Professionalism/Mark Klein and Room 641A

From Wikibooks, open books for an open world
Jump to: navigation, search

In 2003 Mark Klein, a technician at AT&T, stumbled across a project with national significance involving AT&T and the National Security Agency (NSA). Inside one of its San Francisco buildings AT&T had constructed a secured room that was fed a copy of all Internet traffic going through the building. This chapter discusses the story leading up to Klein's ethical dilemma, what happened as a result, and some of the ethical issues surrounding this case.

AT&T and Mark Klein[edit]

Mark Klein

In 2002, while Klein was serving as an employee of AT&T in San Francisco, a representative from the NSA visited to interview AT&T employees for a special job. Later, in January 2003, he observed that the AT&T central office in San Francisco had a room (641A), where access was limited to this special employee. After Klein was relocated to this office in October 2003, he noticed surreptitious activity regarding the room. In particular, several documents that Klein used, including a December 10, 2002 document titled "Study Group 3, LGX/Splitter Wiring, San Francisco", led him to infer that signals from optical fibers carrying Internet traffic were being split and sent into Room 641A. Other documents listed devices inside the secure room, such as the Narus STA 6400 (a "Semantic Traffic Analyzer"), which Klein suspected were processing large amounts of Internet traffic. Furthermore, he learned from other employees within AT&T that similar rooms were in Seattle, San Jose, Los Angeles, and San Diego. Klein concluded that the "the NSA [would be] capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the internet"[1]. However, his fear of losing his job kept him silent[2].

Klein retired in 2004. After information about warrantless wiretapping by the Bush administration was reported in December 2005[3][4][5], Klein was motivated to reveal his own information[2], feeling that it was his duty to "bring these facts to light"[1].

Klein tried to have the Los Angeles Times run a story based on his information[6][7], but the newspaper backed down after Director of National Intelligence John Negroponte met with editors[7]. After this, Klein attempted to get an article in the New York Times, but they also appeared reluctant until the Electronic Frontier Foundation (EFF) desired to use Klein's testimony in a case against AT&T, which bolstered the newspaper to proceed with a report[2][6][7].

Lawsuits and Legislation[edit]

Lawsuits[edit]

Mark Klein took his findings to the EFF, which sued AT&T in a class action lawsuit on behalf of citizens whose privacy was violated by its actions. (See Hepting v. AT&T.) Lawsuits were also filed against the NSA, Verizon[8], and President Bush[9]. Of these, the EFF lawsuit against AT&T showed the most promise for success, withstanding the government's motion to dismiss in July 2006[10]. The legal basis on which these cases were built goes back to the 1970s and is outlined in the following section.

Legislation[edit]

The legislation regarding domestic surveillance goes back to the Watergate Scandal of 1972. As a result of the scandal, Congress passed the Foreign Intelligence Surveillance Act (FISA) in 1978 to limit the ability of the federal government to conduct surveillance. Under this law, the President could authorize surveillance of agents of foreign powers for up to one year. To surveil any U.S. citizen required a warrant from the Foreign Intelligence Surveillance Court (FISC).

Surveillance is no longer just video cameras. Even our online activities are subject to monitoring.

After the terrorist attacks in 2001, Congress passed a slew of legislation, including the Patriot Act and the Authorization For Use of Military Force Against Terrorists (AUMF), giving the President increased powers to fight terrorism. The same year, President George W. Bush started his "Terrorist Surveillance Program', in which he authorized the NSA by executive order to conduct warrantless surveillance as long as at least one party in the communication was believed to be outside the U.S. FISA included a provision that allowed surveillance with "any express statutory authorization"[11]. The Bush Administration claimed that the AUMF was such a statute and took advantage of this legal ambiguity to work with AT&T. Congress further reduced surveillance restrictions in 2007 with the passage of the Protect America Act. This amendment to the FISA was to last one year and allowed monitoring as long as it was not targeted at a person "reasonably believed" to be in the U.S.[12] It also removed the warrant requirement provided at least one surveilled party was outside of the U.S.

FISA was amended once more after the expiration of the Protect America Act. The FISA Amendment Act of 2008 restated most of the provisions from the Protect America Act. Furthermore, facing an election year and pressure from the Bush Administration, Congress also included a clause to give immunity to telecommunication companies, like AT&T, for "past or future" cooperation with government surveillance efforts[13][14]. As a result, the lawsuits mentioned above were thrown out.

Ethical Implications/Issues[edit]

Privacy and the Internet[edit]

Mark Klein's belief that we have a right to privacy on the Internet eventually led him to blow the whistle on the NSA and AT&T. But do we really have that right? If so, who is responsible for protecting that right?

The Internet gives us a limitless arena to communicate and share with others, but at what price?

Under the Constitution, we do not have an explicit right to privacy. However, the court system has used the concept of "reasonable expectation of privacy"[15], particularly when hearing cases involving the 4th Amendment (See Katz v. United States). Nearly half of U.S. states have some form of legislation guarding the privacy rights of Internet users. Most simply require websites to have a privacy policy where they explain how user information will be used, letting the users make the choice. However, Nevada and Minnesota have laws that go even further, requiring Internet Service Providers to protect subscribers' private information[16][17].

Many believe that we do have an inherent right to privacy on the Internet, going so far as to call for an Electronic Bill of Rights[18]. Privacy advocates argue that "privacy protects us from abuses by those in power" [19]. Others, though, assert that "privacy is dead" [20][21] and that "privacy fears have always been more of an emotional reaction than a rational one" [22]. All would agree, though, that humans have been trading privacy for convenience throughout history and that this case has made it particularly clear that the only way to truly keep information private is to not make it available in the first place.

Civil Liberties and National Security[edit]

Balancing the promotion of national security with respecting civil liberties is a problem all governments must address. Acts of terrorism in the 2000s led many Americans to place increased value on security, and the government's focus shifted in that direction. Yet some Americans still opposed the changes made under the Bush Administration[23]. Americans fear the threats of terrorism and other dangers to national security, but also fear the loss of their civil liberties and the potential for the United States to become a police state. This balancing act is difficult, and in a representative democracy the government will draw the line in a way that reflects the will of the people. While the government tries to appease the majority, there will still be many citizens who do not agree with its decisions.

This presents a difficult situation for professional engineers. They may at times find themselves in a situation where personal values clash with existing laws. The story of Mark Klein provides a perfect example of this scenario. Although the courts and the government found no misconduct in the case of Room 641A, Mark Klein believed that his and others' civil liberties were being violated and felt compelled to confront the issue. In these scenarios, engineers are likely to find that they cannot enact change from within the company because of the absence of legal wrongdoing. Engineers must then decide whether they are willing to continue working on a project that violates their personal values.

This is only one example where these challenges arose and there are many other cases where engineers face a similar clash of personal values and existing laws (See Shawn Carpenter, Vioxx, Ford Pinto, Jeffrey Wigand).

Ethical Duties[edit]

Although Mark Klein eventually revealed the evidence supporting his beliefs about Room 641A, his impending retirement influenced his decision to wait[2]. Klein certainly felt that he was protecting individuals' rights and pushing back against possible Orwellian intrusions into personal privacy[1]. His determination that "this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens"[1] appears to have been a major motivation, but one may criticize his seemingly self-serving decision to hold out until after his retirement. However, one could further argue whether Klein truly had enough information to merit raising the alarm over this issue and whether or not it was ethical for him to use circumstantial evidence to blow the whistle. The coastal locations of Room 641A and its counterparts lends credence to the espoused stance of the executive branch that solely international Internet traffic would be investigated by the NSA[3]. However, the devices in those alleged rooms could also be altered to observe Internet communications within the United States[3].

Congress also has ethical responsibilities in this case. Since Congress is expected to serve as a check on the executive branch[24], one could argue that Congress failed by effectively pardoning AT&T and other telecommunications companies that cooperated with the Bush Administration[25]. Some would suggest that Congress was influenced by the coupling of this legislative pardon with a bill regarding national security[26]. These views contend that legislators were coerced into approving the pardon lest they be seen as weak on national security in the upcoming elections in 2008[26]. If legislators indeed acted in this manner, then they cannot have been fulfilling their duties to uphold the current rule of law. However, there is also the possibility that Congress's own independent decision-making on this issue led the members of Congress to pass the Amendment and intentionally included all its provisions.

Additionally, AT&T has ethical responsibilities. As a telecommunications company handling its clients' information, AT&T would be expected to uphold the values of a common carrier and treat all messages that it carries fairly even if the common carrier concept is not as uniformly applied nowadays[27]. Thus, if AT&T stops taking into account the welfare of its clients and allows another entity (e.g. the U.S. government) to hold unequal sway over its actions, then the company has essentially abandoned its important role to behave as a common carrier and has unduly expanded government's interference into the private sector. However, if the executive branch did truly have adequate justification for the actions performed by the Bush administration, then cooperation from telecommunications companies was necessary. Furthermore, AT&T can unilaterally adjust its stated positions on certain issues such as when the company altered its privacy policy to say that essentially AT&T and not its clients has the right to deal with its clients' information in any way that AT&T pleases[28].

Useful Links[edit]

References[edit]

  1. a b c d Klein, M. (6 April 2006). "Wiretap Whistle-Blower's Account". Wired. http://www.wired.com/science/discoveries/news/2006/04/70621
  2. a b c d Goodman, A. (7 July 2008). "AT&T Whistleblower Urges Against Immunity for Telecoms in Bush Spy Program". http://www.democracynow.org/2008/7/7/att_t_whistleblower_urges_against_immunity
  3. a b c Markoff, J., & Shane, S. (13 April 2006). "Documents Show Link Between AT&T and Agency in Eavesdropping Case". The New York Times.
  4. Risen, J., & Lichtblau, E. (16 December 2005). "Bush Lets U.S. Spy on Callers Without Courts". The New York Times.
  5. Eggen, D. (14 April 2007). "Lawsuits May Illuminate Methods of Spy Program". The Washington Post.
  6. a b Burns, M. (July/August 2010). "Whistleblower's slog to get wiretap story into the media". St. Louis Journalism Review.
  7. a b c Interview: Mark Klein. (9 January 2007). Spying on the Home Front. http://www.pbs.org/wgbh/pages/frontline/homefront/interviews/klein.html
  8. https://www.eff.org/cases/verizon-mci
  9. http://www.theregister.co.uk/2008/09/18/eff_sues_bush/
  10. Markoff, J. (21 July 2006). "Judge Declines to Dismiss Privacy Suit Against AT&T". The New York Times.
  11. "United States Code Title 50, Chapter 36, Subchapter I, § 1809". http://www.law.cornell.edu/uscode/50/1809.html. Retrieved 2011-04-28. 
  12. 110th Congress (2007-01-04). "Protect America Act". http://www.gpo.gov/fdsys/pkg/BILLS-110s1927enr/pdf/BILLS-110s1927enr.pdf. Retrieved 2011-04-28. 
  13. 110th Congress (2008-07-10). "FISA Amendments Act of 2008, SEC. 802. PROCEDURES FOR IMPLEMENTING STATUTORY DEFENSES". http://www.govtrack.us/congress/billtext.xpd?bill=h110-6304. Retrieved 2011-04-28. 
  14. Associated Press (2008-06-20). "House Prepares to Debate New Surveillance Law". http://www.cnbc.com/id/25280929/House_Prepares_to_Debate_New_Surveillance_Law. Retrieved 2011-04-28. 
  15. Justice Harlan, concurring (1967-12-18). "Katz v. United States". http://supreme.justia.com/us/389/347/case.html. Retrieved 2011-04-29. 
  16. 2010 Minnesota Statutes. "Chapter 325 M. Internet Privacy". https://www.revisor.mn.gov/statutes/?id=325M. Retrieved 2011-04-28. 
  17. Nevada Revised Statutes. "Chapter 205: Crimes Against Property". http://www.leg.state.nv.us/nrs/nrs-205.html. Retrieved 2011-04-28. 
  18. Al Gore (1998-05-14). "Excerpt from Vice President Al Gore's Address at NYU". http://www.techlawjournal.com/privacy/80515gore.htm. Retrieved 2011-04-23. 
  19. Bruce Schneier (2006-05-19). "Schneier on Security - The Value of Privacy". http://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html. Retrieved 2011-04-23. 
  20. Steve Rambam (2006-08-01). "Privacy Is Dead - Get Over It". http://video.google.com/videoplay?docid=-383709537384528624#. Retrieved 2011-04-23. 
  21. Matthew Schafer (2010-08-02). "Privacy,Privacy, Where for Art Thou Privacy". http://lippmannwouldroll.com/2010/08/02/privacy-privacy-where-for-art-thou-privacy/. Retrieved 2011-04-23. 
  22. David Pogue (2011-01-01). "Don't Worry About Who's Watching". http://www.scientificamerican.com/article.cfm?id=dont-worry-about-whos-watching. Retrieved 2011-04-23. 
  23. http://www.reformthepatriotact.org/
  24. Madison, J. "Publius". (8 February 1788). Federalist No. 51.
  25. 110th Congress. (10 July 2008). Text of H.R. 6304 [110th]: FISA Amendments Act of 2008. http://www.govtrack.us/congress/billtext.xpd?bill=h110-6304
  26. a b Wu, T. (2 November 2010). The Master Switch: The Rise and Fall of Information Empires.
  27. Frieden, R. (December 1995). "Contamination of the common carrier concept in telecommunications". Telecommunications Policy.
  28. Lazarus, D. (21 June 2006). "AT&T rewrites rules: Your data isn't yours". The San Francisco Chronicle. http://articles.sfgate.com/2006-06-21/business/17300043_1_privacy-policy-customer-s-data-electronic-privacy-information-center