nanog mailing list archives
Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
From: Leo Bicknell <bicknell () ufp org>
Date: Tue, 25 Jun 2013 08:15:14 -0500
On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan () gmail com> wrote:
Are these private links or customer links? Why encrypt at that layer? I'm looking for the niche usecase.
I was reading an article about the UK tapping undersea cables (http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa) and thought back to my time at AboveNet and dealing with undersea cables. My initial reaction was doubt, there are thousands of users on the cables, ISP's and non-ISP's, and working with all of them to split off the data would be insanely complicated. Then I read some more articles that included quotes like: Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation (http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101) Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer. If done early enough they could all be split off as 10G channels, even if they are later muxed down to lower speeds reducing the number of handoffs to the spy apparatus. Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers. That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP. But the big question is, does this happen? I'm sure some people on this list have been to cable landing stations and looked around. I'm not sure if any of them will comment. If it does, it answers Phil's question. An ISP encrypting such a link end to end foils the spy apparatus for their customers, protecting their privacy. The US for example has laws that provide greater authority to tap "foreign" communications than domestic, so even though the domestic links may not be encrypted that may still pose a decent roadblock to siphoning off traffic. Who's going to be the first ISP that advertises they encrypt their links that leave the country? :) -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Security over SONET/SDH, (continued)
- Re: Security over SONET/SDH William Allen Simpson (Jun 23)
- Re: Security over SONET/SDH Christopher Morrow (Jun 23)
- Re: Security over SONET/SDH Christopher Morrow (Jun 23)
- Re: Security over SONET/SDH William Allen Simpson (Jun 23)
- Re: Security over SONET/SDH Valdis . Kletnieks (Jun 23)
- Re: Security over SONET/SDH Christopher Morrow (Jun 23)
- Re: Security over SONET/SDH William Allen Simpson (Jun 23)
- Re: Security over SONET/SDH joel jaeggli (Jun 24)
- Re: Security over SONET/SDH Phil Fagan (Jun 25)
- Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Leo Bicknell (Jun 25)
- Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Nick Khamis (Jun 25)
- Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Javier Henderson (Jun 25)
- Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Warren Bailey (Jun 25)
- Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH] Nick Khamis (Jun 25)
- Assistance for Eavesdropping Legally on Avian Carriers (AELAC) Sean Donelan (Jun 25)
- Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC) Lyndon Nerenberg (Jun 25)
- Message not available
- Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC) Lyndon Nerenberg (Jun 25)