[Details on the AT&T/NSA wiretapping]

[Tyler Durden]

>sure, this doesn't capture everything, but i suspect these filters are
>tuned more for what they want to discard (p2p movie and warez traffic,
>that'd eliminate quite a chunk, right?) than for what they want to
>inspect.  (that is, what they want to inspect is everything they don't
>consider useless and filter out)

That's the key here, and not captured in the subject line. They DON'T 
capture everything and backhaul it, though everything probably undergoes a 
first touch at the POP.  What I suspect is that there are underground 
footballfields worth of SAS geeks down in NSA basements who apply 
statistical criteria for pre-sorting. For instance, if sender IP is 
"Mongolia" then that buckets that communication into a low-risk segment.

If there's enough "Risk" in a communication they probably decide to pull it 
back via the NSA parasite network where further Risk models dictate whether 
it gets stored or analyzed by a "higher layer". Eventually, a tiny fraction 
are probably analyzed by humans.

Interestingly, I'd bet we can guess as to how much gets pulled back and how 
much gets dropped at the POP, but it would take some work.

Another point that was made years ago on Cypherpunks is that the presence of 
crypto "where it doesn't belong" is probably a very high risk indicator. In 
other words, if your sender IP isn't some bank or big company and you're 
using crypto, they probably grab ALL of that and send it to high-cost 
processes.

The moral of this story is: Use Stego in your P2P'd Porno if you want to 
send anything discretely.

-TD