http://news.com.com/AT38T+leaks+sensitive+info+in+NSA+suit/2100-1028_3-6077353.html By Declan McCullagh Staff Writer, CNET News.com May 26, 2006 Lawyers for AT&T accidentally released sensitive information while defending a lawsuit that accuses the company of facilitating a government wiretapping program, CNET News.com has learned. AT&T's attorneys this week filed a 25-page legal brief striped with thick black lines that were intended to obscure portions of three pages and render them unreadable. But the obscured text nevertheless can be copied and pasted inside some PDF readers, including Preview under Apple Computer's OS X and the xpdf utility used with X11. The deleted portions of the legal brief seek to offer benign reasons why AT&T would allegedly have a secret room at its downtown San Francisco switching center that would be designed to monitor Internet and telephone traffic. The Electronic Frontier Foundation, which filed the class-action lawsuit in January, alleges that the room is used by an unlawful National Security Agency surveillance program. "AT&T notes that the facts recited by plaintiffs are entirely consistent with any number of legitimate Internet monitoring systems, such as those used to detect viruses and stop hackers," the redacted pages say. Another section says: "Although the plaintiffs ominously refer to the equipment as the 'Surveillance Configuration,' the same physical equipment could be utilized exclusively for other surveillance in full compliance with" the Foreign Intelligence Surveillance Act. The redacted portions of AT&T's court filing are not classified, and no information relating to actual operations of an NSA surveillance program was disclosed. Also, AT&T's attorneys at the law firms of Pillsbury Winthrop Shaw Pittman and Sidley Austin were careful not to explicitly acknowledge that such a secret room actually exists. A representative for AT&T was not immediately available to comment. Although EFF's lawsuit was filed before allegations about the room surfaced, reports of its existence have become central to the nonprofit group's attempts to prove AT&T opened its network to the NSA. A former AT&T employee, Mark Klein, has released documents alleging the company spliced its fiber optic cables and ran a duplicate set of cables to Room 641A at its 611 Folsom Street building. This is hardly the first time that PDF files have leaked embarrassing or sensitive information. In an ironic twist, the NSA published a 13-page paper in January describing how redactions could be done securely. A similar problem has arisen with metadata associated with Microsoft Office files. In March 2004, a gaffe by the SCO Group revealed which companies it had considered targeting in its legal campaign against Linux users. Microsoft Office 2003/XP even offers a way to "permanently remove hidden data and collaboration data" from Word, Excel and PowerPoint files. Documents that EFF filed, including a redacted version (click here for PDF) of a sworn statement by Klein released this week, were properly redacted. Instead of including the underlying text and layering a black rectangle on top, the San Francisco-based civil liberties group saved those pages as image files. Copyright ©1995-2006 CNET Networks, Inc. All rights reserved. _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 29 2006 - 22:10:18 PDT