Security over SONET/SDH

sam at wwcandt.com sam at wwcandt.com
Wed Jun 26 08:19:42 UTC 2013


Well put, and point taken :-).
Sam
>
> On Jun 25, 2013, at 6:34 PM, sam at wwcandt.com wrote:
>
>> I believe that if you encrypted your links sufficiently that it was
>> impossible to siphon the wanted data from your upstream the response
>> would
>> be for the tapping to move down into your data center before the crypto.
>>
>> With CALEA requirements and the Patriot Act they could easily compel you
>> to give them a span port prior to the crypto.
>
> The value here isn't preventing <insert federal agency> from getting the
> data, as you point out there are multiple tools at their disposal, and
> they will likely compel data at some other point in the stack.  The value
> here is increasing the visibility of the tapping, making more people aware
> of how much is going on.  Forcing the tapping out of the shadows and into
> the light.
>
> For instance if my theory that some cables are being tapped at the landing
> station is correct, there are likely ISP's on this list right now that
> have transatlantic links /and do not know that they are being tapped/.  If
> the links were encrypted and they had to serve the ISP directly to get the
> unencrypted data or make them stop encrypting, that ISP would know their
> data was being tapped.
>
> It also has the potential to shift the legal proceedings to other courts.
> The FISA court can approve tapping a foreign cable as it enters the
> country in near perfect, unchallengeable secrecy.  If encryption moved
> that to be a regular federal warrant under CALEA there would be a few more
> avenues for challenging the order legally.
>
> People can't challenge what they don't know about.
>
> --
>        Leo Bicknell - bicknell at ufp.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/
>
>
>
>
>
>





More information about the NANOG mailing list