Adam Shostack says:

...

It may be that the FBI has a couple of Suns handling the whole remailer network right now.

Perry Metzger replies:

If they are doing that, they are violating the ECPA. They are allowed to monitor only those things they have a warrant to monitor (with, of course, all those lovely National Security exceptions). This is not to say that it isn't being done, but it can't be used in court.

Is this even technically possible? That is, wholesale monitoring of disparate portions of the net from a single access point. Given the distributed and dynamic properties of the Net this would seem impossible. To monitor the entire remailer network an attacker would have to setup packet sniffers upstream from each and every portion of the Net that contained a remailer, wouldn't they? I suppose an extremely resourceful attacker could monitor traffic at crucial points (i.e. transcontinental feeds, points on the NFSnet, CIX, etc...), but there are so many private connections linking networks that it would be very difficult indeed to sniff out every bit of remailer traffic. Is having every bit of remailer traffic necessary for traffic analysis? Or would having a good percentage of it be sufficient? andrew