> But if ISP's must have blackbox on their interfaces (hello FBI),than you can't > trust your local hosting company even if they are very friendly ;-)
Cisco prefers a blueish-black color. Juniper boxes tend to be white and blue. In most Western countries there are many ISPs; if many of them were forced to have, in secret, black boxes on their networks, it would soon be public that that is occuring. Providers are, in many cases, being forced to allow, unmonitored, snooping by their governments - read up on CALEA. Hardware based routing platforms will be able to handle only a very small amount of traffic, the CPUs that are used in them tend to be very slow and even the fastest CPUs can route only a tiny amount of the traffic modern hardware-based routers can. So, if the government wants to monitor YOU specifically, or occasionally monitor everyone, they might be able to do it via CALEA. If I wished to monitor a large amount of peoples traffic (not all - that's not technically feasible), I would try and use passive taps with the cooperation of major transit providers. If I was on a smaller budget, then I would just do that with some major telcos. The NSA appears to have decided to use a hybrid approach. If I had very large amounts of money that I am willing to spend (well, government has lots of money, and it's not theirs, so why would they mind spending it?) I would do the same with cable providers (not the coax kind). I would definitely try and avoid small ISPs and IXPs - high maintenance, high whining and very difficult to perform surveillance using them clandestinely. Laying a submarine cable is far more expensive than starting an ISP or IXP. So, basically, you are being paranoid about the wrong things.