Internet exchange points (IXP), enormous warehouse-like buildings located around the world, are the key junctions in the Internet where the physical networks of Internet companies, large and small (Google, Verizon, Facebook, AT&T, etc.), directly connect to exchange information. Inside the IXP, your Gmail information request enters Google’s routers and network, then heads out on Google’s privately leased or owned cables, often traveling on subsea links toward Google’s foreign data centers.
Burma’s recent Internet problems, as well the latest revelations about NSA’s monitoring of Internet traffic, highlight how much of our lives have become reliant on the physical pieces (infrastructure) of our world that we often know little about. Unless something completely breaks or some spy agency somewhere is accused of snooping, people just don’t pay much attention to the physical wiring of the Internet.
According to reports, the NSA’s MUSCULAR program taps into Google and Yahoo’s internal networks. But data on Google and Yahoo’s privately leased or owned cables can cross cities, IXPs, oceans, and countries, so that information by itself doesn’t explain very precisely where on the physical network the NSA was monitoring. Speculations exist, but details are still unknown.
For efficiency, it would make sense for the NSA to monitor a place with a convergence of Internet pipes and traffic. Paul Brodsky, a senior analyst at TeleGeography, a telecommunications research and consulting firm known for its detailed and beautiful maps of the Internet, is one of many who suggest that “the logical place would be at the submarine cable landing stations.” In the United States, hundreds of thousands of miles of domestic wiring funnel into roughly 35 submarine cables on the East Coast. These cables begin their journey across the Atlantic from one of about 19 landing stations in the eastern United States. In the United Kingdom, where more monitoring supposedly happened, there are roughly 31 known landing stations. (See TeleGeography’s interactive submarine cable map.)
If the NSA knows the locations of Google’s foreign data centers, the cables right outside the data centers would be another potentially useful spot to tap. (Google only publicly acknowledges the existence of seven foreign data centers, but Pingdom, a company that does website and Internet performance monitoring put this map on its blog of where the folks at Data Center Knowledge think there are more.)
IXPs could also be attractive spots for monitoring. As disclosed in the reports on PRISM, the NSA already subpoenas vast quantities of information from several large tech companies (although most have denied that they hand over user data). It wouldn’t be much of a leap to suggest that governments also serve warrants to companies that operate large IXPs.
Other, more James Bond–style snooping techniques could have been used as well. In 2005, the Associated Press reported on a new U.S. submarine with the potential to monitor data on undersea fiber-optic cables. According to sources, though, Google only began encrypting traffic between its data centers this past summer. The Washington Post also points to an “unnamed telecommunications provider” that gave the NSA “secret access” to a link on Google and Yahoo’s internal network. In other words, the NSA might not have had to work very hard to access and read Google and Yahoo’s internal traffic. (The New York Times recently alleged that the “unnamed operator” was Level 3 Communications, the owner of one of the largest fiber-optic networks in the world.)
Anyone—cable owners, big carriers, the operators of landing stations, and IXPs—may have let the NSA spy on their networks. It certainly wouldn’t be the first time that a well-known telecommunications company willingly (or under government pressure?) provided a backdoor to government snoops. In 2006, a whistle-blower exposed a secret room at an AT&T facility in California that the NSA, with permission from the company, had used to monitor Internet traffic.
Internet users in Burma may soon start to breathe a little easier after planned upgrades for the Southeast Asian Games, which the country is hosting in December, go into effect. Myanmar Post and Telecommunications is also planning to invest in more submarine cables for the country. Internet cables can either be leased through an indefeasible right of use, entitling the lessee to do anything with the bandwidth on the cable, or through cheaper “Internet transit” agreements (but the service then falls under whatever filters a carrier may decide to put on it). A country like Burma may use a combination of both (no government engineer has been willing to say); a company like Google will use an IRU, but neither option makes traffic on the cables immune from monitoring.
We can only make educated guesses about where and how the NSA monitoring happened as no one involved has said yet (if they will ever) where the breaches occurred. But Burma’s shaky connection and the surveillance scandal, which shows no sign of abating, both point to the fact that no matter where you live, it might be worth your while to start paying a little more attention to the physical wiring of the world.
This article is part of Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.