Yes, but I think it's fairly clear that if one needs to dissasemble the OC-Ns in the field, you simply need too much gear. It's going to be far easier to grab whole swathes of it and ship it back to Montana or wherever for it to be sifted through later. What they probably do, however, is grab specific DS1s/3s locall and switch those via CALEA back to optical access points, where all of this stuff is pulled together into OC-192s or (very soon) OC-768s. As Variola suggests, once you get it back then you can plow through it at your leisure. Got a disident you want to shut down? "Surely he's said SOMETHING over the last 2 years that you could incriminate him on....find it, dammit!" -TD

From: Morlock Elloi <morlockelloi@yahoo.com> To: cypherpunks@al-qaeda.net Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies Date: Wed, 21 Jul 2004 02:19:20 -0700 (PDT)

...

Let's back up. You've got an OC-48 or OC-192 fiber and you want to grab ALL of the data in this fiber. Now I'll grant that in real life there's

A. You don't want all data.

A nice illustration on ether speeds is obtained by using simple tools like putting the NIC in promiscuous mode, using simple reassembler and filter that discards everything but smtp/pop text parts. This can be trivially done with tcpdump+awk. The percentage of mail texts is usually less than 2-3% of all traffic. And it's not even because of porn - it's stupidity of html generators (humans & software).

B. Even 'All data' is far less than line speed. Average fiber utilisation is under 4% in US. Buffers!

===== end (of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail

_________________________________________________________________ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/