[164085] in North American Network Operators' Group
Are undersea cables tapped before they get to ISP's? [was Re:
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Jun 25 09:16:02 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <CAPhg-wRrn=siuxuObG85G8w6Kgsag1qJeZC97ucZNbgnAL7kaA@mail.gmail.com>
Date: Tue, 25 Jun 2013 08:15:14 -0500
To: Phil Fagan <philfagan@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_CED4AFE0-65DF-41C6-A3A5-D8DBB26F6037
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan@gmail.com> wrote:
> Are these private links or customer links? Why encrypt at that layer? =
I'm
> looking for the niche usecase.
I was reading an article about the UK tapping undersea cables =
(http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communi=
cations-nsa) and thought back to my time at AboveNet and dealing with =
undersea cables. My initial reaction was doubt, there are thousands of =
users on the cables, ISP's and non-ISP's, and working with all of them =
to split off the data would be insanely complicated. Then I read some =
more articles that included quotes like:
Interceptors have been placed on around 200 fibre optic cables where =
they come ashore. This appears to have been done with the secret =
co-operation =
(http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101)
Which made me immediately realize it would be far simpler to strong arm =
the cable operators to split off all channels before connecting them to =
the customer. If done early enough they could all be split off as 10G =
channels, even if they are later muxed down to lower speeds reducing the =
number of handoffs to the spy apparatus.
Very few ISP's ever go to the landing stations, typically the cable =
operators provide cross connects to a small number of backhaul =
providers. That makes a much smaller number of people who might ever =
notice the splitters and taps, and makes it totally transparent to the =
ISP. But the big question is, does this happen? I'm sure some people =
on this list have been to cable landing stations and looked around. I'm =
not sure if any of them will comment.
If it does, it answers Phil's question. An ISP encrypting such a link =
end to end foils the spy apparatus for their customers, protecting their =
privacy. The US for example has laws that provide greater authority to =
tap "foreign" communications than domestic, so even though the domestic =
links may not be encrypted that may still pose a decent roadblock to =
siphoning off traffic.
Who's going to be the first ISP that advertises they encrypt their links =
that leave the country? :)=20
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Apple-Mail=_CED4AFE0-65DF-41C6-A3A5-D8DBB26F6037
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iQIVAwUBUcmX57N3O8aJIdTMAQKSyxAAkXENmXnq7tB2LzMKmamd8dO/LTsMxtqm
8wZnREHh/7UjIb9y32sUZpzG2qn+TWEuahVIiISzsr7tyJoZ2b2+/T73Rcv1zqW5
YwowaEpWbHhdWT+Bl9kz2C9h2T0v1WYhx5Sf4Ivs1A/HKR79DqZ1slnZnBGPSxZ0
PicmJaBDaOsGALns2zDTQvJBZY3G81xYbHXREes8gdlw8Krirf0cTVltJ8cKsGqs
62wFOB/ZcgJPdHW6OyROoYUyWda73z3CqQQphj47KUz975XdMLIQEzmL1xtCMz07
c9nvivbRpJ1MCtIQoZg/nGExY5BSMpZnwh62NAU+BdhdC3VMGjA3XeE/D8HGKgOi
DlBvZv8wKoe4bZ3OKDsnFZtCcfl5qVm+TMHUVUMttx2XezppF5lcH1kno4zTH5Uq
hSicKFdOQcBSRxN3NqIAID59gFFwwEYGdvN+22YPosou5ccuQgDU6M3Aeh2dkPtx
ma4HSlXUtE/dwiVZLaIvyLRqsihYgaVF6hWJAQHdsUckh6f6Y4NnPLcPVXvkcl2y
gcxQOYwTYoZ0kU/V+j1TbXVmocEb9/7OtYj4itFlaAVXRxqbQAvICd0+u1ComZfT
qAjepJ4vb++jU/gLreyLKzYM9xydK+Orj389MFLGEuh++/QiGIQTesSYZPsXqK5g
n9ze4OIPHH4=
=cu66
-----END PGP SIGNATURE-----
--Apple-Mail=_CED4AFE0-65DF-41C6-A3A5-D8DBB26F6037--
