NSA tapping undersea fibers?

Lenny Foner foner at media.mit.edu
Mon Jun 4 00:38:52 EDT 2001 

    Date: Sat, 02 Jun 2001 01:21:32 -0400
    From: John Denker <jsd at research.att.com>

    OTOH, as I pointed out before, there are certain places where real zebras 
    can be found.  Africa is an example.  Why do you think AfricaONE has a 
    backbone that circles the continent offshore, plus separate drops for each 
    country, when it would have been vastly cheaper to go by 
    land?  Answer:  everybody thought that an offshore cable would be less 
    likely to be tapped by hostile powers.  (Each country can of course tap its 
    own drop, along the lines discussed above, but it can't so easily tap other 
    folks' signals on the backbone.)

My understanding of this, which could very well be wrong, was not
concern about tapping, but concern over damage.  It was deemed
unacceptable to have any one country possibly hold the entire cable
hostage to some demand, by threatening to cut it unless appeased.

Similarly, even the risk of accidental damage for an overland route
seems high, and again it risks everybody's cables just because one
country doesn't have the equivalent of Dig Safe, or happens to have a
problem with landmines and wars.

(Is there technology in existence that can usefully encrypt the entire
contents of such cables' data stream, end-to-end?  I would imagine
that it wouldn't be -that- hard to make a hardware-based 3DES
implementation that simply encrypts everything.  This means that any
tap must also contend with compromising keys, and we certainly
understand what's involved in keeping keys safe, and how intelligence
agencies can try to obtain them.  If such hardware isn't unreasonably
expensive, why -wouldn't- any given cable company use it?  It seems to
avoid a whole class of threat models---such as discouraging random
entities from destroying the cable due to a bungled tap, by making it
clear to them that they're going to have to keep stealing a constantly-
rotated bunch of keys as well in order to make the tap effective...)



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list