← Back to context

Comment by xyfer

12 years ago

Everyone in Silicon Valley is talking about this and the media has painted a picture of criminal undertaking by the NSA. A lot of this is just speculation that has been blown out of proportion. The only way the NSA could compromise private data centers without placing moles in their respective ops teams, is to sniff the traffic on the private DC to DC lines leased by the companies. Assuming they did this by overpowering the ISPs, they are still left with a ton of TCP/UDP packets which they need to reconstruct, decipher and schematize. Although DC to DC traffic is typically not encrypted, it is often compressed or transmitted as binary streams. There is absolutely no way they NSA would be able to make sense of the data without reverse engineering the innumerable communication protocols used and then using that protocol to decipher the packets. It is a lot more feasible to force a company to hand over data on specific users than it is to piece together user data using this packet sniffing technique. If the NSA really is wiretapping DC-DC communication, it's not because they are trying to build profiles on individuals. It's likely that they are using this raw data for keyword lookups. And, although I question its effectiveness, that is a level of surveillance I'm comfortable with.

1 comment

xyfer

Reply
Renaud  12 years ago

I think you over-estimate the complexity of the data being exchanged between data centres and underestimate the capabilities of these well-funded agencies that can afford top-notch PhDs, developers, engineers, mathematicians.

The article seems clear on the fact that they are able to reconstruct the data streams. It's not difficult to assume that most of the data-exchange protocols used are pretty standard or at least pretty stable, for instance Google use protobuf[1] for efficient binary exchanges, it's open source and well documented.

Data is meant to be moved efficiently between data-centres and these companies had no reason to add any obfuscation (if that was the case, they would have already used encryption). There is no reason to assume that adversaries with deep pockets would not have the technology or know-how to reverse engineer these unprotected data communication flows.

[1]:https://code.google.com/p/protobuf/