Well put Leo; defense-in-depth. On Jun 25, 2013 6:57 PM, "Leo Bicknell" <bickn...@ufp.org> wrote:
> > On Jun 25, 2013, at 6:34 PM, s...@wwcandt.com wrote: > > > I believe that if you encrypted your links sufficiently that it was > > impossible to siphon the wanted data from your upstream the response > would > > be for the tapping to move down into your data center before the crypto. > > > > With CALEA requirements and the Patriot Act they could easily compel you > > to give them a span port prior to the crypto. > > The value here isn't preventing <insert federal agency> from getting the > data, as you point out there are multiple tools at their disposal, and they > will likely compel data at some other point in the stack. The value here > is increasing the visibility of the tapping, making more people aware of > how much is going on. Forcing the tapping out of the shadows and into the > light. > > For instance if my theory that some cables are being tapped at the landing > station is correct, there are likely ISP's on this list right now that have > transatlantic links /and do not know that they are being tapped/. If the > links were encrypted and they had to serve the ISP directly to get the > unencrypted data or make them stop encrypting, that ISP would know their > data was being tapped. > > It also has the potential to shift the legal proceedings to other courts. > The FISA court can approve tapping a foreign cable as it enters the > country in near perfect, unchallengeable secrecy. If encryption moved that > to be a regular federal warrant under CALEA there would be a few more > avenues for challenging the order legally. > > People can't challenge what they don't know about. > > -- > Leo Bicknell - bickn...@ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > > > > > >
