PRISM: NSA/FBI Internet data mining project
Nick B
nick at pelagiris.org
Sat Jun 8 00:59:37 UTC 2013
I'd love to, but American Idle is on in 5 minutes. Maybe next time?
Nick
On Fri, Jun 7, 2013 at 8:57 PM, Ishmael Rufus <sakamura at gmail.com> wrote:
> So when are we rioting?
>
>
> On Fri, Jun 7, 2013 at 7:14 PM, Nick Khamis <symack at gmail.com> wrote:
>
> > Tax payer money...... :)
> >
> > On 6/7/13, Mark Seiden <mis at seiden.com> wrote:
> > > what a piece of crap this article is.
> > >
> > > the guy doesn't understand what sniffing can and can't do. obviously
> he
> > > doesn't understand peering or routing, and he doesn't understand what
> > cdns
> > > are for.
> > >
> > > he doesn't understand the EU safe harbor, saying it applies to govt
> > > entitites, when it's purely about companies hosting data of EU
> citizens.
> > >
> > > he quotes a source who suggests that the intel community might have
> > > privileged search access to facebook, which i don't believe.
> > >
> > > he even says "company-owned equipment" might refer to the NSA, which i
> > > thought everybody calls the "agency" so to not confuse with the CIA.
> > >
> > > and he suggests that these companies might have given up their "master
> > > decryption keys" (as he terms them) so that USG could decrypt SSL.
> > >
> > > and the $20M cost per year, which would only pay for something the size
> > of a
> > > portal or a web site, well, that's mysterious.
> > >
> > > sheesh.
> > >
> > > this is not journalism.
> > >
> > >
> > > On Jun 7, 2013, at 3:54 PM, Paul Ferguson <fergdawgster at gmail.com>
> > wrote:
> > >
> > >> Also of interest:
> > >>
> > >>
> >
> http://www.guardian.co.uk/world/2013/jun/07/nsa-prism-records-surveillance-questions
> > >>
> > >> - ferg
> > >>
> > >>
> > >> On Fri, Jun 7, 2013 at 3:49 PM, Michael Hallgren <m.hallgren at free.fr>
> > >> wrote:
> > >>
> > >>> Le 07/06/2013 19:10, Warren Bailey a écrit :
> > >>>> Five days ago anyone who would have talked about the government
> having
> > >>>> this capability would have been issued another tin foil hat. We
> think
> > we
> > >>>> know the truth now, but why hasn't echelon been brought up? I'm not
> > >>>> calling anyone a liar, but isn't not speaking the truth the same
> > thing?
> > >>>
> > >>>
> > >>> ;-)
> > >>>
> > >>> mh
> > >>>
> > >>>>
> > >>>>
> > >>>> Sent from my Mobile Device.
> > >>>>
> > >>>>
> > >>>> -------- Original message --------
> > >>>> From: Matthew Petach <mpetach at netflight.com>
> > >>>> Date: 06/07/2013 9:34 AM (GMT-08:00)
> > >>>> To:
> > >>>> Cc: NANOG <nanog at nanog.org>
> > >>>> Subject: Re: PRISM: NSA/FBI Internet data mining project
> > >>>>
> > >>>>
> > >>>> On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach
> > >>>> <mpetach at netflight.com>wrote:
> > >>>>
> > >>>>>
> > >>>>> On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth <jra at baylink.com>
> > wrote:
> > >>>>>
> > >>>>>> Has fingers directly in servers of top Internet content companies,
> > >>>>>> dates to 2007. Happily, none of the companies listed are
> transport
> > >>>>>> networks:
> > >>>>>>
> > >>>>>>
> > >>>>>>
> >
> http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
> > >>>>>>
> > >>>>>> Cheers,
> > >>>>>> -- jra
> > >>>>>> --
> > >>>>>> Jay R. Ashworth Baylink
> > >>>>>> jra at baylink.com
> > >>>>>> Designer The Things I Think
> > >>>>>> RFC
> > >>>>>> 2100
> > >>>>>> Ashworth & Associates http://baylink.pitas.com 2000
> > Land
> > >>>>>> Rover DII
> > >>>>>> St Petersburg FL USA #natog +1
> > 727
> > >>>>>> 647 1274
> > >>>>>>
> > >>>>>>
> > >>>>> I've always just assumed that if it's in electronic form,
> > >>>>> someone else is either reading it now, has already read
> > >>>>> it, or will read it as soon as I walk away from the screen.
> > >>>>>
> > >>>>> Much less stress in life that way. ^_^
> > >>>>>
> > >>>>> Matt
> > >>>>>
> > >>>>>
> > >>>> When I posted this yesterday, I was speaking somewhat
> > >>>> tongue-in-cheek, because we hadn't yet made a formal
> > >>>> statement to the press. Now that we've made our official
> > >>>> reply, I can echo it, and note that whatever fluffed up
> > >>>> powerpoint was passed around to the washington post,
> > >>>> it does not reflect reality. There are no optical taps in
> > >>>> our datacenters funneling information out, there are no
> > >>>> sooper-seekret backdoors in the software that funnel
> > >>>> information to the government. As our formal reply
> > >>>> stated: "Yahoo does not provide the government with
> > >>>> direct access to its servers, systems, or network."
> > >>>> I believe the other major players supposedly listed
> > >>>> in the document have released similar statements,
> > >>>> all indicating a similar lack of super-cheap government
> > >>>> listening capabilities.
> > >>>>
> > >>>> Speaking just for myself, and if you quote me on this
> > >>>> as speaking on anyone else's behalf, you're a complete
> > >>>> fool, if the government was able to build infrastructure
> > >>>> that could listen to all the traffic from a major provider
> > >>>> for a fraction of what it costs them to handle that traffic
> > >>>> in the first place, I'd be truly amazed--and I'd probably
> > >>>> wonder why the company didn't outsource their infrastruture
> > >>>> to the government, if they can build and run it so much
> > >>>> more cheaply than the commercial providers. ;P
> > >>>> 7 companies were listed; if we assume the
> > >>>> burden was split roughly evenly between them, that's
> > >>>> 20M/7, about $2.85M per company per year to tap in,
> > >>>> or about $238,000/month per company listed, to
> > >>>> supposedly snoop on hundreds of gigs per second
> > >>>> of data. Two ways to handle it: tap in, and funnel
> > >>>> copies of all traffic back to distant monitoring posts,
> > >>>> or have local servers digesting and filtering, just
> > >>>> extracting the few nuggets they want, and sending
> > >>>> just those back.
> > >>>>
> > >>>> Let's take the first case; doing optical taps, or other
> > >>>> form of direct traffic mirroring, carrying it untouched
> > >>>> offsite to process; that's going to mean the ability to
> > >>>> siphon off hundreds of Gbps per datacenter and carry
> > >>>> it offsite for $238k/month; let's figure a major player
> > >>>> has data split across at least 3 datacenters, so about
> > >>>> $75K/month per datacenter to carry say 300Gbps of
> > >>>> traffic. It's pretty clearly going to have to be DWDM
> > >>>> on dark fiber at that traffic volume; most recent
> > >>>> quotes I've seen for dark fiber put it at $325/mile
> > >>>> for already-laid-in-ground (new builds are considerably
> > >>>> more, of course). If we figure the three datacenters
> > >>>> are split around just the US, on average you're going
> > >>>> to need to run about 1500 miles to reach their central
> > >>>> listening post; that's $49K/month just to carry the
> > >>>> bitstream, which leaves you just about $25K/month
> > >>>> to run the servers to digest that data; at 5c/kwhr, a
> > >>>> typical server pulling 300 watts is gonna cost you $11/month
> > >>>> to run; let's assume each server can process 2Gbps of
> > >>>> traffic, constantly; 150 servers for the stream of 300Gbps
> > >>>> means we're down to $22K for the rest of our support
> > >>>> costs; figure two sysadmins getting paid $10k/month
> > >>>> to run the servers (120k annual salary), and you've got
> > >>>> just $2k for G&A overhead.
> > >>>>
> > >>>> That's a heck of an efficient operation they'd have to be
> > >>>> running to listen in on all the traffic for the supposed
> > >>>> budget number claimed.
> > >>>>
> > >>>> I'm late for work; I'll follow up with a runthrough of the
> > >>>> other model, doing on-site digestion and processing
> > >>>> later, but I think you can see the point--it's not realistic
> > >>>> to think they can handle the volumes of data being
> > >>>> claimed at the price numbers listed. If they could,
> > >>>> the major providers would already be doing it for
> > >>>> much cheaper than they are today. I mean, the
> > >>>> Utah datacenter they're building is costing them
> > >>>> $2B to build; does anyone really think if they're
> > >>>> overpaying that much for datacenter space, they
> > >>>> could really snoop on provider traffic for only
> > >>>> $238K/month?
> > >>>>
> > >>>> More later--and remember, this is purely my own
> > >>>> rampant speculation, I'm not speaking for anyone,
> > >>>> on behalf of anyone, or even remotely authorized
> > >>>> or acknowledged by any entity on this rambling,
> > >>>> so please don't go quoting this anywhere else,
> > >>>> it'll make you look foolish, and probably get me
> > >>>> in trouble anyhow. :(
> > >>>>
> > >>>> Matt
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >> --
> > >> "Fergie", a.k.a. Paul Ferguson
> > >> fergdawgster(at)gmail.com
> > >>
> > >
> > >
> > >
> >
> >
>
More information about the NANOG
mailing list