Echoes of NSA Room 641A: How Forgotten Lessons Threaten Bluesky

Room 641A’s real legacy isn’t about technical infrastructure or corporate jurisdiction — it’s about how easily critical knowledge gets buried. The old Wired documentation of the 2006 case seems to have disappeared.

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit against the telecommunications company, which alleges that AT&T cooperated in an illegal National Security Agency domestic surveillance program.

AT&T whistle-blower Mark Klein says this secret room in an AT&T switching center is home to data-mining equipment that can spy on internet communications. Mark Klein

Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation’s class-action lawsuit against the telecommunications company, which alleges that AT&T cooperated in an illegal National Security Agency domestic surveillance program.

Klein’s evidence is a collection of sensitive documents he retained when he retired from AT&T. Those documents are now filed under court seal, but Wired News independently acquired and published a significant portion of them in May, 2006. Those excerpts follow.

Study Group 3, LGX/Splitter Wiring, San Francisco

This four-page excerpt is from a 60-page document a management technician “left lying around on top of a router,” says Klein. It describes AT&T’s efforts to install splitters on internet fiber optic cables at the company’s San Francisco internet hub. Page 2 describes the splitter and lists the equipment at the receiving end of the tapped lines. Page 3 is a diagram depicting the tap, and page 4 details some of connections between the splitter cabinet and what Klein calls a “secret room” housing the equipment.

0_2

1_2

2_3

3_2

SIMS, Splitter Cut-In and Test Procedure

A departing AT&T technician gave this 44-page document to Klein as he cleaned out his desk. These two pages, excerpted by Klein, show AT&T re-rerouting its high speed data circuits through the splitter cabinet that performs the physics of the alleged wiretaps. The work was apparently overseen by AT&T’s Network Operations Center in Bridgeton, Missouri. “SIMS” is an unexplained reference to the secret room, according to Klein.

__4_3

5__

Cut-In and Test Procedure

These two pages, excerpted by Klein from another “Cut-In and Test Procedure” document, further illustrate AT&T re-rerouting its high speed data circuits for the surveillance, according to Klein. Page 1 diagrams the new connection through the splitter cabinet, and page two shows AT&T phasing in the fiber optic splitters on its high-speed links to other ISPs, including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and the Mae West interconnect.

Many people later described the program as a Bush administration implementation of mass surveillance. Here’s the POGO recap:

…despite the fact that intelligence failures related to 9/11 were primarily based not on a lack of data points but on an inability to connect the dots, the Bush administration launched an effort to collect dots on an unprecedented scale. The President’s Surveillance Program, known by the code name Stellar Wind, undertook three audacious aims: First, to collect the content of international communications on a mass scale. Second, to collect telephony communications records (who you call, when, and for how long) on a nationwide scale. And third, to collect internet metadata, also on a bulk scale. These systems were built on nationwide dragnet orders demanding companies continuously supply private information not on suspects, but rather from all individuals across the United States.

According to another Wired article (also with dead links to the source material), Klein cited the Bush administration in his decision to reveal the secret rooms.

Klein said he came forward because he does not believe that the Bush administration is being truthful about the extent of its extrajudicial monitoring of Americans’ communications. “Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA’s spying program is really limited to foreign communications or is otherwise consistent with the NSA’s charter or with FISA,” Klein’s wrote. “And unlike the controversy over targeted wiretaps of individuals’ phone calls, this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens.”

PBS Frontline still has their interview with Klein available. And of course Klein’s self-published book still seems available in archives.

Publisher: BookSurge Publishing; Illustrated ed.
Date: July 7, 2009
Paperback: 162 pages
ISBN-10:‎ 1439229961
ISBN-13: ‎ 978-1439229965

One of the nice things about Klein (arguably giving him legit whistleblower credibility) is how he wanted the right people to know what was going on, but he himself didn’t want to be known.

Klein has not spoken publicly since May, 2006 when he spoke on the courthouse steps in San Francisco. […] They are vacumming everything going across those links, I’m certain of it. That’s the physical arrangement; there’s no dispute about it, I looked at the cables, I traced the cables. I know where they went. The documents show where they went; they go to the secret room. I was watching [President Bush’s December 2005 press conference about the wiretapping program] and I was getting angrier and angrier — so most people hearing that would think ‘I don’t make calls to Al Qaeda so that doesn’t affect me.’ That’s what they wanted you to think. They tried to make you think it was about phone calls, but a lot of it is also about the internet and about gobs and gobs of information going across the internet and that affects everybody. And that’s the part they haven’t let out, and that’s the part I decided had to be uncovered.

The NSA’s domestic spying program thus wasn’t uncovered by leaked classified documents but by technical blueprints “left lying around on top of a router” for regular staff to see. Surveillance’s vulnerability lies in a dependence on oath and obedience, calling upon ordinary technicians with access to physical infrastructure to maintain loyalty beyond the pale.

And now two decades later these documents have largely vanished, much like the technicians reading them. What remains are secondhand summaries, dead links, and sealed court records. The erosion of technical evidence leaves a new era of protocol designers with incomplete knowledge, making future systems susceptible to repeating past vulnerabilities.

The Bluesky protocol, despite being a modern, decentralized platform, reflects some of these same risks. Bluesky’s heavy reliance on centralized Relay and indexing services echoes the architectural flaws that made Room 641A possible:

  • Relays act as central aggregation points where all user data must flow.
  • App Views maintain centralized indexes, which require comprehensive network visibility.
  • Federation is only implemented at the application layer, while network traffic flows remain concentrated.

Unlike fully peer-to-peer systems, this design creates predictable chokepoints vulnerable to Room 641A-style interception. While software inherently depends on hardware, Bluesky’s architecture amplifies surveillance risks by consolidating traffic through critical points.

Until we integrate the lessons from seasoned experts and whistleblowers like Klein into system design, we’ll continue building flawed platforms while convincing ourselves that they are entirely new.

Even more forgotten? Terry Childs, a network administrator for the city of San Francisco, was arrested in 2008 for refusing to hand over administrative passwords to the city’s FiberWAN system, effectively locking the city out of its own network. While these actions sparked significant controversy, there was never enough public exposure or reporting about how he had pulled a “641A” — engaged in tapping the data center (drilled holes into a wall and split fiber from the backbone into a reinforced cabinet with encrypted servers).

Related:

…Hugging Face released a dataset composed of one million Bluesky posts, complete with when they were posted and who posted them, intended for machine learning research.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.