The wiretap room had a second door

The compromise has a name now. Salt Typhoon. It is the cluster CISA, the FBI, and ODNI have attributed — with confidence levels that career officials do not throw around lightly — to a People's Republic of China state-sponsored actor. The compromise is not a breach in the casual sense. It is presence. Inside Verizon. Inside AT&T. Inside Lumen. Inside the systems carriers built, under federal mandate, to make every conversation a court order away from a transcript.

Read the disclosure language carefully. The intruders had access to the lawful-intercept apparatus itself — the same plumbing the Department of Justice and the FBI use to wiretap criminal suspects under Title III, the same plumbing FISA orders flow through, the same plumbing that, by statute, every common carrier in the United States must maintain under the Communications Assistance for Law Enforcement Act of 1994. CALEA. The 1994 bargain. Build the door. We'll keep the key safe.

The key was not safe. The key was, by all available indication, copied.

CISA's joint advisory and the subsequent guidance from Easterly's successor framed the campaign as cyber espionage. That framing is incomplete and the agencies know it is incomplete. The behavior on the wire — persistence in routing infrastructure, mapping of regional power and water control adjacencies, dwell time inside operational telemetry systems that have nothing to do with diplomatic cables or campaign emails — that behavior is not espionage. Espionage exfiltrates. Pre-positioning waits. The Volt Typhoon disclosures last year described the same pattern in water and energy. Salt Typhoon extended it into the carrier core. The two clusters share tradecraft, share infrastructure, and in some reporting share operators. The agencies' own threat assessment, reluctantly delivered to the Senate Intelligence Committee, used the phrase "disruptive intent in the event of a Taiwan contingency." That is not a wiretap. That is a kill switch with patience.

The political response has been the usual choreography. Senate Republicans want a hearing. Senate Democrats want a hearing. The White House wants a working group. Industry wants liability protection. The carriers want the public to stop asking which calls. The carriers will not say which calls. The carriers have been told, by counsel, not to say which calls. Federal officials who would normally leak have not leaked, which is itself a signal — the contents are sensitive enough that the usual valves are welded shut.

There is a corporate dimension that deserves equal indignation. The lawful-intercept gateways at issue were not built last year. They were built, certified, and sold to carriers by a small handful of vendors — and the security posture of those gateways was, by multiple independent assessments going back to a 2010 IEEE paper by Bellovin, Blaze, Clark, and Landau, structurally fragile. The vulnerabilities were named. The vendors shipped anyway. The carriers deployed anyway. The FCC certified anyway. The bill arrived in 2024.

The technology framing is the cleanest of the three. A communications system designed to be intercepted by one party is, by the laws of cryptography and not the laws of Congress, a communications system designed to be intercepted by any party with sufficient access. There is no key that is exclusively for the good guys. There never was. The agencies that lobbied against end-to-end encryption for thirty years on the grounds that lawful access must be preserved now find themselves explaining to the Senate why the lawful-access apparatus is, at present, a foreign asset.

The disclosure changes what citizens are allowed to know about what was done to them. It does not change what was done to them. Treat the next pronouncement about encryption backdoors accordingly.

Until tomorrow.