Re: Security over SONET/SDH

[sam () wwcandt com]

Well put, and point taken :-).
Sam
> On Jun 25, 2013, at 6:34 PM, sam () wwcandt com wrote:
>
> > I believe that if you encrypted your links sufficiently that it was
> > impossible to siphon the wanted data from your upstream the response
> > would
> > be for the tapping to move down into your data center before the crypto.
> >
> > With CALEA requirements and the Patriot Act they could easily compel you
> > to give them a span port prior to the crypto.
>
> The value here isn't preventing <insert federal agency> from getting the
> data, as you point out there are multiple tools at their disposal, and
> they will likely compel data at some other point in the stack.  The value
> here is increasing the visibility of the tapping, making more people aware
> of how much is going on.  Forcing the tapping out of the shadows and into
> the light.
>
> For instance if my theory that some cables are being tapped at the landing
> station is correct, there are likely ISP's on this list right now that
> have transatlantic links /and do not know that they are being tapped/.  If
> the links were encrypted and they had to serve the ISP directly to get the
> unencrypted data or make them stop encrypting, that ISP would know their
> data was being tapped.
>
> It also has the potential to shift the legal proceedings to other courts.
> The FISA court can approve tapping a foreign cable as it enters the
> country in near perfect, unchallengeable secrecy.  If encryption moved
> that to be a regular federal warrant under CALEA there would be a few more
> avenues for challenging the order legally.
>
> People can't challenge what they don't know about.
>
> --
>        Leo Bicknell - bicknell () ufp org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/