How the NSA Legally Spies on Americans

So this is how the Internet is designed to work:  Basically information from your computer, such as email, or web requests, are broken up into small data packets, sent across the Internet using the best path available, and reassembled by the receiving computer back into human useable form.  This communication across the Internet is considered to be “connectionless” and “unreliable” because the communication pathway is not dedicated to the particular transaction, and delivery of packets is merely best effort, not guaranteed.  If packets are lost along the way that is ok, the receiving computer merely asks to have those packets retransmitted.  Packets may and do arrive out of order; packets in the same session may travel different routes as long as they basically try to end up in the same place.  This fairly haphazard system actually works pretty well in practice, as we all know.  This communication protocol, TCP/IP, is how the Internet works.

It would be possible for an organization to try to influence the route that packets take by manipulating the different traffic shaping protocols that the Internet Service Providers use to route traffic efficiently to less busy nodes during times of high utilization.  In fact this happened in 2013 when a large block of traffic was mysteriously routed through Iceland for no apparent reason.  (see graphic below)

Information security blogger Bruce Schneier recently posted an article illustrating how the NSA could legally spy on Americans by using traffic shaping protocols to route US Internet traffic overseas where collecting the information would be deemed “legal” since the data collection actually happened to traffic that was overseas.  So it would be possible for the NSA and other governmental and criminal organizations to use the connectionless nature of Internet traffic to pass it through routers they control in order to do whatever they want with the information they gathered, before sending the packets back on their way, with no one being the wiser, in most cases.

This is why there has been in increase in the use of encryption technologies for information that you are sending over the Internet.  If you have a choice, obviously encryption beats just letting whoever rifle through your email and other transactions.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.