Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty
A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal. "Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty." http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-interne... Cheers, - ferg -- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID --> "Connect and Collaborate" --> www.internetidentity.com
Not just a Canadian issue but one we should look at in the US as well. Deploying more IXs and routing our traffic direct instead of through the "big guys" can secure our own communications from our own government until we change who we have in office. Aaron On 9/7/2013 4:08 PM, Paul Ferguson wrote:
A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal.
"Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty."
http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-interne...
Cheers,
- ferg
You have to change way more than that. BTW the one in office didn't start this. -Jorge On Sep 7, 2013, at 4:17 PM, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
Not just a Canadian issue but one we should look at in the US as well. Deploying more IXs and routing our traffic direct instead of through the "big guys" can secure our own communications from our own government until we change who we have in office.
Aaron
Paul, I agree this is a problem, but its been a problem since at least 1994 ( my first exposure ) and I suspect longer, the issue is east we capacity in Canada is very $$, pushing traffic from Toronto east to points south to get it to Vancouver is much more cost effective. -jim On Sat, Sep 7, 2013 at 6:08 PM, Paul Ferguson <fergdawgster@mykolab.com>wrote:
A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal.
"Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty."
http://lawprofessors.typepad.**com/media_law_prof_blog/2013/** 09/routing-internet-**transmission-across-the-**canada-us-border-and-us-** surveillance-activities.html<http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html>
Cheers,
- ferg
-- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID --> "Connect and Collaborate" --> www.internetidentity.com
It's a good point to consider however that omits the probabilty that Canada is doing exactly the same thing as the U.S. and thus this may free you from certain legalities but does not actually ensure privacy. The other fact of this is that we are well aware that the NSA's database is being accessed freely by (at the very least) England and Australia (I think that's who I read) I believe with reciprical agreements and I'd be shocked if Canada isn't in there too. What are the ramifications of that? Do we even know? Points to ponder... -Wayne On Sat, Sep 07, 2013 at 02:08:31PM -0700, Paul Ferguson wrote:
A Canadian ISP colleague of mine suggested that the NANOG constituency might be interested in this, given some recent 'revelations', so I forward it here for you perusal.
"Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ?boomerang routing? whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. Canadian originated transmissions that travel to a Canadian destination via a U.S. switching centre or carrier are subject to U.S. law - including the USA Patriot Act and FISAA. As a result, these transmissions expose Canadians to potential U.S. surveillance activities ? a violation of Canadian network sovereignty."
http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-interne...
Cheers,
- ferg
-- Paul Ferguson Vice President, Threat Intelligence Internet Identity, Tacoma, Washington USA IID --> "Connect and Collaborate" --> www.internetidentity.com
--- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/
On 7 September 2013 17:08, Paul Ferguson <fergdawgster@mykolab.com> wrote:
"Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States.
I sincerely hope that nobody in Canada is surprised by this, since it was already an issue in 1994 (when I was at CA*net). -- Harald
On 9/7/2013 5:33 PM, Harald Koch wrote:
On 7 September 2013 17:08, Paul Ferguson <fergdawgster@mykolab.com> wrote:
"Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States.
I sincerely hope that nobody in Canada is surprised by this, since it was already an issue in 1994 (when I was at CA*net).
Much farther back than that. In 1985 I was working in Toronto and did a proposal for a national X.25 network. The pragmatics for reliability were simple at a national scale: Essentially all Canadian telecom links went through a few common sites across the country; if you wanted redundancy you had to have a second, independent path through the US. Given that most Canadian population occupies a relatively thin band (close to the US border), this topological fragility was/is largely inherent. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
On Sep 8, 2013, at 4:08 AM, Paul Ferguson wrote:
As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty."
Yes, far better to keep those communications within Canada - where CSEC can hand them over to GCHQ, who'll then hand them over to NSA . . . ;> There are no technical solutions to purely social ills. This set of issues has nothing to do with technology, and everything to do with civil society. Any meaningful change in the status quo will not originate the technological realm, but rather in the political sphere. Quite frankly, all this chatter about technical 'calls to arms' and whatnot is pointless and distracting (thereby calling into question the motivations behind continued agitation for technical remedies, which clearly won't have any effect whatsoever). ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Sep 8, 2013, at 8:09 AM, Dobbins, Roland wrote:
There are no technical solutions to purely social ills.
That should read, 'There are no purely technical solutions to social ills.' ;> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On 7 September 2013 18:09, Dobbins, Roland <rdobbins@arbor.net> wrote:
On Sep 8, 2013, at 4:08 AM, Paul Ferguson wrote:
As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty."
Yes, far better to keep those communications within Canada - where CSEC can hand them over to GCHQ, who'll then hand them over to NSA . . .
But I don't think every secret service have installed his own backdoors in all popular software and protocols. And the NSA can't share these backdoors/weakness with all his "friends", because if you tell a secret to everyone, it stop being a secret. The existence and nature of these backdoors will be revealed, and the affected software will fix them. So probably the NSA works like Wall-Mart Secrets. And they sell secrets, 100.000$ for a list of human rights activist, 2 millions for the emails of the leaders of the opposition. -- -- ℱin del ℳensaje.
Quite frankly, all this chatter about technical 'calls to arms' and whatnot is pointless and distracting (thereby calling into question the motivations behind continued agitation for technical remedies, which clearly won't have any effect whatsoever).
cool. then i presume you will continue to run using rc4 and rsa 1024. smart folk over there at arbor. randy
On Sep 8, 2013, at 2:58 PM, Randy Bush wrote:
cool. then i presume you will continue to run using rc4 and rsa 1024.
The point is that no matter what crypto algorithms are developed and implemented, it's generally trivial for authorized (for whatever value of 'authorized' applies in a given situation) entities to obviate them by simply compromising the endpoints under color of law, if nothing else. If folks are unhappy with the current state of affairs, they ought to concentrate on writing laws, not code. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
On Sun, Sep 08, 2013 at 04:58:52PM +0900, Randy Bush wrote:
Quite frankly, all this chatter about technical 'calls to arms' and whatnot is pointless and distracting (thereby calling into question the motivations behind continued agitation for technical remedies, which clearly won't have any effect whatsoever).
cool. then i presume you will continue to run using rc4 and rsa 1024. smart folk over there at arbor.
randy
nothing better than clear text. pesky crypto just slows things down. /bill`
On 9/8/13 12:58 AM, Randy Bush wrote:
Quite frankly, all this chatter about technical 'calls to arms' and whatnot is pointless and distracting (thereby calling into question the motivations behind continued agitation for technical remedies, which clearly won't have any effect whatsoever). cool. then i presume you will continue to run using rc4 and rsa 1024. smart folk over there at arbor.
Even if you believe that it's pretty futile to try to protect yourself against ~$50b, there's a long tail of others to worry about. Mike
participants (13)
-
<<"tei''>>>
-
Aaron Wendel
-
bmanning@vacation.karoshi.com
-
Dave Crocker
-
Dobbins, Roland
-
Harald Koch
-
jim deleskie
-
Jim Popovitch
-
Jorge Amodio
-
Michael Thomas
-
Paul Ferguson
-
Randy Bush
-
Wayne E Bouchard