"What Is That Box?" — When The NSA Shows Up At Your Internet Company

For nine months, this Utah ISP had a little black box in the corner, courtesy of the NSA. Its owner tells his story.

When people say the feds are monitoring what people are doing online, what does that mean? How does that work? When, and where, does it start?

Pete Ashdown, CEO of XMission, an internet service provider in Utah, knows. He received a Foreign Intelligence Service Act (FISA) warrant in 2010 mandating he let the feds monitor one of his customers, through his facility. He also received a broad gag order. In his own words:

The first thing I do when I get a law enforcement request is look for a court signature on it. Then I pass it to my attorneys and say, "Is this legitimate? Does this qualify as a warrant?" If it does, then we will respond to it. We are very up front that we respond to warrants.

If it isn't, then the attorneys write back: "We don't believe it is in jurisdiction or is constitutional. We are happy to respond if you do get an FBI request in jurisdiction or you get a court order to do so."

The FISA request was a tricky one, because it was a warrant through the FISA court — whether you believe that is legitimate or not. I have a hard time with secret courts. I ran it past my attorney and asked, "Is there anyway we can fight this?" and he said "No. It is legitimate."

It was also different [from other warrants] because it was for monitoring. They wanted to come in and put in equipment on my network to monitor a single customer. The customer they were monitoring was a particular website that was very benign. It seems ridiculous to me. It was beyond absurd. It wasn't like a guns and ammo website.

They came in and showed me papers. It was a court order from the FISC (Foreign Intelligence Surveillance Court) for the intercept, with the agent's name... and the court's information. I think it was three or four pages of text. They wouldn't let met me copy them. They let me take notes in regards to technical aspects of what they wanted to do.

We had to facilitate them to set up a duplicate port to tap in to monitor that customer's traffic. It was a 2U (two-unit) PC that we ran a mirrored ethernet port to.

[What we ended up with was] a little box in our systems room that was capturing all the traffic to this customer. Everything they were sending and receiving. (Ed note: it would have looked a lot like the picture below — a typical, black, two-unit server, unremarkable among many others.)

There was discussion [amongst employees] asking, "What is that box?"

I said, "It is something I am dealing with," and usually that was where it ended.

I didn't facilitate the install at the time; another engineer, who no longer works for me, did. I'm not sure it had any access to the internet, so they could manage it remotely, but if they requested that, we would have facilitated them. I'm sure it was just capturing the entire stream to hard disk for later analysis. After the initial install, they didn't come in again until it was removed.

It was open ended. I called six months into it and said, "How long is this going to go on?" and they said, "I don't know." I went on for nine months. If it were still there, I would have probably smashed it by now. There have been no [related] arrests that I have heard of.

I can't tell you all the details about it. I would love to tell you all the details, but I did get the gag order. I have probably told people too much. That was two years ago. If they want to come back and haunt me, fine.

These programs that violate the Bill of Rights can continue because people can't go out and say, "This is my experience, this is what happened to me, and I don't think it is right."

There is absolutely [a] need for secrecy when you are dealing with a criminal investigation. You don't want to tip off criminals being monitored. But you can't say, "You can never talk about this ever, for the rest of your life."

The FISA court should be a public court, and documents should be sealed for a set period of time, [to] let people audit the actions later.

We have received lots of federal requests. I don't think a lot of people realize just how much information is transmitted in the clear on the Internet.

We run a Tor node, in some ways as an affirmation of our belief that there are legitimate reasons for being anonymous on the internet. That is where the majority of requests come in from these days. Some illegal traffic comes in through Tor node and we get a federal request through the FBI or DOJ (Department of Justice). I respond to them and say that this is a Tor node [and therefore inaccessible, even to the ISP]; that is usually the end of it. They realize what that is, and it is a dead end.

I am in a little bit of a different situation than large companies. I don't have a board of directors to answer to. A number of [larger] companies are getting paid for the information. If you go establish a tap on Google's network, they will charge X amount per month. Usually the government pays it.

It isn't worth it to me to do that kind of wholesale monitoring at any price, and lot of companies disagree with that, because it is a financial issue for them. [They say] if it is worth this much profit, let's go for it. The return for standing up for people's constitutional rights and privacy is much greater and more satisfying.

Skip to footer