I'd bet by the time this post reaches the list most Cypherpunks &c will have already seen the string of information posted on Wired and other places, about AT&T's network. This is a level of detail that I strongly suspect has NSA folks shitting bricks: http://www.wired.com/news/technology/0,70908-0.html?tw=wn_index_2 Here's an interesting quote:
One of the documents appears to describe AT&T's successful efforts to tap into 16 fiber-optic >cables connecting the company's WorldNet internet backbone to other internet service providers. >The document shows AT&T technicians phasing in fiber-optic splitters throughout February 2003,
cutting them in four at a time on a weekly schedule, ending with a link to Mae West, an internet >exchange point for West Coast traffic.
Now this is REALLY interesting: http://blog.wired.com/images/nsadocs2_f.jpg OK, this means the 16 fibers mentioned above are single wavelength. From this document we can also view what the actual bandwidths are: OC-12s and OC-48s, a couple of OC-3s and no OC-192s. Now I don't see any documentation stating that there isn't more than this going into the room. The "four splitters at a time" almost certainly implies that this traffic is coming off a 4-fiber BLSR (most likely too NSA worked with the other carriers to move the traffic to protect prior to installing the splitters).* Theoretically, they could actually just backhaul all of this traffic using pretty ordinary 16 wavelength WDM from any number of vendors. Getting that cross-country is difficult, but with ULH (Ultra Long Haul) this could be done with a relative minimum of repeater/amplifier sites. If they pre-sort the traffic before backhauling it they could then actually just buy a wavelength on AT&T's backbone, which has some nice features to it (I'd bet they also have their own encryption used for the entire wavelength pipe, though I could be wrong). The pinchpoint here just might actually be the deep packet inspection. Does anyone know what kind of bandwidth the narus boxes can support? What this will do is give us an idea of how much traffic they are actually taking back. From our discussions some months ago, I have assumed (and still believe) that they can't grab EVERYTHING and pull it back, because that would require too obvious and too huge a network. My other assumption is that the narus deep packet inspection is enforcing a prioritization prior to hockeying the most "juicy" traffic into their fiber or wavelegnths. *: They would have first told the owner/carrier of one of those OC-N pipes to force a switch to protection bandwidth while they installed the splitters, and then switch back once the splitters were installed. It LOOKS like they did this ring-by-ring, diverting traffic away from the "break" and then installing splitters on all four fibers terminating across the break.