back to article Canadian live route map highlights vulnerabilities to NSA spying efforts

Researchers at the University of Toronto have created a mapping tool that shows how internet data moves around and how the NSA can use just a few surveillance sites to scoop up online traffic. IXmaps is a visual, interactive database of traffic routes, and uses real data to help Canadians get a sense of what happens when they …

  1. veti Silver badge

    Doesn't surprise me

    Reminds me of the time, circa 1990, when BT showed me how phone calls were being routed. Turned out you could be calling London from Newcastle, and your call might well be routed via New York.

    15 years ago, when it was still somewhat possible to trace and attack spam, I spent time poring over email headers and traceroute results. And most everything passed through the same handful of networks, mostly US. (Although China also showed a lot of backbone, even back then.)

    If you don't like it, you need to build some bigger networks. And then get your local ISPs to use them. I imagine the sponsors of this study are now appealing for cash, either government or private-sector, to support such an enterprise.

    1. A Non e-mouse Silver badge

      Re: Doesn't surprise me

      I heard a similar story whilst on a tour of Goonhilly: A major telephone cable in the UK was cut. The phone network looked for the best alternative route for the traffic. It decided that sending the traffic via New York via satellite was the best route around the problem.

  2. Nuno trancoso

    Meh...

    All it shows is that people (even IT) still don't grep that ANYTHING sent over a public network, be it the Internet or good old Snailmail, is open to eavesdropping. Thus, logic would say that if it's to be kept private, it must be made private BEFORE transmission.

    Properly securing the endpoints and payload data would always ensure the TLA's could at best say "we know x sent A to y, but we have no clue what A is", but as usual, in good ol' human fashion, we go about wasting time "fixing" the symptoms instead of dealing with the "disease" at the core.

    1. Schultz

      "securing the endpoints"

      Securing the endpoints is surely crucial, but it still makes sense to address the routing issue. Think about it as two-factor security.

    2. Anonymous Coward
      Anonymous Coward

      Re: Meh...

      If the US were to make strong encryption illegal or pass some similar law regarding protocols and practices, then as a Canadian you could end up breaking US law without knowing it. If they are able to trace the origins of your traffic it could be used as a reason to deny entry into the US or worse.

      1. Ian Michael Gumby

        @AC Re: Meh...

        No junior birdman, you would not be breaking the law in the US.

        First, the encryption laws are for US companies exporting the encryption technology as a munition. Using strong encryption that was produced outside of the US isn't violating the law, nor is sending encrypted traffic regardless of what path the data takes.

        Please take off your tin foil hat and take your meds.

    3. Ian Michael Gumby
      Black Helicopters

      @Nuno , Meh is right... Re: Meh...

      The author of the article is being a tad paranoid.

      Look, apply Occam's Razor to this and you may start to see things in a better light.

      In the internet, not all routes are created equal. Some have greater bandwidth (capacity) than others and even if they are longer, they are preferred routes. It just so happens that most of those routes flow through the US and not Canada. (If you were a telco, do you want to piggyback on existing long haul routes, or do you want to spend BILLIONS to run fiber across rugged terrain?

      Lets also not forget the whole thing of peering agreements and contracts which also drive the traffic flow...

      So regardless of the NSA/CIA/Alphabet/etc ... your internet traffic in Canada will most likely flow thru the US.

      Having said that... if you were the NSA, where do you think you would be able to capture most of the traffic? Doing something clandestine in Canada, or something clandestine in the US. (Its against the law for the NSA to knowingly spy on US Citizens... a subtle fact that gets abused by a lot of people...)

      If I were the NSA, I'd monitor the choke points on the major internet highways first.

      When you put this in perspective, you lose the tinfoil hat and the idea that the telcos are in cahoots with the NSA. (Which they are not.)

      That doesn't mean that the NSA isn't slurping data, or Google if you're on their network... it just means its not an evil conspiracy. (Unless you're talking about Google.)

      And if its not the US, then its the Chinese, Russians, pretty much every spy agency in the world is doing this at some level.

  3. Anonymous Coward
    Thumb Down

    And this anonymous app......

    Maybe we're helping the NSA find any 'missed' routes.

  4. Someone Else Silver badge
    Go

    Hey

    Once those Canadian IXPs are fully fleshed out, how can we Yanks use them to bypass our own unapologetic National Snooping Administration?

    1. Charles 9

      Re: Hey

      You can't. You're already screwed as every ISP in America must submit to the NSA by law or they can't operate. And they've become savvy enough to say their laws take precedence over any other law, even those that prohibit lying, so that you can't use warrant canaries.

    2. Anonymous Coward
  5. M7S

    An unlikely glimmer of hope

    Lets just imagine that Donald becomes first the candidate for the Old Republicans, and then POTUS. I work in London which, as he has told us is too dangerous for the police to enter (the ones I see patrolling on foot, being nice and not carrying guns are clearly therefore some kind of illusion) and therefore I'm due to be cut off from "his" internet (sorry Sir TIM B-L).

    If enough of us get cut off, then maybe we could unplug his internet from everyone else's, including most of the listening posts (I realise there are some in the UK, belonging to various governments, so yes, some more thinking required) and just get on with our lives.

  6. Mage Silver badge

    Another good reason.

    Another good reason to avoid outsourcing or using the so called "Cloud".

  7. John Robson Silver badge

    The Canadians have it right then...

    Rather than legislate against packets moving across some artificial border you make it easier for them to not bother crossing that border.

    Wow - Can we (the rest of the world) elect them as the US president, and into congress?

    1. EvilGardenGnome

      Re: The Canadians have it right then...

      Except we do have laws against those packets crossing the border. Our banks consistently site them (erroneously) as a reason for not modernizing their infrastructure. Believe me, we are not enlightened, eh.

      That said, I agree that this approach is way better.

  8. Graham Marsden
    Holmes

    Remind me again...

    ... why they want backdoors into encryption methods...

  9. Blank-Reg
    Gimp

    When they've got the Canadian bits sorted, any chance you could hand it round some other research institutions around the world to implement locally? Won't stop your data being stuck on a database in your own country, but will reduce the likely hood of another country keeping a copy.

    Gimp mask, well, because that's how it'll feels to have your data harvested and put on the UK's new big brother database.

  10. Tom 7

    How much extra bandwidth does this require?

    Given that any sensible network would send the data I want to send by the shortest route I can only guess that we are paying nearly twice what we should for our data to fuck off half way round the world so some paranoid tit can still feel paranoid.

    1. Charles 9

      Re: How much extra bandwidth does this require?

      Not shortest; fastest. That's why you have beltways and so on, because if you had to cut through the downtown of a highly-congested city just to get past it, you find that taking the beltway around it, which is usually a motorway as well, still saves you time even if the trip is further in terms of distance. IOW, a speedy dogleg down a motorway can still beat a straight-on trudge through rough and crowded surface streets.

  11. JeffyPoooh
    Pint

    The Traveling Salesman Problem

    Same thing. Which is interesting. Might be a Clay NP prize in there somewhere.

    Perhaps the routing algorithm is distance-unaware and is optimizing based on other, similar parameters. Perhaps they're mindlessly following a trivial 'least number of steps' or 'least cost' algorithm, and any pattern of seeming routing intelligence is just an emergent property. Perhaps all the NSA needs to do is provide subsidized, high bandwidth routes to attract traffic.

    1. Charles 9

      Re: The Traveling Salesman Problem

      That's what's happening, as the Internet can't see things too well in terms of physical distance, just in terms of time, and packets can be delayed by more than just sheer distance, such as a slow leg along the way.

    2. Doctor Syntax Silver badge

      Re: The Traveling Salesman Problem

      "Perhaps the routing algorithm is distance-unaware and is optimizing based on other, similar parameters"

      First found?

  12. RJChurchill

    While I was doing my Bsc in Comp Sci at Brock University (a small Uni in southern Ontario) I had an account with a local ISP which was owned by a professor. While doing a traceroute between the unix boxes at the ISP and University which were located about 15 KM apart we noticed it would route to Toronto frst about 75 KM away then return. That made sense, the two computers used different providers both of which had their hubs in Toronto. What didn't make sense is that it would route from Toronto to Chicago (800KM away) then back to Toronto before coming back to our area. Not only did that not make sense but it violated Canadian law at the time which prescribed that Canadian data originating and destined for Canada had to be routed entirely within Canada. So on the 4th year network exams we answered the question about data routing within Canada...oh yes illegal to do it outside Canada, although we knew the truth that it did. The professor had no interest in going down the lab and watching a traceroute in progress.

    1. Anonymous Coward
      Anonymous Coward

      Canada strong and free, as long as they don't look.

      I wrote about such routing in the 1990's when the infrastructure was growing and being designed to send data north/south rather than east/west. Among the various "reasons" included excuses such as Canadians prefer it that way, Canadians want that, and Canadians don't care.

      I finally figured out that it wasn't Canadians answering, it isn't Canadians deciding such things. Even the "Canadian" companies answered to American investors, employed Americans, and used American equipment and sub-contractors.

      Today it does not matter and for similar reasons. Americans have full access to the Canadian infrastructure. Even if all Canadian data stayed in Canada the NSA would receive all of it.

      Interesting that there are those suggesting otherwise.Their reasons for doing so would be even more interesting.

  13. CanadianMacFan

    Nothing New

    When I was working for a telco in the late 1990s I noticed that the packets going from North Vancouver to South Vancouver (in British Columbia) were all being routed through Toronto. Always seemed kind of strange to route Internet traffic that's going from one side of a city to another halfway across the country, especially one as large as Canada.

  14. Daedalus

    Stop laughing

    Every time some pol suggests "shutting down the Internet" or "blocking people/countries" there is a peal of laughter from those who think themselves in the know. Of course it's impossible they say, the Internet is a distributed web of connections designed to route around censorship.

    Except it isn't anymore. The Internet Protocol may be in place but the physical routes are anything but distributed. This was apparent 10 years ago to anyone who noticed that the big telecom companies were becoming ISP's by default.

    So who's laughing now?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like