Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Eugen Leitl eugen at
Tue Jun 25 06:26:57 PDT 2013

----- Forwarded message from Leo Bicknell <bicknell at> -----

Date: Tue, 25 Jun 2013 08:15:14 -0500
From: Leo Bicknell <bicknell at>
To: Phil Fagan <philfagan at>
Cc: NANOG <nanog at>
Subject: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
X-Mailer: Apple Mail (2.1508)

On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan at> wrote:

> Are these private links or customer links? Why encrypt at that layer? I'm
> looking for the niche usecase.

I was reading an article about the UK tapping undersea cables ( and thought back to my time at AboveNet and dealing with undersea cables.  My initial reaction was doubt, there are thousands of users on the cables, ISP's and non-ISP's, and working with all of them to split off the data would be insanely complicated.  Then I read some more articles that included quotes like:

  Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation (

Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer.  If done early enough they could all be split off as 10G channels, even if they are later muxed down to lower speeds reducing the number of handoffs to the spy apparatus.

Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers.  That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP.  But the big question is, does this happen?  I'm sure some people on this list have been to cable landing stations and looked around.  I'm not sure if any of them will comment.

If it does, it answers Phil's question.  An ISP encrypting such a link end to end foils the spy apparatus for their customers, protecting their privacy.  The US for example has laws that provide greater authority to tap "foreign" communications than domestic, so even though the domestic links may not be encrypted that may still pose a decent roadblock to siphoning off traffic.

Who's going to be the first ISP that advertises they encrypt their links that leave the country? :) 

       Leo Bicknell - bicknell at - CCIE 3440
        PGP keys at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list