Search Mailing List Archives
[liberationtech] Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
eugen at leitl.org
Tue Jun 25 06:26:57 PDT 2013
----- Forwarded message from Leo Bicknell <bicknell at ufp.org> -----
Date: Tue, 25 Jun 2013 08:15:14 -0500
From: Leo Bicknell <bicknell at ufp.org>
To: Phil Fagan <philfagan at gmail.com>
Cc: NANOG <nanog at nanog.org>
Subject: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
X-Mailer: Apple Mail (2.1508)
On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan at gmail.com> wrote:
> Are these private links or customer links? Why encrypt at that layer? I'm
> looking for the niche usecase.
I was reading an article about the UK tapping undersea cables (http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa) and thought back to my time at AboveNet and dealing with undersea cables. My initial reaction was doubt, there are thousands of users on the cables, ISP's and non-ISP's, and working with all of them to split off the data would be insanely complicated. Then I read some more articles that included quotes like:
Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation (http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101)
Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer. If done early enough they could all be split off as 10G channels, even if they are later muxed down to lower speeds reducing the number of handoffs to the spy apparatus.
Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers. That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP. But the big question is, does this happen? I'm sure some people on this list have been to cable landing stations and looked around. I'm not sure if any of them will comment.
If it does, it answers Phil's question. An ISP encrypting such a link end to end foils the spy apparatus for their customers, protecting their privacy. The US for example has laws that provide greater authority to tap "foreign" communications than domestic, so even though the domestic links may not be encrypted that may still pose a decent roadblock to siphoning off traffic.
Who's going to be the first ISP that advertises they encrypt their links that leave the country? :)
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the liberationtech