----- Forwarded message from liberationtech@lewman.us -----
The last paragraph in the post is the most important, but it invalidates
the rest of the post. Core routers are a terrible intercept point because
of load and the sheer amount of packets they process and they are also MUCH
more likely to be running up to date firmware than a router in an edge
network where the main technical person is primarily a Windows/Exchange
admin. The problem with recording "everything" is that its not feasible
and the idea that all/most/many core routers are merrily sending a copy of
all packets to some external storage facility is demonstrably false. If
you want to record flows that's a bit more technically (and legally in the
US since its meta-data) feasible, but again netflow traffic from
all/most/many core routers is extremely hard to hide on a 24/7 basis and
again is demonstrably false.
Its far easier (technically and legally) for the NSA to have a directory of
devices they can tap on demand without the knowledge of the owners either
through unpatched security flaws, cooperation from the carrier, or
intentionally built back doors. Its also more feasibly for them (and we
have good evidence this has happened) to directly mirror the layer 2
traffic on some of the largest backbone networks. This of course allows
them to passively listen without impacting the core router, but that
approach is quite difficult to leverage when you're trying to target a
specific person or organization since the volume of unimportant information
so greatly exceeds the targeted information.
Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000