sure, this doesn't capture everything, but i suspect these filters are tuned more for what they want to discard (p2p movie and warez traffic, that'd eliminate quite a chunk, right?) than for what they want to inspect. (that is, what they want to inspect is everything they don't consider useless and filter out)
That's the key here, and not captured in the subject line. They DON'T capture everything and backhaul it, though everything probably undergoes a first touch at the POP. What I suspect is that there are underground footballfields worth of SAS geeks down in NSA basements who apply statistical criteria for pre-sorting. For instance, if sender IP is "Mongolia" then that buckets that communication into a low-risk segment. If there's enough "Risk" in a communication they probably decide to pull it back via the NSA parasite network where further Risk models dictate whether it gets stored or analyzed by a "higher layer". Eventually, a tiny fraction are probably analyzed by humans. Interestingly, I'd bet we can guess as to how much gets pulled back and how much gets dropped at the POP, but it would take some work. Another point that was made years ago on Cypherpunks is that the presence of crypto "where it doesn't belong" is probably a very high risk indicator. In other words, if your sender IP isn't some bank or big company and you're using crypto, they probably grab ALL of that and send it to high-cost processes. The moral of this story is: Use Stego in your P2P'd Porno if you want to send anything discretely. -TD