- Babak Pasdar
CEO of the computer security firm Bat Blue Corporation. He recently revealed that a major telecommunications company may have given the government access to every communication coming through that company’s infrastructure.
- Tom Devine
legal director of the Government Accountability Project, a public interest law firm dedicated to helping whistleblowers.
Babak Pasdar is a computer security expert who was hired in 2003 to help restructure the tech infrastructure at a major wireless telecommunications company. What he found shocked him. The company had set up a system that gave a third party, presumably a governmental entity, access to every communication coming through that company’s infrastructure. This means every email, internet use, document transmission, video, text message, as well as the ability to listen to and record any phone call. [includes rush transcript]
JUAN GONZALEZ: Another whistleblower has stepped forward with new information that could expose how the federal government is carrying out domestic spy operations.
Babak Pasdar is a computer security expert who was hired in 2003 to help restructure the tech infrastructure at a major wireless telecommunications company. What he found shocked him.
The company had set up a system that gave a third party, presumably a governmental entity, access to every communication coming through that company’s infrastructure. This means every email, internet use, document transmission, video, text message, as well as the ability to listen to and record any phone call.
It is also believed the system would allow the government to be able to trace the physical location of cell phone users. The secret system is known as the Quantico Circuit, named after the city in Virginia home to the FBI Academy.
AMY GOODMAN: Babak Pasdar has not named the company where he worked, but the publication Wired reports his claims are nearly identical to allegations made in a federal lawsuit filed against Verizon Wireless. Verizon Wireless is one of several major telecoms facing lawsuits over its role in the government’s spying program. Congress is still debating on whether to give Verizon and other telecoms immunity, even though their actions broke the law.
Babak Pasdar joins us here in our firehouse studio. He’s the CEO of the computer security firm Bat Blue Corporation. We’re also joined by Tom Devine, legal director of the Government Accountability Project, a public interest law firm dedicated to helping whistleblowers. The Government Accountability Project is representing Babak Pasdar.
Welcome to Democracy Now!, both. Babak Pasdar, tell us what you found, when you found it and where you found it.
BABAK PASDAR: Well, I was at one of the company’s data centers, the carrier’s data centers, and I was there to implement a new security system for them. I was in the process of migrating all the various sites that the organization had, both their affiliate sites as well as their branch offices, and I found this circuit. When I tried to migrate this site to implement security and controls around it, I was vehemently denied. I was told I absolutely could not do that. When I tried to at the least get some logging around it so that there would be some record of the transactions that were going across that circuit, I was denied that as well.
JUAN GONZALEZ: Now, what was — did this happen in the middle of working hours? Was this at night that you were doing this work? And were there any other company employees that you asked about the circuit?
BABAK PASDAR: There were two other consultants there that were long-term consultants for the organization, and they were my sole point of contact within the organization. And we all reported up to the director of security for the carrier.
AMY GOODMAN: Now, what exactly does this Quantico Circuit mean? What happens and where does it all go, this information?
BABAK PASDAR: Well, that I don’t know. But what the Quantico Circuit was was a high-speed circuit, a pipeline into a third party that provided this third party unfettered access into the heart of the carrier’s network. It had access to the billing system, fraud detection system, all the internet access systems, text messaging — I mean, just everything you can think of. So, in essence, somebody could identify billing records, find out behavioral information about various customers, tap into both data and voice conversations, just have total access.
JUAN GONZALEZ: And what do you discern from the — as you were saying, you tried to get a log of interaction with it, but you could not produce a log? What does that mean in terms of what your sense is of what was being done by that?
BABAK PASDAR: Well, everything that security folks do, security experts do, needs to have some transaction around it. We need to know what happened, when it happened, and be able to go back and recreate a scenario from a forensic standpoint, from an evidentiary standpoint, from just knowing exactly what happened when. Logging is critical to that. So whenever we implement a security system, we collect logs, we feed information to a system that preserves log of exactly what the transaction and where, who talked to whom and, you know, with what types of services. When — it’s just unheard of to have an organization, especially at carrier, implement a security system and not log the information.
JUAN GONZALEZ: So, in other words, what was occurring was that someone was deliberately trying to hide whatever transactions or whatever data was going through that particular line?
BABAK PASDAR: Well, they were behaving very unusual and not up to industry standards.
AMY GOODMAN: What was the reaction of your coworkers, of the people you were asking questions of, of the company?
BABAK PASDAR: Well, they were very squirrelly about it. They didn’t want to answer the questions. I thought that the whole situation was very unusual and suspicious, and that’s what raised my suspicions with regard to what the purpose of this connection was. We — I tried to escalate it to the organization’s management, and the director of security came down to the data center — it was at 7:00 or 8:00, 9:00 at night, it was just after hours definitely — and started wagging his finger in my face, saying that if I — you know, I had to forget about it, I had to move on, and if I couldn’t, he would get somebody that would.
JUAN GONZALEZ: And what made you eventually decide to speak out about this?
BABAK PASDAR: Well, my concern is about the constitutionality and the legality of it. I mean, any type of a connectivity between a third-party organization and an organization like a carrier that’s part of critical American infrastructure has to adhere to very, very specific standards. Any kind of connectivity between governmental agencies and a carrier has to adhere to very specific standards. This did not adhere to industry standards or governmental standards with regard to exchange of evidence. You know, they call it CALEA. So I thought this was suspicious, I thought it was of concern, and I thought it should be investigated further.
AMY GOODMAN: So, how did you speak out, and what kind of risk are you taking in doing that?
BABAK PASDAR: Well, I’m taking some personal and professional risk in doing this, but I think it’s important that folks like myself speak out. It’s very important for us to not let this type of precedence be set, because once that’s set, it really has grave impact on the privacy of Americans, especially in an age where, you know, your credit card and your ATM card has a lot of information about your behavior and your location. There’s cameras all over the place, both by city and governmental agencies, as well as buildings and stores and ATMs. There’s RFID, radio frequency identifiers. They’ve become ubiquitous; they’re all over the place. You know, even things like E-Z Pass. It’s really, really important that Americans have some, some element of privacy and to have their phone records or phone conversations, their data, email, private messages — and these organizations, these carriers have now moved to request log-ins and passwords to people’s business systems and personal systems in order to send them their email. So that reach has extended. And if these guys are just willy-nilly providing this information to any third party or any governmental agency, that’s of grave concern to me.
JUAN GONZALEZ: Well, the Washington Post, in an article this week where it mentions your discovery, quotes the FBI as saying that “a circuit of the type described by Pasdar does not exist. All telecom circuits at Quantico are one-way, from the carrier,” according to Anthony Di Clemente, section chief of the FBI’s operational technology division. Your response to their claim?
BABAK PASDAR: Well, then they should have no concern about an investigation.
AMY GOODMAN: The Washington Post also says, “Since a 1994 law required telecoms to build electronic interception capabilities into their systems, the FBI has created a network of links between the nation’s largest telephone and Internet firms and about 40 FBI offices and Quantico, according to interviews and documents describing the agency’s Digital Collection System.” It seems to go along with what you’re saying. Why won’t you tell us the company that you were — that you found this at?
BABAK PASDAR: Well, I have a nondisclosure. What my focus is is to prompt an investigation. You know, on one side, they say the circuit doesn’t exist; on the other side, they say the circuit does exist and it adheres to legal standards. I’m aware of what the legal standards are, and the legal standards call for very, very specific logging and evidentiary chain of custody and privacy for all others, except the entity or person under investigation with a subpoena and with a warrant. None of that existed for this circuit. I was the person responsible for implementing it. So if I was not implementing it, then it didn’t exist.
AMY GOODMAN: You have filed an affidavit with Congress?
BABAK PASDAR: I have.
AMY GOODMAN: What is that process?
BABAK PASDAR: Well, I essentially documented everything that I know, tried to — no fluff, just the facts. And my focus is to have an investigation and find out exactly what the purpose and function of this circuit is, who paid for it, who operates it, and what kind of information is collected.
JUAN GONZALEZ: We’re also joined by Tom Devine, the legal director of the Government Accountability Project. Your response to his coming forward and how whistleblowers generally are faring under the Bush administration?
TOM DEVINE: Well, people like Mr. Pasdar are profiles in courage, and they’re the exception, rather than the rule, in telling what they’ve been eyewitnesses to. And when they do, it can really make a difference. We’re trying to change the fact that whistleblowing currently is professional suicide. That’s kind of the facts of life. Babak acted when he had no legal rights, and it was a little bit easier because his contract had expired. But people are going to lose their jobs. They oftentimes don’t dare to commit the truth.
There’s some legislation that’s approaching showdowns in Congress this spring to overhaul the discredited Whistleblower Protection Act, which is a rubber stamp for retaliation — over about a 98 percent rate ruling against whistleblowers. And your listeners should plug in and demand that Congress give some real rights to the people who defend freedom where it really counts, at home.
AMY GOODMAN: You are calling — the Government Accountability Project — for jury trials for whistleblowers. What do you mean?
TOM DEVINE: Well, right now their paper rights get enforced by administrative law hearings that have no political independence at all and are virtually rubber stamps for retaliation. They’re kangaroo courts. Since President Bush’s chairman came in at the Civil Service Agency, the record has been 1-in-44 against whistleblowers when they try to enforce their free speech rights. So the reality is, the laws supposedly protecting them are like the last nail in their professional coffin. That will change if we get past the politics and let juries of citizens, whom whistleblowers purport to defend when they stick their necks out, be the bottom line for deciding justice.
JUAN GONZALEZ: And don’t those whistleblowers — let’s say the agency, the government agency, the Merit Systems Protection Board, rules against them, they don’t have a recourse right now to go to court?
TOM DEVINE: Well, they can go to an appeals court, and that’s actually even worse. President Reagan appointed all of the initial judges to that, and they started a very dark tradition. They’re kind of like to free speech like FISA is to the right to privacy. Since October ’94, when Congress made the whistleblower law the strongest in history on paper for freedom of speech, the track record is 2-in-193 against whistleblowers when they appeal the administrative decision. So it’s a lose-lose scenario right now for anybody who wants to defend the public.
AMY GOODMAN: Finally, Babak Pasdar, why take this risk?
BABAK PASDAR: It’s the right thing to do. I believe it’s my obligation as an American to step forward and protect the Constitution. I think it’s critical that we not let this precedence be set, because as technology evolves — and, you know, as somebody very, very engaged in the security industry, I see how technology has evolved, how these technologies exist to be able to collect volumes of information and process it.
AMY GOODMAN: Have you taken a stand on whether these telecom companies should get immunity for spying on Americans?
BABAK PASDAR: I believe we should know what happened first. It really doesn’t make any sense to me to give someone immunity when you don’t know what they did.
AMY GOODMAN: We’re going to leave it there. Babak Pasdar, thanks so much for being with us, CEO of a computer security firm, Bat Blue Corporation. Tom Devine, legal director of Government Accountability Project in D.C.