[164112] in North American Network Operators' Group
Re: Security over SONET/SDH
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Jun 25 20:56:39 2013
From: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: <54596.71.62.150.38.1372203257.squirrel@www.systemetrixs.com>
Date: Tue, 25 Jun 2013 19:56:24 -0500
To: sam@wwcandt.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_B7509F3A-02A5-4607-AE7F-1BDC8965B366
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=iso-8859-1
On Jun 25, 2013, at 6:34 PM, sam@wwcandt.com wrote:
> I believe that if you encrypted your links sufficiently that it was
> impossible to siphon the wanted data from your upstream the response =
would
> be for the tapping to move down into your data center before the =
crypto.
>=20
> With CALEA requirements and the Patriot Act they could easily compel =
you
> to give them a span port prior to the crypto.
The value here isn't preventing <insert federal agency> from getting the =
data, as you point out there are multiple tools at their disposal, and =
they will likely compel data at some other point in the stack. The =
value here is increasing the visibility of the tapping, making more =
people aware of how much is going on. Forcing the tapping out of the =
shadows and into the light.
For instance if my theory that some cables are being tapped at the =
landing station is correct, there are likely ISP's on this list right =
now that have transatlantic links /and do not know that they are being =
tapped/. If the links were encrypted and they had to serve the ISP =
directly to get the unencrypted data or make them stop encrypting, that =
ISP would know their data was being tapped.
It also has the potential to shift the legal proceedings to other =
courts. The FISA court can approve tapping a foreign cable as it enters =
the country in near perfect, unchallengeable secrecy. If encryption =
moved that to be a regular federal warrant under CALEA there would be a =
few more avenues for challenging the order legally.
People can't challenge what they don't know about.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--Apple-Mail=_B7509F3A-02A5-4607-AE7F-1BDC8965B366
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
iQIVAwUBUco8O7N3O8aJIdTMAQIYzBAAg7vo3uo2GX2O0YZGbhhS1OMoRBEWVkZb
Etc0Oz5nQ11c3R1d1Tp0SjqkCy/8sVV8oaZdEaSC4StoaY+bFMiaM0bPPUCjaSty
78U17NulE7HXXhCVQYYZNUELFfIMx6y4BDWPLb+VIJDVVfT3HrUWXJXsDBSnBdDz
mNSI34nfZheZOLSZbdltO3yhR9rI+Fjb0xo5Fv43Zkw6BbiBjA1wtE3RLiQgZ8RH
gbsybATKmWyGxD9asgt+eCOidq0ZYxYI0b+EDk5pt1iaSgEY5GMSxE0Fb6jzUGkC
z4hgmQmsylpIyRMImJdPoBD+AWscXiHniRgDGe51eK8yuwcfv3nsLb2aabHAcGoD
Yu8nj6YmD1v7yj2LLgiCNlvH4tE85hSEWMELB7/rJzV8+DvXL30YAvrtjTXCOtNr
4sBT6tYY5FH9RKIuh/4YkxtZ4xACYk7R68sjdjLCOe/RGumk7btQ3bKhcM+B2eF1
vpR1Iv3xZBKQM/9CT+HhfBmQvlusWURwLBID0S1Sw4+PWgHXcyGV/16PqhpGVaqQ
jCo+db8qiU9nxCHbv17yGQvBgCBWLT5VKAQCJXdfN8FE0fKh+y/Ub57qQ8cYNoeS
qhMokGE+kgU2LUhaJP+MVntkBhN32z1tFJm8Y3Z8p16PDYBgPRchcIoNRtkWfxMZ
C+ZQqCndeRA=
=mAv2
-----END PGP SIGNATURE-----
--Apple-Mail=_B7509F3A-02A5-4607-AE7F-1BDC8965B366--
