The US government compelled Telstra and Hong Kong-based PCCW to give it access to their undersea cables for spying on communications traffic entering and leaving the US.
Telstra was compelled to strike a 2001 deal with the FBI and the US Department of Justice to give them surveillance access to the undersea cables owned by its subsidiary Reach, a new document released online and provided to Crikey reveals.
The document shows Telstra, at that stage majority-owned by the Howard government, and its partner Pacific Century Cyber Works (now PCCW), then controlled by Hong Kong businessman Richard Li, agreed to provide the FBI with around-the-clock access to Reach’s cables to spy on communications going into and out of the United States. It is signed by Telstra’s then-company secretary Douglas Gration, then-deputy assistant US attorney-general John G. Malcolm, Alex Arena of PCCW, Alistair Grieve of Reach and Larry R. Parkinson of the FBI.
Reach, headquartered in Hong Kong, is said to control more than 40 major telecommunications cables going into and out of the Asia-Pacific, including cables into and from China and Australia.
Claiming that “US communications systems are essential to the ability of the US government to fulfill its responsibilities to the public to preserve the national security of the United States, to enforce the laws, and to maintain the safety of the public”, the agreement places a number of requirements on Reach, Telstra and PCCW:
All customer billing data to be stored for two years;
Ability to provide to agencies any stored telecommunications or internet communications and comply with preservation requests;
Ability to provide any stored meta-data, billing data or subscriber information about US customers;
They are not to comply with any foreign privacy laws that might lead to mandatory destruction of stored data;
Plans and infrastructure to demonstrate other states cannot spy on US customers;
They are not to comply with information requests from other countries without DoJ permission;
A requirement to:
“… designate points of contact within the United States with the authority and responsibility for accepting and overseeing the carrying out of Lawful US Process to conduct Electronic Surveillance of or relating to Domestic Communications carried by or through Domestic Communications Infrastructure; or relating to customers or subscribers of Domestic Communications Companies. The points of contact shall be assigned to Domestic Communications Companies security office(s) in the United States, shall be available twenty-four (24) hours per day, seven (7) days per week and shall be responsible for accepting service and maintaining the security of Classified Information and any Lawful US Process for Electronic Surveillance … The Points of contact shall be resident US citizens who are eligible for US security clearances…”;
A requirement to keep such surveillance confidential, and to use US citizens “who meet high standards of trustworthiness for maintaining the confidentiality of Sensitive Information” to handle requests;
A right for the FBI and the DoJ to conduct inspection visits of the companies’ infrastructure and offices; and
An annual compliance report, to be protected from Freedom of Information requests.
The US is able to impose the agreements even on offshore companies because of Federal Communications Commission licensing requirements for the provision of telecommunications services into and out of the US, which can be made subject to conditions relating to national security and law enforcement.
It’s important to note that “Domestic Communications” in the agreement means the “US portion” of communications that originate or terminate in the United States, although “portion” isn’t defined and could extend to all communication on infrastructure physically located in the US, which would in practice mean all communication going into or out of or through the US. Moreover, surveillance can also be conducted “relating” to customers or subscribers, regardless of where the relevant communication is.
A Telstra spokesman told Crikey:
“This agreement, at that time 12 years ago, reflected Reach’s operating obligations in the US that require carriers to comply with US domestic law.”
The existence of such agreements with cable owners was revealed by The Washington Post last weekend in the wake of revelations about the extent of FBI, National Security Agency and other US government internet and phone surveillance. On Tuesday, a long list of such agreements, complete with the documents, was published by the Public Intelligence website, covering the period from 1999 through to 2011 and a variety of cable owners from Europe, the Americas and Asia. The web of agreements ensures agencies such as the FBI can access all internet and telephone communications going into and out of the US for surveillance purposes.
Update: The article has been amended: the agreement between the companies and US agencies was filed with the FCC and thus not “secret” as originally described.