Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Security over SONET/SDH

Eugen Leitl eugen at
Wed Jun 26 01:17:01 PDT 2013

----- Forwarded message from Leo Bicknell <bicknell at> -----

Date: Tue, 25 Jun 2013 19:56:24 -0500
From: Leo Bicknell <bicknell at>
To: sam at
Cc: nanog at
Subject: Re: Security over SONET/SDH
X-Mailer: Apple Mail (2.1508)

On Jun 25, 2013, at 6:34 PM, sam at wrote:

> I believe that if you encrypted your links sufficiently that it was
> impossible to siphon the wanted data from your upstream the response would
> be for the tapping to move down into your data center before the crypto.
> With CALEA requirements and the Patriot Act they could easily compel you
> to give them a span port prior to the crypto.

The value here isn't preventing <insert federal agency> from getting the data, as you point out there are multiple tools at their disposal, and they will likely compel data at some other point in the stack.  The value here is increasing the visibility of the tapping, making more people aware of how much is going on.  Forcing the tapping out of the shadows and into the light.

For instance if my theory that some cables are being tapped at the landing station is correct, there are likely ISP's on this list right now that have transatlantic links /and do not know that they are being tapped/.  If the links were encrypted and they had to serve the ISP directly to get the unencrypted data or make them stop encrypting, that ISP would know their data was being tapped.

It also has the potential to shift the legal proceedings to other courts.  The FISA court can approve tapping a foreign cable as it enters the country in near perfect, unchallengeable secrecy.  If encryption moved that to be a regular federal warrant under CALEA there would be a few more avenues for challenging the order legally.

People can't challenge what they don't know about.

       Leo Bicknell - bicknell at - CCIE 3440
        PGP keys at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list