bottom line is that you are going to leave a signature of some sort through communications - the question is, can you properly build a comms system system that is functional within the limits of your risk/reward criteria.
> Even ignoring the practicality part, it becomes a timing game, because "empty" messages - even if they were filled with unintelligible "random" hex - would traverse the network differently than ones with variable length/size content and would be able to be filtered out pretty quickly.
To eliminate the statistical observability of metadata, the padding needs to reach or exceed the maximum capacity of the channel. So you can't have people sending more messages than the padded channel permits per time period. In your example, packets "with variable length/size content" would need to be absolutely prohibited, or else all packets' length would need to be randomized, and message data would need to be sent following strictly the same distribution as padding messages.
For example, you and I could have a rule of exchanging exactly 1 MB of data per day, at a specified time, every day. Then an observer wouldn't be able to tell whether, on a particular day, we had actually communicated something to each other or just allowed the padding data to go out. Clearly in this system we're not ever allowed to use it to transmit more than 1 MB per day, without destroying the metadata unobservability property. An attacker still knows that you and I are part of a system that offers us an otherwise unobservable channel, but not when we do or don't make use of that channel.
There are lots of variants that also allow many-to-many messaging, again at a high cost in overhead, latency, and availability.
> Clearly in this system we're not ever allowed to use it to transmit more than 1 MB per day, without destroying the metadata unobservability property.
You're also not ever allowed to transmit links or anything else that goads the user into fetching a remote resource in response to a message.
> For example, you and I could have a rule of exchanging exactly 1 MB of data per day, at a specified time, every day.
Depending on the size and popularity of the relay network, the fact the two parties are connected to it could be valuable metadata.
If you really wanted to minimize the amount of metadata to something that's almost useless, you'd probably need to use something like a continuously-operating broadcast numbers station.
On it's face such a scheme seems theoretically robust, but for frequency correlation only. I'd be curious if in practice it would be possible to eliminate all other variability though, of which there are many. For example I'm unaware of any true solution to latency triangulation.
My hunch is that it wouldn't be possible, and there would be a side-channel vulnerability somewhere.
I'm not proposing a low-latency interactive approach, so latency triangulation shouldn't apply. In my example mechanism, we always have to wait a full day until sending any reply, so there's no event that an attacker can use to measure latency from.
Edit: the beginning of this research is the Dining Cryptographers.
There is no evidence of this. If you have a system outside the US sending encrypted data to a system inside the US, all anybody can see is that these two systems are talking to each other. They can't see whose communication is inside that encrypted data to tell who is talking to whom and when.
Encryption is irrelevant if the third parties (google, facebook, apple, etc.) are willing to give up private keys or data in response to requests or secret court orders. The same is true if the devices you own contain backdoors or exploits specifically designed for or not-fixed for the NSA.
In the case that the data is being stored by third parties (google, facebook, apple) or insecure devices then it's also irrelevant if the data passes AT&T's network or not.
Exactly. Once they know exactly what someone has done and how, it's relatively easy for them to find alternative means of "suspecting" that person of doing the crime and convince the judge to give them a warrant for exactly what they've already found through the illegal surveillance operation.
I wish judges and defense attorneys would catch on to these tactics more quickly. The rate at which the prosecutors/FBI invent new tricks to fool the courts and defense attorneys so far seems to far outpace the judge and the defense attorneys' understanding of what's even happening.
Take cell site simulators, for instance - the FBI has used those in secret for more than a decade before they were uncovered at all, and then it took another decade for judges here and there to catch-up and start requiring warrants for such operations.
And this goes for a lot of FBI's "investigative techniques", too, which are often illegal, but what judge is really going to know the difference between those highly technical operations?
I am skeptical of source #0. I thought that idea of nsa keys had been debunked. At least that source is not complete. Someone found a string 'nsakey' and they talk about analyzing the 'entropy of the source code'. What does that actually mean in technical terms that make sense to software engineers? I'm too stupid to understand that I guess. Sure, it would make sense for the nsa to try to do this. But it wouldn't make as much sense for microsoft to do it. Linux is out there now. I used to work at microsoft, and our product had a secured special bug database where we recorded security issues. We didn't want random people in the company to know that you could make your login name do string injection was an example of something we had there.
Most traffic is HTTP/S. I would bet a decent amount of dollars the NSA can transparently MiTM any common CA certs. Look at what a mess the trusted roots are.
Quantum computation changes the complexity of brute forcing common encryption algorithms. It seems very plausible that actors are storing high value encrypted messages for future decoding in case QC enters the realm of possibility.
I vaguely remember reading that storing encrypted messages just in case it might become possible to decrypt them later on has been common practice in intelligence services for decades (if not longer).
Every country in the world does this. The German's at least are open and honest about it.
"It said the BND, a partner of the US National Security Agency (NSA), has placed so-called Y-piece prisms into its data-carrying fibre optic cables that give it an unfiltered and complete copy of the data flow."
Couldn't the NSA start working with other ISPs than AT&T?
I'd really like to see CDNs like CloudFlare start requiring Cloud <--> Origin encryption; e.g. what CloudFlare calls "Full SSL" -- https://support.cloudflare.com/hc/en-us/articles/200170416-W.... Right now, you can do TLS termination ("Flexible SSL"), which end-users aren't aware of -- they see a padlock -- and I'm sure the NSA doesn't mind.
>Right now, you can do TLS termination ("Flexible SSL")
Which sane people call Man in the Middle and should not be allowed at all. I have seen people doing this Flexiable SSL with Credit Card data and other PII believing it is "secure"
Cloudflare may have started out with security in mind but their new services centered around centralization of key services (dns) and this kind of security breaking product means IMO they are a net negative in the world of Information Security
Even Cloudflare's "Full SSL" mode is a man in the middle: Cloudflare is the man in the middle who sees the plaintext of connections going through them.
It's an easy box to check to pretend to offer HTTPS so you don't get penalized by Google. Before Let's Encrypt there was no free way to get a legit cert for your cat blog. Faking it via Flexible SSL was the next best thing.
This is false, there have always been ways to get a free DV cert, lets encrypt made it easier
Furhter before Lets Encrypt you would not have gotten dinged by google, Google only went that path when wide spread DV Certs where freely avaliable
Further still, the minor costs per year to get a paid DV cert should be factor when choosing to host your own content versus paying a 3rd party to do it, many of those 3rd parties provided SSL as part of their services.
There is zero need for a Man in the Middle for SSL,
Sure they could, but one might hope the AT&T's eroded trust would serve as caution towards other overly cooperative companies. Or encourage companies to fight in court to be given the transparency allowances they desire to let the rest of us know they are legally compelled to do this and in no way do they agree or are doing anything beyond what's required.
Granted, like FB issues and others, we in this community need to realize that most users simply don't care (even many b2b ones) and not get upset when our users don't move their dollars on principle. For us it's a big deal, for many there are real, harmful issues going on in the world and volume collection of data by companies and governments is not one of them. And we can't make it so despite the deluge of articles by a supportive mass media.
EDIT: To clarify, you mentioned "other ISPs" but I want to be clear I'm talking about private pipes and not residential internet though I know they are often shared.
If peering had more participants, companies could choose their peering agreements for server-to-server data (i.e. non-residential, not-public-internet) on private pipes only with companies who make the similar no-AT&T promise downstream. One way or another, the principled economic squeeze needs to be there instead of waiting on public policy.
From a network engineering perspective, it's pretty easy not to decrement the TTL (keeping devices from "appearing" in a traceroute).
Hell, this is pretty much the norm where MPLS is concerned. Your packet may hop through a dozen routers along its way without showing up in a traceroute -- you just see it go in one side (then it goes through a dozen routers) and you see it come out the other side.
Unfortunately, traffic patterns are not straightforward, which can be seen by performing a traceroute to an arbitrary destination. How would a cdn enforce such traversal restrictions, when att is much of the internet?
Trouble is, internet exchanges are often flat insecure layer 2 networks that operate on trust. Anyone on that network can suddenly decide to advertise anyone else's address space, and start receiving traffic.
At a proper one a single IP address belonging to the exchange, which will be assigned to the router port of one member, is only allowed to appear from a specific single MAC address, and specific port on the ix switch, which corresponds with a physical fiber cross connect that matches a specific patch panel port.
Is 811 10th (NYCMNY54) even interesting from an Internet perspective any longer? Yes, the building is part of AT&T’s network (AS7018), but as far as I’m aware, no peering occurs here at all. I’d look for equivalent shady racks or rooms at 60 Hudson, 111 8th and 25 Broadway.
Maybe the comfortable relationship between NSA and at&t are more the driver for the location, and the fiber taps are all backhauled here.
From a voice perspective, though, I’d think this was still a useful surveillance point, given AT&T likely still tandems traffic here.
Things are slowly moving out of 111 8th as Google bought the whole building and is not renewing leases for certain tenants. Most traffic exchange happens at places like 60 Hudson for Manhattan and then a whole bunch of newer, modern, low and wide purpose built datacenters (mostly 1998 and later dotcom 1.0 boom and onwards era) in NJ across the river.
I used to be in this building all the time, lots of companies colo'd their setups in the building. I know Forbes did, as well as other companies. The building had security but was not incredibly secure.
Our servers there went through AT&T networks. Some companies I worked for co-located at Telehouse centers where you had a host of upstream options (including multiple options).
Stephen Colbert's studio was next door to the building when he was doing the Colbert Report 3-4 years ago, I used to see him walking around from time to time.
This is focused on AT&T, but there are other major datacenters in the US that are also major transit peers for foreign nations, with entire floors dedicated to government equipment. AT&T is a convenient one-stop shop, but they will probably need to use other service providers as well.
They’re using optical splitters, so the original signal passes though untouched. Because there’s no man in the middle, bandwidth shouldn’t be affected.
That makes sense, but at the same time, I wonder if ISPs are hesitant or inhibited from upgrading key pieces of infrastructure equipment out of obligation to maintain these copying capabilities.
99% odds that is either a ILEC telco central office or a large electrical transformer substation. If electrical grid, similar to the big part with no windows at 970 Burrard in Vancouver. BC Hydro headquarters site with giant substation that later became office and residential condos.
edit: I just moved down the street a bit and it says Bell Canada on the building. It's a CO.
Another way you can tell for sure with a building like that, is that there will be a locked panel or set of highly protected hose ports for generator diesel fuel refill, from alley or street side tanker truck delivery.
It's interesting to see this, and the reference to "one million emails", considering the prevalence of opportunistic TLS on MTA connections. Gmail reports 89% of their inbound and outbound flow is protected by TLS [1]. Wouldn't that eliminate the ability of the NSA to intercept those messages?
The article describes a lot of the buildings a fortress-like. I actually don't have a problem with that - in the event of a catastrophe, I want my telecommunications to keep working.
The rest of it - splitting data traffic and sending a copy to the NSA - I'd like to see how any international traffic is being sent through a land-locked city like Dallas, which should only have domestic traffic in it. Which the NSA shouldn't be looking at.
> I'd like to see how any international traffic is being sent through a land-locked city like Dallas...
Well, Texas borders Mexico, and although DFW is on the other side of the state, it is a very large metro area. If it's a hub for domestic traffic, it seems logical for it to also act as an interchange for international traffic with Central and South America. The hostnames I see in a traceroute to telmex.com (a big telco headquartered in Mexico City) from my office in New England on Verizon FiOS appears to support the idea that at least some traffic routes through Dallas before it crosses the border.
It could just be part of regular routing, but I noticed for example that all my facebook traffic is routed to an address with an LA prefix in LA. That doesn't seem strange except that Facebook doesn't have an LA datacenter (at least not that I could find any public record of, and they seem to publish the location of other data centers).
There's a difference between a data center and a POP. The former is very large. The latter is usually a rack or more in someone else's facilities. When you try to reach Google or Facebook, you rarely hit their data centers directly. They're out in the boonies, where land and power are cheap. Rather, you talk to their proxies at the edge (POPs, often in large cities). From there, your data is either returned immediately (e.g. cached objects such as popular videos or the company logo...) or forwarded over their fiber to the core clusters in the data centers.
Just curious, is there a good site/book/etc to learn how the modern internet actually works? As a lowly programmer, I have a good understanding of network communications, and some knowledge of things like routing protocols, but I'm completely lost when it comes to understanding how the modern internet actually functions. Thanks!
It used to be the case that they were mostly in POPs, but I think that with Maglev (https://research.google.com/pubs/pub44824.html) they can live in core clusters, too. Other Google sources go into more detail, e.g.
Back to your question, I'm not sure there is one good place to look up these things, but presentations/papers by companies like Google and Facebook are probably still your best bet. Stuff coming straight out of GCP teams will be a little more enthusiastic in tone, but that's easy to tune out. :-)
Another good example is Facebook's Ben Maurer and his Fail at Scale talk, which discusses a lot of details that are necessary for modern internet services, such as queuing, session/application-layer congestion control, canarying, advanced monitoring, etc. https://queue.acm.org/detail.cfm?id=2839461
My personal favorite is how the current debt based economy allow almost infinite amounts of government debt to be created. In fact, one of the reasons why we got off the gold standard decades ago is military spending.
No its not. And I fail to understand why this keeps coming up. The gold standard tied fiscal and monetary policy to an arbitrary commodity: gold. Whereas value exists beyond the commodity itself. The gold standard had all sorts of unintended consequences and is not fit for a modern economy.
What is perhaps more worrying is common currency. The Euro has lead to a lot more trouble than it was worth, Frankly speaking.
Did you even read the article? The new information is that these specific 8 buildings are specifically noted within NSA documents as the 8 locations within AT&T's network that the NSA utilizes.
I don't know what The Intercept expects anyone to do with that information, but that is new information.
I admit, I didn't read the full article because it's only barely readable on my device, but if my scroll bar is accurate, I did read about 70% of it.
But my point stands.
We've known that these specific buildings are the key hubs in the network for close to a century. And that they're hardened against nuclear attack, etc...
Maybe I was too deep into the phreaking scene in the early days, but I thought this was common knowledge in technology circles.
> We've known that these specific buildings are the key hubs in the network for close to a century. And that they're hardened against nuclear attack, etc...
Yes, it's been known that these specific buildings were key to AT&T's infrastructure. But any speculation that these specific buildings (as opposed to other specific buildings) were also key to NSA projects was just an assumption. The new information, which comes from released NSA memos and documents, shows that these specific 8 buildings are key to the NSA, meaning it's not just based on assumption anymore.
There's some other new information in there from the memos/documents, too. You really should actually read the article before mounting your high horse and spouting off nonsense criticism about it.
To OP's point this isn't some shocking revelation. Do people think that this is the full picture? That were even close to having any sort of understanding of what really happens?
To your point however this tidbit does give a good excuse to re raise the issue. Why are we allowed to spy on ourselves?
Releasing such info furthers subversive causes, as did disrupting active missions, having the Oahu tunnel shut down, and informing criminals and adversaries of our activities.
A privileged electrical technician torches your establishment to the ground and says he should be thanked for forcing you to rebuild stronger.
This is kind of a no-duh though. If you're the NSA, of course you're going to set up shop at peering facilities, there isn't anywhere else that makes practical sense.
This is not new in the sense that a whistle-blower revealed back in the mid-2000's (as I recall) that AT&T was working with the NSA to illegally bulk collect all internet traffic.
The problem is that even though this is all public record lying government officials continue to dismiss the obvious truth as "conspiracy theories" and so it becomes necessary to prove the same points over and over again in excruciating detail as long as government officials keep lying.
The term "secret police refers to intelligence, security or police agencies that engage in covert operations against a government's political opponents" [1]. We have no evidence the NSA is "used to protect the political power of an individual" or even political party. They're an intelligence agency, purely and simply.
No, their activities should largely be public. The NSA having privlaged information on their actions is dangerous, they have no incentive to share them with the public unless it benefits the NSA.
Of course it's documented fact. And the CIA had a comparable program called CHAOS. Moreover, read up on JTRIG's use of sigint to conduct psychological warfare, as revealed by their own documents (GCHQ leak from the Snowden archive)-- smearing people online, destroying reputations. Presumably, they are only conducting such operations on radical terror leaders, but how do we know? And what's to stop them?
Are you implying that people believe the US doesn't have an intelligence community that engages in covert surveillance?
In the past few years, the debate seems to have shifted from "What is appropriate oversight and behavior for intelligence agencies" to "Literally all national-level intelligence operations are a crime which must be stopped". The difference between the US and China/Russia is that in theory we have an intelligence community that is answerable for its actions to an elected civilian government. The extent to which that is true is obviously debatable, but to try to draw some equivalency here is absurd.
It is ironic that the "democracy dies in the dark" people still won't report on this even though it has been common knowledge and public record for over a decade.
Still won't report on what? The Chinese firewall is public knowledge, and Cisco helped build it. China doesn't have a democracy and doesn't pretend to.
NSA spying to an extent is public knowledge, but the submission is full of new information. I'm sure it will be reported by other sources in a few hours.
The Intercept, though I like much of their work, has shown some sympathy with Russia and repeated things that were Russian propaganda from agencies like Sputnik and RT. Wikileaks itself is possibly even a Russian front operation.
I like The Intercept, but it's mainly Glenn Greenwald who seems to have gone off the deep end and really dug in his heels, even when other authors in the group have written articles disagreeing with his unyielding conclusions.
They haven't shown sympathy towards Russia, they just don't view Russia as the sole bogeyman responsible for all troubles. Like the Trump-Russia scandal, they have reporters on the case but also point out there is similar or more damning evidence of collusion with Israel or Saudi Arabia.
Your post illustrates why they take these positions. Even an unsourced insignificant link to Russia is used to discredit anyone.
If you tried in China or Russia you'd probably get a nice visit to a permanent-stay "resort" with "daily exercise" where you get to work in fields without pay
Professor Chomsky has often had to respond to criticism that he singled out the U.S. for his criticisms. He rightly points out that, as a citizen of the U.S., he is obligated first to attempt to address the wrongs (as he sees them) of his own government first, since he (at least in theory) has some ability to influence his own government.
Stories like this often rely on some access to privileged information. If you were in a non-English/Portuguese country and had that privileged information, what reason would you have to expose it to an online paper you've never heard of?
This line of criticism is often brought up but there is no merit in it. How many Russian language news sources are you aware of?
China and Russia do not hide what they do or the fact they monitor all their citizens data
The US on the other attempts to play like the US Government is high and moral, respecting the freedoms of their citizens, while in the background they are just as Authoritarian as Russia and China
America can't claim to be near the peak of human culture, freedom and civil liberties while also wanting to be compared against places like China and Russia.
Hold yourself to higher standards if you really are No. 1.
While I agree China/Russia has the intent, but do they have the ability to conduct wiretapping on this scale? It sounds like the US is uniquely able to do this since so much of the internet's backbones/services reside here.
Thanks for the link. Doesn't seem to address my contention that the US has unique levels of access. I assume that all countries spy on their own citizens, but NSA is uniquely positioned to get traffic at a global scale.
First, I must immediately question the informativeness of anyone who thinks Washington DC is located in Maryland. Second, pointing out addresses of major AT&T PoPs is useless. Do carriers (still) mirror traffic to intelligence agencies? Most likely. However, this makes it sound like AT&T and the NSA have dedicated entire buildings for this purpose, which is ridiculous. Complete sensationalism.
You've misread the map by assuming "Maryland" was a state label, when evidence within the same map clearly indicates it is not. "Northern California" and "Southern California" are not states. Instead, they are areas, and Washington D.C. is in the area of Maryland.
This is ridiculous, but I'll play along. California absolutely is a state. Further defining the location of a city in a state does not really explain how Washington DC ends up being classified as part of Maryland. Washington DC is not part of the state Maryland. There is also no area (I assume by "area" you mean metro area or region) that is commonly defined as Maryland. Washington DC is part of the DC metropolitan area or "DMV," however it is in no way part of Maryland anymore than New York city is part of New Jersey.
I was simply pointing out a minor (albeit, comical) factual error that immediately made me question the legitimacy of the rest of the article.
Perhaps you shouldn't discount the entire content of the article based on what could be perceived as a minor mistake. There's quite a bit of corroborating material in regards to the core theme of the Intercept piece (AT&T/NSA collaboration); for example, the engineer who's quoted in the Intercept article has been speaking out about NSA surveillance for several years. He's been referenced in similar articles in various publications going back to at leat 2007. The San Francisco address in the article was Mark Klein's former workplace and he ostensibly witnessed fiber splitting equipment being installed for use by government agencies. So if we are to take him at his word, then his account certainly lends credence to the Intercept article.
Absolutely. I actually feel like pointing out the minor mistake distracted from my actual point. As others have pointed out in the past few hours, this article seems to do little more than point out where the NSA is fiber tapping on AT&T's network. This hardly seems like breaking news to me. The exposure of PRISM many years ago put the activity in the public eye.
To me, it seems like this article is sensationalizing a practice most were aware of already. I suppose it is mildly interesting to highlight a bunch of locations where it may be happening, but certainly not breaking news.
I know my way around the security industry. These weren't normal security guards that get paid to watch cctv and call the real cops. They don't give those guys guns or ballistic vests. To me it was completely bizarre that a telecom building would have that sort of security. Now it all makes sense. I actually wouldn't be surprised if they were actually military in disguise.