Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

• Previous message (by thread): Security over SONET/SDH
• Next message (by thread): Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan at gmail.com> wrote:

> Are these private links or customer links? Why encrypt at that layer? I'm
> looking for the niche usecase.

I was reading an article about the UK tapping undersea cables (http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa) and thought back to my time at AboveNet and dealing with undersea cables.  My initial reaction was doubt, there are thousands of users on the cables, ISP's and non-ISP's, and working with all of them to split off the data would be insanely complicated.  Then I read some more articles that included quotes like:

  Interceptors have been placed on around 200 fibre optic cables where they come ashore. This appears to have been done with the secret co-operation (http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101)

Which made me immediately realize it would be far simpler to strong arm the cable operators to split off all channels before connecting them to the customer.  If done early enough they could all be split off as 10G channels, even if they are later muxed down to lower speeds reducing the number of handoffs to the spy apparatus.

Very few ISP's ever go to the landing stations, typically the cable operators provide cross connects to a small number of backhaul providers.  That makes a much smaller number of people who might ever notice the splitters and taps, and makes it totally transparent to the ISP.  But the big question is, does this happen?  I'm sure some people on this list have been to cable landing stations and looked around.  I'm not sure if any of them will comment.

If it does, it answers Phil's question.  An ISP encrypting such a link end to end foils the spy apparatus for their customers, protecting their privacy.  The US for example has laws that provide greater authority to tap "foreign" communications than domestic, so even though the domestic links may not be encrypted that may still pose a decent roadblock to siphoning off traffic.

Who's going to be the first ISP that advertises they encrypt their links that leave the country? :) 

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130625/f8a30f7f/attachment.sig>

• Previous message (by thread): Security over SONET/SDH
• Next message (by thread): Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]