Room 641A: AT&T Fiber-Splitter NSA Tap (2003–2006)
Introduction
In 2006, a retired AT&T technician named Mark Klein filed sworn declarations in a federal lawsuit brought by the Electronic Frontier Foundation against AT&T. Klein had worked at AT&T's 611 Folsom Street facility in San Francisco and had witnessed the installation of a secret room — Room 641A — on the 7th floor of the building. Inside that room, Klein documented, a fiber-optic splitter cabinet had been installed, feeding copies of all internet traffic passing through the facility into a Narus STA 6400 deep-packet inspection system. The room was accessible only to technicians with NSA clearances.
Klein's technical documentation, including wiring diagrams and equipment lists, provided the first detailed physical evidence that the NSA had direct access to AT&T's internet backbone traffic — not a targeted tap of specific suspects, but a wholesale copy of all traffic transiting the facility.
The Physical Setup
The 611 Folsom Street building was a major AT&T internet backbone hub, handling traffic for a large portion of US internet communications. Klein's documentation described a beam splitter that diverted a copy of the fiber-optic signal entering Room 641A to the Narus STA 6400 — a commercial deep-packet inspection platform capable of analyzing traffic at speeds sufficient for backbone-level interception.
The splitter arrangement meant that AT&T customers' internet traffic — email, web browsing, voice-over-IP calls — was being copied and fed to NSA systems without individualized warrants. The splitter architecture, by design, could not distinguish domestic from international communications; it copied everything.
Mark Klein's Testimony
Klein retired from AT&T in 2004. In 2006 he came forward to the EFF and later to journalists, providing technical documentation he had retained. His declarations in the EFF v. AT&T lawsuit (also known as Hepting v. AT&T, filed on behalf of plaintiff Carolyn Hepting) described in precise technical terms what he had seen and documented. Klein was not a whistleblower in the traditional sense of someone with access to classified programs — he was a working technician who saw the physical hardware and the wiring.
The EFF case proceeded through the courts. The New York Times had published its own account of the NSA warrantless wiretap program in December 2005, based on reporting by Eric Lichtblau and James Risen, who had held the story for a year at government request. The Klein declarations added concrete physical corroboration to what the NYT had revealed from classified sources.
The Legal Outcome: Retroactive Immunity
The FISA Amendments Act of 2008 included a provision granting retroactive civil immunity to telecommunications companies that had assisted the government's surveillance program. The Hepting case and related lawsuits were effectively ended by this legislation. No AT&T executive faced legal consequences. The FAA 2008 also codified the Section 702 collection framework that the PRISM program would operate under.
What Room 641A Confirmed
Room 641A is not a conspiracy theory in the traditional sense — it is a confirmed surveillance program, documented by a technician with first-hand access, corroborated by NSA documents obtained through other channels, and effectively acknowledged by the government's pursuit of retroactive immunity. The existence of the room, the Narus equipment, and the splitter arrangement is not seriously disputed.
Harm and Implications
The Room 641A tap represented a fundamental departure from the legal framework governing domestic surveillance. Prior law required individualized warrants for domestic wiretapping. The backbone tap collected all traffic regardless of the identity or nationality of the communicants. For US persons communicating with other US persons across AT&T infrastructure, this was unambiguously domestic surveillance without legal authorization under the existing FISA framework.
The harm was to the constitutional expectation of privacy in electronic communications, to the integrity of the legal framework governing intelligence collection, and to public trust in both telecommunications providers and the intelligence agencies they were secretly serving.
Verdict
Confirmed. Mark Klein's sworn declarations, technical documentation, and the government's own pursuit of retroactive telco immunity collectively confirm that Room 641A existed, that it fed AT&T backbone traffic to NSA systems, and that this occurred without the individualized warrants required by existing law. The broader warrantless wiretap program was confirmed by government officials following the NYT disclosure.
Evidence Filters10
Mark Klein's sworn technical declarations in EFF v. AT&T
SupportingStrongRetired AT&T technician Mark Klein filed sworn declarations in the Hepting/EFF v. AT&T lawsuit in March 2006, providing wiring diagrams, equipment lists, and first-hand accounts of the Room 641A installation. His documentation is the primary physical evidence of the tap.
Narus STA 6400 deep-packet inspection hardware documented
SupportingStrongKlein's technical documentation identified the specific hardware: a Narus STA 6400 semantic traffic analysis system, a commercial deep-packet inspection platform capable of analyzing backbone-scale traffic. The equipment's capabilities are consistent with wholesale communications collection.
NYT warrantless wiretap disclosure preceded Klein — December 2005
SupportingStrongEric Lichtblau and James Risen of the New York Times disclosed the NSA warrantless wiretap program in December 2005, having held the story at government request for a year. The disclosure confirmed the broader program Klein's physical evidence supported.
FISA Amendments Act 2008 granted retroactive telco immunity
SupportingStrongCongress enacted the FAA 2008 specifically including a provision immunizing telecommunications companies from civil liability for cooperating with the NSA surveillance program. The retroactive immunity is a legislative acknowledgment that the program occurred and that companies participated.
AT&T denied cooperation — company's initial denial
NeutralWeakAT&T issued public denials of the surveillance allegations at the time of the EFF lawsuit. These denials were superseded by the retroactive immunity legislation and subsequent NSA document releases confirming telecom cooperation.
Rebuttal
AT&T's denial was rendered moot by the FISA Amendments Act 2008, which granted retroactive immunity precisely because telecom cooperation with the NSA had occurred. Subsequent Snowden documents further confirmed the cooperation.
Room accessible only to NSA-cleared personnel
SupportingStrongKlein documented that Room 641A required NSA security clearances for access, excluding ordinary AT&T employees. This compartmentalization within a private company's facility is consistent with an intelligence agency-run collection program.
Program predated legal authorization — no FISA warrants for backbone tap
SupportingStrongThe backbone splitter architecture collected all traffic without individualized warrants, predating the FAA 2008 legal framework that would later authorize Section 702 collection. The collection was conducted without legal authority under existing FISA statute.
Courts dismissed Hepting case after FAA retroactive immunity
DebunkingThe EFF's Hepting v. AT&T lawsuit was dismissed following the FISA Amendments Act 2008 retroactive immunity provision. The dismissal was on immunity grounds, not on the merits — no court found that the surveillance had not occurred.
Rebuttal
The dismissal on immunity grounds is sometimes cited as exonerating AT&T. It does not. The court did not find the surveillance did not occur; it found AT&T was immune from civil liability for its participation. The program's existence was not adjudicated on the merits.
Mark Klein's Technical Claims Were Later Corroborated by Independent Expert Analysis
DebunkingStrongElectronic Frontier Foundation retained J. Scott Marcus, a former FCC senior technical adviser, who reviewed Klein's technical documentation and concluded it was consistent with a genuine traffic-analysis interception facility. NSA expert opinion presented in the Hepting v. AT&T litigation further supported the technical plausibility of Klein's account. This corroboration distinguishes Room 641A from speculative infrastructure claims and places it within a category of surveillance disclosures with substantial independent technical verification — making it a documented programme rather than an unverified conspiracy theory.
FISA Amendments Act 2008 Granted Retroactive Immunity Contested Under Constitutional Law
NeutralCongress's decision in FISA Amendments Act 2008 to grant retroactive immunity to telecoms cooperating with NSA surveillance was itself the subject of sustained constitutional challenge — EFF's Jewel v. NSA continued through 2023. The immunity provision, while ultimately effective in blocking civil litigation, was passed over significant congressional opposition and with awareness of its legally contested nature. AT&T's denial of operating outside legal authorisation is accurate insofar as it operated under classified FISA court orders, but those orders' constitutional validity remained genuinely disputed throughout the period.
Evidence Cited by Believers6
Mark Klein's sworn technical declarations in EFF v. AT&T
SupportingStrongRetired AT&T technician Mark Klein filed sworn declarations in the Hepting/EFF v. AT&T lawsuit in March 2006, providing wiring diagrams, equipment lists, and first-hand accounts of the Room 641A installation. His documentation is the primary physical evidence of the tap.
Narus STA 6400 deep-packet inspection hardware documented
SupportingStrongKlein's technical documentation identified the specific hardware: a Narus STA 6400 semantic traffic analysis system, a commercial deep-packet inspection platform capable of analyzing backbone-scale traffic. The equipment's capabilities are consistent with wholesale communications collection.
NYT warrantless wiretap disclosure preceded Klein — December 2005
SupportingStrongEric Lichtblau and James Risen of the New York Times disclosed the NSA warrantless wiretap program in December 2005, having held the story at government request for a year. The disclosure confirmed the broader program Klein's physical evidence supported.
FISA Amendments Act 2008 granted retroactive telco immunity
SupportingStrongCongress enacted the FAA 2008 specifically including a provision immunizing telecommunications companies from civil liability for cooperating with the NSA surveillance program. The retroactive immunity is a legislative acknowledgment that the program occurred and that companies participated.
Room accessible only to NSA-cleared personnel
SupportingStrongKlein documented that Room 641A required NSA security clearances for access, excluding ordinary AT&T employees. This compartmentalization within a private company's facility is consistent with an intelligence agency-run collection program.
Program predated legal authorization — no FISA warrants for backbone tap
SupportingStrongThe backbone splitter architecture collected all traffic without individualized warrants, predating the FAA 2008 legal framework that would later authorize Section 702 collection. The collection was conducted without legal authority under existing FISA statute.
Counter-Evidence2
Courts dismissed Hepting case after FAA retroactive immunity
DebunkingThe EFF's Hepting v. AT&T lawsuit was dismissed following the FISA Amendments Act 2008 retroactive immunity provision. The dismissal was on immunity grounds, not on the merits — no court found that the surveillance had not occurred.
Rebuttal
The dismissal on immunity grounds is sometimes cited as exonerating AT&T. It does not. The court did not find the surveillance did not occur; it found AT&T was immune from civil liability for its participation. The program's existence was not adjudicated on the merits.
Mark Klein's Technical Claims Were Later Corroborated by Independent Expert Analysis
DebunkingStrongElectronic Frontier Foundation retained J. Scott Marcus, a former FCC senior technical adviser, who reviewed Klein's technical documentation and concluded it was consistent with a genuine traffic-analysis interception facility. NSA expert opinion presented in the Hepting v. AT&T litigation further supported the technical plausibility of Klein's account. This corroboration distinguishes Room 641A from speculative infrastructure claims and places it within a category of surveillance disclosures with substantial independent technical verification — making it a documented programme rather than an unverified conspiracy theory.
Neutral / Ambiguous2
AT&T denied cooperation — company's initial denial
NeutralWeakAT&T issued public denials of the surveillance allegations at the time of the EFF lawsuit. These denials were superseded by the retroactive immunity legislation and subsequent NSA document releases confirming telecom cooperation.
Rebuttal
AT&T's denial was rendered moot by the FISA Amendments Act 2008, which granted retroactive immunity precisely because telecom cooperation with the NSA had occurred. Subsequent Snowden documents further confirmed the cooperation.
FISA Amendments Act 2008 Granted Retroactive Immunity Contested Under Constitutional Law
NeutralCongress's decision in FISA Amendments Act 2008 to grant retroactive immunity to telecoms cooperating with NSA surveillance was itself the subject of sustained constitutional challenge — EFF's Jewel v. NSA continued through 2023. The immunity provision, while ultimately effective in blocking civil litigation, was passed over significant congressional opposition and with awareness of its legally contested nature. AT&T's denial of operating outside legal authorisation is accurate insofar as it operated under classified FISA court orders, but those orders' constitutional validity remained genuinely disputed throughout the period.
Timeline
NSA secret room installed at AT&T 611 Folsom Street
AT&T installs Room 641A on the 7th floor of its San Francisco internet backbone facility. A fiber-optic splitter and Narus STA 6400 deep-packet inspection system are put in place, with NSA-cleared technicians given exclusive access. Internet backbone traffic is diverted and copied without warrants.
New York Times discloses NSA warrantless wiretap program
Eric Lichtblau and James Risen publish the NSA warrantless surveillance story the Times had held for a year at government request. The disclosure describes the broader program that Room 641A physically served, triggering congressional and public scrutiny.
Source →Mark Klein files declarations in EFF v. AT&T (Hepting)
Retired AT&T technician Mark Klein provides sworn declarations to the EFF and files technical documentation — wiring diagrams, equipment lists — describing the Room 641A setup. The declarations are the primary physical evidence of the fiber splitter and NSA collection infrastructure.
Source →FISA Amendments Act grants retroactive telco immunity; Hepting dismissed
Congress enacts the FAA 2008, immunizing AT&T and other telecoms from civil liability for cooperating with the NSA. The Hepting case and related lawsuits are subsequently dismissed on immunity grounds. The surveillance program is effectively acknowledged by the immunity provision.
Source →
Verdict
Mark Klein's sworn technical declarations in EFF v. AT&T (Hepting) documented a fiber-optic splitter on AT&T's 7th floor feeding all backbone traffic into a Narus STA 6400 NSA deep-packet inspection system. The NYT confirmed the broader warrantless wiretap program in December 2005. The FISA Amendments Act of 2008 granted retroactive telco immunity — effectively acknowledging the program's existence. Confirmed by physical documentation, congressional legislation, and subsequent NSA disclosures.
Frequently Asked Questions
What was Room 641A and who built it?
Room 641A was a secret room on the 7th floor of AT&T's 611 Folsom Street internet backbone facility in San Francisco. It was equipped with a fiber-optic beam splitter and a Narus STA 6400 deep-packet inspection system. The room was installed with NSA involvement and was accessible only to technicians with NSA security clearances. Retired AT&T technician Mark Klein documented it in sworn court declarations in 2006.
Was AT&T held legally responsible?
No. The FISA Amendments Act of 2008 granted retroactive civil immunity to telecommunications companies that had assisted the NSA surveillance program. The EFF's Hepting v. AT&T lawsuit was dismissed following the immunity provision. No court adjudicated the program on its merits; the dismissal was on immunity grounds only.
Did the surveillance tap only foreign communications?
No. The fiber-optic splitter architecture at 611 Folsom Street copied all traffic transiting the facility, which was a major US internet backbone hub. The equipment could not distinguish domestic from international communications — it collected everything. This made the program a wholesale tap of US domestic internet traffic without individualized warrants.
How does Room 641A relate to the Snowden disclosures?
Room 641A predates the Snowden disclosures by seven years. It represents the physical infrastructure side of NSA surveillance — actual hardware in commercial facilities — while Snowden's 2013 disclosures revealed the programmatic and legal frameworks (PRISM, Section 702) built on top of similar infrastructure. Together they document a comprehensive surveillance architecture.
Sources
Show 3 more sources
Further Reading
- bookState of War: The Secret History of the CIA and the Bush Administration — James Risen (2006)
- paperEFF v. AT&T: Klein affidavit and case documentation — Electronic Frontier Foundation (2006)
- bookThe Art of Invisibility — Kevin Mitnick (2017)