On 2013-11-19, at 13:50, Rob McDonald
The interception doesnt need to br covert. Un-encrypted streams could be supplied following receipt of thr appropriate court order. Which I believe is what was lacking in the case of the nsa scandal.
With a small concentration of layer-2 (and lower) transport providers, you can also challenge the ease at which court-ordered taps are deployable by adjusting your expectations about how data could be intercepted. For example, I think it's commonplace to assume that traffic carried between private networks over the public Internet deserves some protection; this is why people suffer the cost and inconvenience of VPNs. I think it's less common for people to assume that transport services below layer 3 are as vulnerable, which is quite arguably a mistake. A single court order delivered to a metro ethernet provider could facilitate interception of traffic between many different networks if they all happen to use the same layer-2 transport. Treat those metro ethernet services as hostile and encrypt the traffic across them, and the same interception capability might involve many more court orders and considerably more infrastructure in order to tap the points on the path where the traffic runs in the clear. Joe