Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]

Phil Fagan philfagan at gmail.com
Tue Jun 25 14:19:25 UTC 2013


Transnational seems like a good place to start. It seems like a tough space
to break into ( no PUN intended).



On Tue, Jun 25, 2013 at 7:15 AM, Leo Bicknell <bicknell at ufp.org> wrote:

>
> On Jun 25, 2013, at 7:38 AM, Phil Fagan <philfagan at gmail.com> wrote:
>
> > Are these private links or customer links? Why encrypt at that layer? I'm
> > looking for the niche usecase.
>
> I was reading an article about the UK tapping undersea cables (
> http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa)
> and thought back to my time at AboveNet and dealing with undersea cables.
>  My initial reaction was doubt, there are thousands of users on the cables,
> ISP's and non-ISP's, and working with all of them to split off the data
> would be insanely complicated.  Then I read some more articles that
> included quotes like:
>
>   Interceptors have been placed on around 200 fibre optic cables where
> they come ashore. This appears to have been done with the secret
> co-operation (
> http://www.wired.co.uk/news/archive/2013-06/24/gchq-tempora-101)
>
> Which made me immediately realize it would be far simpler to strong arm
> the cable operators to split off all channels before connecting them to the
> customer.  If done early enough they could all be split off as 10G
> channels, even if they are later muxed down to lower speeds reducing the
> number of handoffs to the spy apparatus.
>
> Very few ISP's ever go to the landing stations, typically the cable
> operators provide cross connects to a small number of backhaul providers.
>  That makes a much smaller number of people who might ever notice the
> splitters and taps, and makes it totally transparent to the ISP.  But the
> big question is, does this happen?  I'm sure some people on this list have
> been to cable landing stations and looked around.  I'm not sure if any of
> them will comment.
>
> If it does, it answers Phil's question.  An ISP encrypting such a link end
> to end foils the spy apparatus for their customers, protecting their
> privacy.  The US for example has laws that provide greater authority to tap
> "foreign" communications than domestic, so even though the domestic links
> may not be encrypted that may still pose a decent roadblock to siphoning
> off traffic.
>
> Who's going to be the first ISP that advertises they encrypt their links
> that leave the country? :)
>
> --
>        Leo Bicknell - bicknell at ufp.org - CCIE 3440
>         PGP keys at http://www.ufp.org/~bicknell/
>
>
>
>
>
>


-- 
Phil Fagan
Denver, CO
970-480-7618



More information about the NANOG mailing list