Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Rob Seastrom]

William Waites  writes:

> Is this a good or a bad thing? I can remember back when there was a
> project in the 'states called Carnivore, and we had some American
> police -- I believe they were FBI -- come up and ask us politely if
> we'd like to put some of their machines on our network. Everybody
> pretty much uniformly said no. Shortly thereafter an American carrier
> showed up selling gigabit ethernet circuits to NYC for well below what
> was the going rate at the time and effectively pulled a lot of traffic
> that would otherwise have remained in country across the border.

More attributable to the unintended consequences of some of the more
draconian parts of http://en.wikipedia.org/wiki/PROTECT_Act_of_2003
than of Carnivore, actually.  :)

-r

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Bill Woodcock]

On Sep 10, 2013, at 9:29 AM, Jean-Francois Mezei  
wrote:
> Will the market start to demand routes that avoid the USA if the destination 
> is not the USA ?

Unlikely, all else being equal.  The market demands the least expensive routes. 
 Which is why we push for new IXPs on the Canadian side of the border, so that 
the _cheapest_ route will also be the _shortest_ route, and will remain within 
Canadian jurisdiction and the purview of Canadian personal privacy law, for 
instance.

> It is about sovereignty and the ability of one nation to decide for itself.
> Could the government set policies that end up making within-canada
> transit and peering more competitive than buying transit through the USA ?

Note that this is an entirely different question, orthogonal to markets and 
economics.  It is within the power of the Canadian sovereign government to do 
whatever wiretaps it likes within Canada, and share that information with other 
governments, for instance, and neither shortest paths nor least expensive paths 
will have any effect on that.  

That said, regulatory best-practice is generally held to be to either keep 
hands off the Internet entirely, or to make an ISP class license requirement 
that every service provider network deliver traffic that has source and 
destination addresses within a region, without passing the traffic across the 
border of the region.  That's a technology-neutral way of saying that if you 
have a customer in a region, and someone else has a customer in the same 
region, you and they had better figure out a way of delivering that traffic 
through peering or local transit.

> Lets reverse the situation for half a second. Say most traffic from USA
> to USA were to pass through Canada and Canada had the ability to spy on
> all USA traffic, including emails between congressman and their mistresses.
> Do you think the USA would let another nation spy on its traffic for
> half a second ?

Happens all the time.  China Telecom has routers within the U.S. borders, and 
offers domestic routes across the U.S.  Stands to reason that France Telecom, 
Deutsche Telekom, et cetera, would be doing the same thing for their respective 
sovereigns.  All of this is just routine power-struggle, it's not an 
all-or-nothing thing, and absolutes are of little value in the discussion.

> How can Bombardier compete against Boeing when the NSA captures
> Bombardier's emails etc and could potentially hand them over to Boeing?

The theory was that, paraphrasing _Brazil_, "this is the Department of Records, 
not the Department of Information Retrieval."  Theoretically, the countries 
that collected and shared information did so for the benefit of the sovereign, 
not the benefit of the people or the benefit of capital, and did not share what 
they collected with the private sector.  That has, however, been abused before:

http://yro.slashdot.org/story/00/02/09/1845227/france-sues-us-and-uk-over-echelon

Also of note:

http://en.wikipedia.org/wiki/Canada–France_relations#Saint_Pierre_and_Miquelon_boundary_dispute

So, not meaning to be a downer here, just pointing out that we should all be 
doing what we can, and not wasting too much energy on shocked outrage at the 
misbehavior of others.  

-Bill






signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[William Waites]

On Tue, 10 Sep 2013 10:27:15 -0700, Bill Woodcock  said:

> or to make an ISP class license requirement that every service
> provider network deliver traffic that has source and destination
> addresses within a region, without passing the traffic across
> the border of the region.  That's a technology-neutral way of
> saying that if you have a customer in a region, and someone else
> has a customer in the same region, you and they had better
> figure out a way of delivering that traffic through peering or
> local transit.

That's historically the way it was in Canada, although it was original
phrased in terms of the telegraph and persisted up until the
beginnings of the commercial Internet when the rule was
abolished. It's also the reason why, for example, the old
trans-atlantic cables went from the UK to Nova Scotia before New York
even though the bulk of the traffic was UK-US. Theoretically, traffic
within the empire was not supposed to cross a third border. I believe
the rationale behind this was to prevent eavesdropping.

I have a pet theory that this rule was one of the main reasons that
Canada has such a well developed telecommunications industry -- it was
forced by law to develop it indiginously rather than just dumping
telephone calls across the border into the 'states, which probably
would have made more economic sense. When the rule was abolished in
the early 1990s it wasn't clear if it should or should not apply to
Internet traffic but leaving the answer entirely to market forces
may have stunted the development of East-West capacity within Canada.

Is this a good or a bad thing? I can remember back when there was a
project in the 'states called Carnivore, and we had some American
police -- I believe they were FBI -- come up and ask us politely if
we'd like to put some of their machines on our network. Everybody
pretty much uniformly said no. Shortly thereafter an American carrier
showed up selling gigabit ethernet circuits to NYC for well below what
was the going rate at the time and effectively pulled a lot of traffic
that would otherwise have remained in country across the border. I've
been outside of North America for a while now so I don't know first
hand, but from the commentary on this list that trends appears to have
continued...

-w


pgpibCWcrzSSc.pgp
Description: PGP signature

RE: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Marsh Ray]

> From: Bill Woodcock [mailto:wo...@pch.net]
> Subject: Re: Internet Surveillance and Boomerang Routing: A Call for
> Canadian Network Sovereignty
> 
> On Sep 10, 2013, at 9:29 AM, Jean-Francois Mezei
>  wrote:
> > Will the market start to demand routes that avoid the USA if the
> destination is not the USA ?
> 
> Unlikely, all else being equal.  The market demands the least expensive
> routes.  Which is why we push for new IXPs on the Canadian side of the
> border, so that the _cheapest_ route will also be the _shortest_ route, and
> will remain within Canadian jurisdiction and the purview of Canadian personal
> privacy law, for instance.

Maybe it's time to dust off some of those "reserved for future use" IP security 
options.

It's almost as if someone saw this problem coming a long time ago.

- Marsh

https://tools.ietf.org/html/rfc791#page-17

  Security

This option provides a way for hosts to send security,
compartmentation, handling restrictions, and TCC (closed user
group) parameters.  The format for this option is as follows:

  +++---//---+---//---+---//---+---//---+
  |1010|1011|SSS  SSS|CCC  CCC|HHH  HHH|  TCC   |
  +++---//---+---//---+---//---+---//---+
   Type=130 Length=11

Security (S field):  16 bits

  Specifies one of 16 levels of security (eight of which are
  reserved for future use).

  - Unclassified
0001 00110101 - Confidential
0000 10011010 - EFTO
1000 01001101 - 
0100 00100110 - PROG
1010 00010011 - Restricted
11010111 10001000 - Secret
01101011 11000101 - Top Secret
00110101 11100010 - (Reserved for future use)
10011010 0001 - (Reserved for future use)
01001101 0000 - (Reserved for future use)
00100100 1001 - (Reserved for future use)
00010011 0100 - (Reserved for future use)
10001001 1010 - (Reserved for future use)
11000100 11010110 - (Reserved for future use)
11100010 01101011 - (Reserved for future use)

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Jean-Francois Mezei]

On 13-09-09 15:16, Joe Abley wrote:

> Not only physics, but geometry. Vancouver is further north than Seattle, but 
> Toronto is further south than Portland.

It is about sovereignty and the ability of one nation to decide for itself.

In the past, because people were blind to the NSA operations, it didn't
matter so much. But with past revelations, will the market start to
demand routes that avoid the USA if the destination is not the USA ?

Could the government set policies that end up making within-canada
transit and peering more competitive than buying transit through the USA ?



Lets reverse the situation for half a second. Say most traffic from USA
to USA were to pass through Canada and Canada had the ability to spy on
all USA traffic, including emails between congressman and their mistresses.

Do you think the USA would let another nation spy on its traffic for
half a second ?

How can Bombardier compete against Boeing when the NSA captures
Bombardier's emails etc and could potentially hand them over to Boeing?

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Paul Ferguson]

On 9/9/2013 11:29 AM, joel jaeggli responded with a "smart guy" answer:


On 9/9/13 7:43 AM, Jason Lixfeld wrote:

>That notwithstanding, it's stupid to send traffic to/from one of the
>large $your_region/country incumbents via $not_your_region/country.
>It's just not good Internet.



yyz-yvr is faster via the united states. physics doesn't respect
poltical boundries.


There are still a lot of people that care about the sheer principle of
the issue.

Please do not discount that with math.

- ferg


--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Michael Hallgren]

Le 09/09/2013 21:16, Joe Abley a écrit :
> On 2013-09-09, at 14:29, joel jaeggli  wrote:
>
>> On 9/9/13 7:43 AM, Jason Lixfeld wrote:
>>> That notwithstanding, it's stupid to send traffic to/from one of the
>>> large $your_region/country incumbents via $not_your_region/country.
>>> It's just not good Internet. 
>> yyz-yvr is faster via the united states. physics doesn't respect
>> poltical boundries.
> Not only physics, but geometry. Vancouver is further north than Seattle, but 
> Toronto is further south than Portland.
>
> http://www.gcmap.com/mapui?P=YYZ-YVR

Fiber path along great circle? Cool case. :)

mh

>
>
> Joe
>
>

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[joel jaeggli]

On 9/9/13 7:43 AM, Jason Lixfeld wrote:
> That notwithstanding, it's stupid to send traffic to/from one of the
> large $your_region/country incumbents via $not_your_region/country.
> It's just not good Internet. 

yyz-yvr is faster via the united states. physics doesn't respect
poltical boundries.

 You make enough money already.  Be a
> good netizen.  It pays more in the long run and that's all you're
> really after for your shareholders anyway, right?
> 
> On 2013-09-08, at 11:54 AM, Derek Andrew 
> wrote:
> 
>> The topic of Canadian network sovereignty has been part of the
>> Canadian conscience since the failure of CANNET back in the 1970s.
>> 
>> Canadians citizens, on Canadian soil, already supply feeds directly
>> to the NSA. Rerouting Internet traffic would make no difference.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Sat, Sep 7, 2013 at 3:08 PM, Paul Ferguson
>> wrote:
>> 
>>> 
>>> A Canadian ISP colleague of mine suggested that the NANOG
>>> constituency might be interested in this, given some recent
>>> 'revelations', so I forward it here for you perusal.
>>> 
>>> 
>>> 
>>> "Preliminary analysis of more than 25,000 traceroutes reveals a 
>>> phenomenon we call ‘boomerang routing’ whereby
>>> Canadian-to-Canadian internet transmissions are routinely routed
>>> through the United States. Canadian originated transmissions that
>>> travel to a Canadian destination via a U.S. switching centre or
>>> carrier are subject to U.S. law - including the USA Patriot Act
>>> and FISAA. As a result, these transmissions expose Canadians to
>>> potential U.S. surveillance activities – a violation of Canadian
>>> network sovereignty."
>>> 
>>> 
>>> http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html
>>>
>>>
>>> 
Cheers,
>>> 
>>> - ferg
>>> 
>>> 
>>> -- Paul Ferguson Vice President, Threat Intelligence Internet
>>> Identity, Tacoma, Washington  USA IID --> "Connect and
>>> Collaborate" --> www.internetidentity.com
>>> 
>>> 
>> 
>> 
>> -- Copyright 2013 Derek Andrew (excluding quotations)
>> 
>> +1 306 966 4808 Information and Communications Technology 
>> University of Saskatchewan Peterson 120; 54 Innovation Boulevard 
>> Saskatoon,Saskatchewan,Canada. S7N 2V3 Timezone GMT-6
>> 
>> Typed but not read.
> 
> 
> 

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[joel jaeggli]

On 9/9/13 12:43 PM, Michael Hallgren wrote:
> Le 09/09/2013 21:16, Joe Abley a écrit :
>> On 2013-09-09, at 14:29, joel jaeggli  wrote:
>>
>>> On 9/9/13 7:43 AM, Jason Lixfeld wrote:
 That notwithstanding, it's stupid to send traffic to/from one of the
 large $your_region/country incumbents via $not_your_region/country.
 It's just not good Internet. 
>>> yyz-yvr is faster via the united states. physics doesn't respect
>>> poltical boundries.
>> Not only physics, but geometry. Vancouver is further north than Seattle, but 
>> Toronto is further south than Portland.
>>
>> http://www.gcmap.com/mapui?P=YYZ-YVR
> 
> Fiber path along great circle? Cool case. :)

YYZ-CHI-MSP-SEA-YVR is close enough. this is BNSF vs CN

> mh
> 
>>
>>
>> Joe
>>
>>
> 
> 

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Dave Crocker]

On 9/7/2013 5:33 PM, Harald Koch wrote:

On 7 September 2013 17:08, Paul Ferguson  wrote:

"Preliminary analysis of more than 25,000 traceroutes reveals a
phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
internet transmissions are routinely routed through the United States.


I sincerely hope that nobody in Canada is surprised by this, since it was
already an issue in 1994 (when I was at CA*net).



Much farther back than that.

In 1985 I was working in Toronto and did a proposal for a national X.25 
network.  The pragmatics for reliability were simple at a national 
scale:  Essentially all Canadian telecom links went through a few common 
sites across the country; if you wanted redundancy you had to have a 
second, independent path through the US.


Given that most Canadian population occupies a relatively thin band 
(close to the US border), this topological fragility was/is largely 
inherent.


d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Joe Abley]

On 2013-09-09, at 14:29, joel jaeggli  wrote:

> On 9/9/13 7:43 AM, Jason Lixfeld wrote:
>> That notwithstanding, it's stupid to send traffic to/from one of the
>> large $your_region/country incumbents via $not_your_region/country.
>> It's just not good Internet. 
> 
> yyz-yvr is faster via the united states. physics doesn't respect
> poltical boundries.

Not only physics, but geometry. Vancouver is further north than Seattle, but 
Toronto is further south than Portland.

http://www.gcmap.com/mapui?P=YYZ-YVR


Joe

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Allen McKinley Kitchen (gmail)]

I'm confident that someone else may point this out, but I feel this is 
important enough to weigh in on .. Respectfully, I must disagree with any 
philosophy that perpetuates the archaic concept of political boundaries in the 
context of information flow. 

Calling it "stupid" to send traffic on any particular route because that route 
crosses political boundaries reflects a surrender to an old way of thought. 
While I can agree that the fact of crossing political boundaries introduces a 
very unwelcome artifact of exposing that traffic to adverse political effects, 
that doesn't mean that the desirable response is one of returning to 
nationalistic silos. Instead, the way forward is to protect the traffic rather 
than the boundaries. 

Due to political realities, that may indeed mean that a intra-national backup 
path is necessary. But to my mind, what's "just not good Internet" is the 
artificial restriction of traffic to solely intra-national primary paths. That 
mindset reflects a territoriality that's not our friend; I still dream of a 
fully interconnected world. 

So, I respectfully suggest that we work on fixing the problems and 
vulnerabilities that arise from the interconnectedness rather than hunkering 
down and fragmenting / forking. Yes, these are shameful and terrible problems 
that have come to our attention right now; still, we can move forward better 
together than apart, don't you think?

..Allen

On Sep 9, 2013, at 10:43, Jason Lixfeld  wrote:

> That notwithstanding, it's stupid to send traffic to/from one of the large 
> $your_region/country incumbents via $not_your_region/country.  It's just not 
> good Internet.  You make enough money already.  Be a good netizen.  It pays 
> more in the long run and that's all you're really after for your shareholders 
> anyway, right?
> 
> On 2013-09-08, at 11:54 AM, Derek Andrew  wrote:
> 
>> The topic of Canadian network sovereignty has been part of the Canadian
>> conscience since the failure of CANNET back in the 1970s.
>> 
>> Canadians citizens, on Canadian soil, already supply feeds directly to the
>> NSA. Rerouting Internet traffic would make no difference.
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Sat, Sep 7, 2013 at 3:08 PM, Paul Ferguson 
>> wrote:
>> 
>>> 
>>> A Canadian ISP colleague of mine suggested that the NANOG constituency
>>> might be interested in this, given some recent 'revelations', so I
>>> forward it here for you perusal.
>>> 
>>> 
>>> 
>>> "Preliminary analysis of more than 25,000 traceroutes reveals a
>>> phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
>>> internet transmissions are routinely routed through the United States.
>>> Canadian originated transmissions that travel to a Canadian destination
>>> via a U.S. switching centre or carrier are subject to U.S. law -
>>> including the USA Patriot Act and FISAA. As a result, these
>>> transmissions expose Canadians to potential U.S. surveillance activities
>>> – a violation of Canadian network sovereignty."
>>> 
>>> 
>>> http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html
>>> 
>>> Cheers,
>>> 
>>> - ferg
>>> 
>>> 
>>> --
>>> Paul Ferguson
>>> Vice President, Threat Intelligence
>>> Internet Identity, Tacoma, Washington  USA
>>> IID --> "Connect and Collaborate" --> www.internetidentity.com
>> 
>> 
>> -- 
>> Copyright 2013 Derek Andrew (excluding quotations)
>> 
>> +1 306 966 4808
>> Information and Communications Technology
>> University of Saskatchewan
>> Peterson 120; 54 Innovation Boulevard
>> Saskatoon,Saskatchewan,Canada. S7N 2V3
>> Timezone GMT-6
>> 
>> Typed but not read.
> 
> 

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Jason Lixfeld]

That notwithstanding, it's stupid to send traffic to/from one of the large 
$your_region/country incumbents via $not_your_region/country.  It's just not 
good Internet.  You make enough money already.  Be a good netizen.  It pays 
more in the long run and that's all you're really after for your shareholders 
anyway, right?

On 2013-09-08, at 11:54 AM, Derek Andrew  wrote:

> The topic of Canadian network sovereignty has been part of the Canadian
> conscience since the failure of CANNET back in the 1970s.
> 
> Canadians citizens, on Canadian soil, already supply feeds directly to the
> NSA. Rerouting Internet traffic would make no difference.
> 
> 
> 
> 
> 
> 
> 
> On Sat, Sep 7, 2013 at 3:08 PM, Paul Ferguson wrote:
> 
>> 
>> A Canadian ISP colleague of mine suggested that the NANOG constituency
>> might be interested in this, given some recent 'revelations', so I
>> forward it here for you perusal.
>> 
>> 
>> 
>> "Preliminary analysis of more than 25,000 traceroutes reveals a
>> phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
>> internet transmissions are routinely routed through the United States.
>> Canadian originated transmissions that travel to a Canadian destination
>> via a U.S. switching centre or carrier are subject to U.S. law -
>> including the USA Patriot Act and FISAA. As a result, these
>> transmissions expose Canadians to potential U.S. surveillance activities
>> – a violation of Canadian network sovereignty."
>> 
>> 
>> http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html
>> 
>> Cheers,
>> 
>> - ferg
>> 
>> 
>> --
>> Paul Ferguson
>> Vice President, Threat Intelligence
>> Internet Identity, Tacoma, Washington  USA
>> IID --> "Connect and Collaborate" --> www.internetidentity.com
>> 
>> 
> 
> 
> -- 
> Copyright 2013 Derek Andrew (excluding quotations)
> 
> +1 306 966 4808
> Information and Communications Technology
> University of Saskatchewan
> Peterson 120; 54 Innovation Boulevard
> Saskatoon,Saskatchewan,Canada. S7N 2V3
> Timezone GMT-6
> 
> Typed but not read.

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Paul Ferguson]

Actually Roland is right when he says:


If folks are unhappy with the current state of affairs, they ought to

concentrate on writing laws, not code.

Randy is being his usual self and playing devils advocate, which is
fine, but doesn't move the ball (or is simply self-serving).


In any event, we *all* need to raise our game, because we are not as
clever as we think we are.

- ferg


On 9/8/2013 1:12 AM, Dobbins, Roland wrote:


On Sep 8, 2013, at 2:58 PM, Randy Bush wrote:


>cool.  then i presume you will continue to run using rc4 and rsa 1024.

The point is that no matter what crypto algorithms are developed and 
implemented, it's generally trivial for authorized (for whatever value of 
'authorized' applies in a given situation) entities to obviate them by simply 
compromising the endpoints under color of law, if nothing else.

If folks are unhappy with the current state of affairs, they ought to 
concentrate on writing laws, not code.



--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Michael Thomas]

On 9/8/13 12:58 AM, Randy Bush wrote:

Quite frankly, all this chatter about technical 'calls to arms' and
whatnot is pointless and distracting (thereby calling into question
the motivations behind continued agitation for technical remedies,
which clearly won't have any effect whatsoever).

cool.  then i presume you will continue to run using rc4 and rsa 1024.
smart folk over there at arbor.



Even if you believe that it's pretty futile to try to protect yourself against 
~$50b,
there's a long tail of others to worry about.

Mike

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Derek Andrew]

The topic of Canadian network sovereignty has been part of the Canadian
conscience since the failure of CANNET back in the 1970s.

Canadians citizens, on Canadian soil, already supply feeds directly to the
NSA. Rerouting Internet traffic would make no difference.







On Sat, Sep 7, 2013 at 3:08 PM, Paul Ferguson wrote:

>
> A Canadian ISP colleague of mine suggested that the NANOG constituency
> might be interested in this, given some recent 'revelations', so I
> forward it here for you perusal.
>
>
>
> "Preliminary analysis of more than 25,000 traceroutes reveals a
> phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
> internet transmissions are routinely routed through the United States.
> Canadian originated transmissions that travel to a Canadian destination
> via a U.S. switching centre or carrier are subject to U.S. law -
> including the USA Patriot Act and FISAA. As a result, these
> transmissions expose Canadians to potential U.S. surveillance activities
> – a violation of Canadian network sovereignty."
>
>
> http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html
>
> Cheers,
>
> - ferg
>
>
> --
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington  USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com
>
>


-- 
Copyright 2013 Derek Andrew (excluding quotations)

+1 306 966 4808
Information and Communications Technology
University of Saskatchewan
Peterson 120; 54 Innovation Boulevard
Saskatoon,Saskatchewan,Canada. S7N 2V3
Timezone GMT-6

Typed but not read.

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[bmanning]

On Sun, Sep 08, 2013 at 04:58:52PM +0900, Randy Bush wrote:
> > Quite frankly, all this chatter about technical 'calls to arms' and
> > whatnot is pointless and distracting (thereby calling into question
> > the motivations behind continued agitation for technical remedies,
> > which clearly won't have any effect whatsoever).
> 
> cool.  then i presume you will continue to run using rc4 and rsa 1024.
> smart folk over there at arbor.
> 
> randy

nothing better than clear text.  pesky crypto just slows
things down.

/bill`

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Dobbins, Roland]

On Sep 8, 2013, at 2:58 PM, Randy Bush wrote:

> cool.  then i presume you will continue to run using rc4 and rsa 1024.

The point is that no matter what crypto algorithms are developed and 
implemented, it's generally trivial for authorized (for whatever value of 
'authorized' applies in a given situation) entities to obviate them by simply 
compromising the endpoints under color of law, if nothing else.

If folks are unhappy with the current state of affairs, they ought to 
concentrate on writing laws, not code.

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Randy Bush]

> Quite frankly, all this chatter about technical 'calls to arms' and
> whatnot is pointless and distracting (thereby calling into question
> the motivations behind continued agitation for technical remedies,
> which clearly won't have any effect whatsoever).

cool.  then i presume you will continue to run using rc4 and rsa 1024.
smart folk over there at arbor.

randy

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[<<"tei''>>>]

On 7 September 2013 18:09, Dobbins, Roland  wrote:
>
> On Sep 8, 2013, at 4:08 AM, Paul Ferguson wrote:
>
>> As a result, these transmissions expose Canadians to potential U.S. 
>> surveillance activities – a violation of Canadian network sovereignty."
>
> Yes, far better to keep those communications within Canada - where CSEC can 
> hand them over to GCHQ, who'll then hand them over to NSA . . .

But I don't think every secret service have installed his own
backdoors in all popular software and protocols.

And the NSA can't share these backdoors/weakness with all his
"friends", because if you tell a secret to everyone, it stop being a
secret. The existence and nature of these backdoors will be revealed,
and the affected software will fix them.

So probably the NSA works like  Wall-Mart Secrets.  And they sell
secrets,   100.000$ for a list of human rights activist,   2 millions
for the emails of the leaders of the opposition.


-- 
--
ℱin del ℳensaje.

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Dobbins, Roland]

On Sep 8, 2013, at 8:09 AM, Dobbins, Roland wrote:

> There are no technical solutions to purely social ills.

That should read, 'There are no purely technical solutions to social ills.'

;>

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Dobbins, Roland]

On Sep 8, 2013, at 4:08 AM, Paul Ferguson wrote:

> As a result, these transmissions expose Canadians to potential U.S. 
> surveillance activities – a violation of Canadian network sovereignty."

Yes, far better to keep those communications within Canada - where CSEC can 
hand them over to GCHQ, who'll then hand them over to NSA . . .

;>

There are no technical solutions to purely social ills.  This set of issues has 
nothing to do with technology, and everything to do with civil society.  Any 
meaningful change in the status quo will not originate the technological realm, 
but rather in the political sphere.  

Quite frankly, all this chatter about technical 'calls to arms' and whatnot is 
pointless and distracting (thereby calling into question the motivations behind 
continued agitation for technical remedies, which clearly won't have any effect 
whatsoever).

---
Roland Dobbins  // 

  Luck is the residue of opportunity and design.

   -- John Milton

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Harald Koch]

On 7 September 2013 17:08, Paul Ferguson  wrote:

> "Preliminary analysis of more than 25,000 traceroutes reveals a
> phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
> internet transmissions are routinely routed through the United States.
>

I sincerely hope that nobody in Canada is surprised by this, since it was
already an issue in 1994 (when I was at CA*net).

-- 
Harald

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Wayne E Bouchard]

It's a good point to consider however that omits the probabilty that
Canada is doing exactly the same thing as the U.S. and thus this may
free you from certain legalities but does not actually ensure privacy.
The other fact of this is that we are well aware that the NSA's
database is being accessed freely by (at the very least) England and
Australia (I think that's who I read) I believe with reciprical
agreements and I'd be shocked if Canada isn't in there too. What are
the ramifications of that? Do we even know?

Points to ponder...

-Wayne

On Sat, Sep 07, 2013 at 02:08:31PM -0700, Paul Ferguson wrote:
> 
> A Canadian ISP colleague of mine suggested that the NANOG constituency 
> might be interested in this, given some recent 'revelations', so I 
> forward it here for you perusal.
> 
> 
> 
> "Preliminary analysis of more than 25,000 traceroutes reveals a
> phenomenon we call ?boomerang routing? whereby Canadian-to-Canadian
> internet transmissions are routinely routed through the United States.
> Canadian originated transmissions that travel to a Canadian destination
> via a U.S. switching centre or carrier are subject to U.S. law -
> including the USA Patriot Act and FISAA. As a result, these
> transmissions expose Canadians to potential U.S. surveillance activities
> ? a violation of Canadian network sovereignty."
> 
> http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html
> 
> Cheers,
> 
> - ferg
> 
> 
> -- 
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington  USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com

---
Wayne Bouchard
w...@typo.org
Network Dude
http://www.typo.org/~web/

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Jim Popovitch]

On Sat, Sep 7, 2013 at 5:17 PM, Aaron Wendel
 wrote:
> Not just a Canadian issue...

Nor even a North American one.

-Jim P.

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Jorge Amodio]

You have to change way more than that. BTW the one in office didn't start this.

-Jorge

On Sep 7, 2013, at 4:17 PM, Aaron Wendel  wrote:

> Not just a Canadian issue but one we should look at in the US as well.  
> Deploying more IXs and routing our traffic direct instead of through the "big 
> guys" can secure our own communications from our own government until we 
> change who we have in office.
> 
> Aaron

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[jim deleskie]

Paul,

  I agree this is a problem, but its been a problem since at least 1994 (
my first  exposure ) and I suspect longer, the issue is east we capacity in
Canada is very $$, pushing traffic from Toronto east to points south to get
it to Vancouver is much more cost effective.

-jim


On Sat, Sep 7, 2013 at 6:08 PM, Paul Ferguson wrote:

>
> A Canadian ISP colleague of mine suggested that the NANOG constituency
> might be interested in this, given some recent 'revelations', so I forward
> it here for you perusal.
>
>
>
> "Preliminary analysis of more than 25,000 traceroutes reveals a
> phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
> internet transmissions are routinely routed through the United States.
> Canadian originated transmissions that travel to a Canadian destination
> via a U.S. switching centre or carrier are subject to U.S. law -
> including the USA Patriot Act and FISAA. As a result, these
> transmissions expose Canadians to potential U.S. surveillance activities
> – a violation of Canadian network sovereignty."
>
> http://lawprofessors.typepad.**com/media_law_prof_blog/2013/**
> 09/routing-internet-**transmission-across-the-**canada-us-border-and-us-**
> surveillance-activities.html
>
> Cheers,
>
> - ferg
>
>
> --
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington  USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com
>
>

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Aaron Wendel]

Not just a Canadian issue but one we should look at in the US as well.  
Deploying more IXs and routing our traffic direct instead of through the 
"big guys" can secure our own communications from our own government 
until we change who we have in office.


Aaron

On 9/7/2013 4:08 PM, Paul Ferguson wrote:


A Canadian ISP colleague of mine suggested that the NANOG constituency 
might be interested in this, given some recent 'revelations', so I 
forward it here for you perusal.




"Preliminary analysis of more than 25,000 traceroutes reveals a
phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
internet transmissions are routinely routed through the United States.
Canadian originated transmissions that travel to a Canadian destination
via a U.S. switching centre or carrier are subject to U.S. law -
including the USA Patriot Act and FISAA. As a result, these
transmissions expose Canadians to potential U.S. surveillance activities
– a violation of Canadian network sovereignty."

http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html 



Cheers,

- ferg

Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

[Paul Ferguson]

A Canadian ISP colleague of mine suggested that the NANOG constituency 
might be interested in this, given some recent 'revelations', so I 
forward it here for you perusal.




"Preliminary analysis of more than 25,000 traceroutes reveals a
phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian
internet transmissions are routinely routed through the United States.
Canadian originated transmissions that travel to a Canadian destination
via a U.S. switching centre or carrier are subject to U.S. law -
including the USA Patriot Act and FISAA. As a result, these
transmissions expose Canadians to potential U.S. surveillance activities
– a violation of Canadian network sovereignty."

http://lawprofessors.typepad.com/media_law_prof_blog/2013/09/routing-internet-transmission-across-the-canada-us-border-and-us-surveillance-activities.html

Cheers,

- ferg


--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington  USA
IID --> "Connect and Collaborate" --> www.internetidentity.com