> "Yahoo does not provide the government with > direct access to its servers, systems, or network."
Ah, so you admit that you provide "indirect" access by interposing a firewall and router between your datacenter network and the transport link to the NSA. That is just normal sound security practice when permitting third-party network connections. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org > -----Original Message----- > From: Matthew Petach [mailto:mpet...@netflight.com] > Sent: Friday, 07 June, 2013 10:33 > Cc: NANOG > Subject: Re: PRISM: NSA/FBI Internet data mining project > > On Thu, Jun 6, 2013 at 5:04 PM, Matthew Petach > <mpet...@netflight.com>wrote: > > > > > > > On Thu, Jun 6, 2013 at 4:35 PM, Jay Ashworth <j...@baylink.com> wrote: > > > >> Has fingers directly in servers of top Internet content companies, > >> dates to 2007. Happily, none of the companies listed are transport > >> networks: > >> > >> > >> http://www.washingtonpost.com/investigations/us-intelligence-mining- > data-from-nine-us-internet-companies-in-broad-secret- > program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html > >> > >> Cheers, > >> -- jra > >> -- > >> Jay R. Ashworth Baylink > >> j...@baylink.com > >> Designer The Things I Think > RFC > >> 2100 > >> Ashworth & Associates http://baylink.pitas.com 2000 Land > >> Rover DII > >> St Petersburg FL USA #natog +1 727 > >> 647 1274 > >> > >> > > > > I've always just assumed that if it's in electronic form, > > someone else is either reading it now, has already read > > it, or will read it as soon as I walk away from the screen. > > > > Much less stress in life that way. ^_^ > > > > Matt > > > > > > When I posted this yesterday, I was speaking somewhat > tongue-in-cheek, because we hadn't yet made a formal > statement to the press. Now that we've made our official > reply, I can echo it, and note that whatever fluffed up > powerpoint was passed around to the washington post, > it does not reflect reality. There are no optical taps in > our datacenters funneling information out, there are no > sooper-seekret backdoors in the software that funnel > information to the government. As our formal reply > stated: "Yahoo does not provide the government with > direct access to its servers, systems, or network." > I believe the other major players supposedly listed > in the document have released similar statements, > all indicating a similar lack of super-cheap government > listening capabilities. > > Speaking just for myself, and if you quote me on this > as speaking on anyone else's behalf, you're a complete > fool, if the government was able to build infrastructure > that could listen to all the traffic from a major provider > for a fraction of what it costs them to handle that traffic > in the first place, I'd be truly amazed--and I'd probably > wonder why the company didn't outsource their infrastruture > to the government, if they can build and run it so much > more cheaply than the commercial providers. ;P > 7 companies were listed; if we assume the > burden was split roughly evenly between them, that's > 20M/7, about $2.85M per company per year to tap in, > or about $238,000/month per company listed, to > supposedly snoop on hundreds of gigs per second > of data. Two ways to handle it: tap in, and funnel > copies of all traffic back to distant monitoring posts, > or have local servers digesting and filtering, just > extracting the few nuggets they want, and sending > just those back. > > Let's take the first case; doing optical taps, or other > form of direct traffic mirroring, carrying it untouched > offsite to process; that's going to mean the ability to > siphon off hundreds of Gbps per datacenter and carry > it offsite for $238k/month; let's figure a major player > has data split across at least 3 datacenters, so about > $75K/month per datacenter to carry say 300Gbps of > traffic. It's pretty clearly going to have to be DWDM > on dark fiber at that traffic volume; most recent > quotes I've seen for dark fiber put it at $325/mile > for already-laid-in-ground (new builds are considerably > more, of course). If we figure the three datacenters > are split around just the US, on average you're going > to need to run about 1500 miles to reach their central > listening post; that's $49K/month just to carry the > bitstream, which leaves you just about $25K/month > to run the servers to digest that data; at 5c/kwhr, a > typical server pulling 300 watts is gonna cost you $11/month > to run; let's assume each server can process 2Gbps of > traffic, constantly; 150 servers for the stream of 300Gbps > means we're down to $22K for the rest of our support > costs; figure two sysadmins getting paid $10k/month > to run the servers (120k annual salary), and you've got > just $2k for G&A overhead. > > That's a heck of an efficient operation they'd have to be > running to listen in on all the traffic for the supposed > budget number claimed. > > I'm late for work; I'll follow up with a runthrough of the > other model, doing on-site digestion and processing > later, but I think you can see the point--it's not realistic > to think they can handle the volumes of data being > claimed at the price numbers listed. If they could, > the major providers would already be doing it for > much cheaper than they are today. I mean, the > Utah datacenter they're building is costing them > $2B to build; does anyone really think if they're > overpaying that much for datacenter space, they > could really snoop on provider traffic for only > $238K/month? > > More later--and remember, this is purely my own > rampant speculation, I'm not speaking for anyone, > on behalf of anyone, or even remotely authorized > or acknowledged by any entity on this rambling, > so please don't go quoting this anywhere else, > it'll make you look foolish, and probably get me > in trouble anyhow. :( > > Matt
