How to use the 25% of the internet that the NSA doesn’t monitor

How to use the 25% of the internet that the NSA doesn’t monitor

This morning you probably read the report that the NSA, despite its emphatic claims to the contrary, has the ability to scoop up 75% of all US internet traffic. Through various programs known as Fairview, Oakstar, Lithium, Blarney, Stormbrew, and old favorites such as XKeyscore and Prism, the US government gathers data from almost every US telecommunications company. Blarney, for example, according to former AT&T officials, sends a copy of anything interesting that crosses the AT&T network (which is huge) to the NSA.

Rather than worry about whether your internet activity is being snooped on by the US government, though (spoiler: it is), I thought I would instead take a different tack and surprise you with a glass-half-full approach. If the NSA can listen in on 75% of all traffic traveling through the US, then that must surely mean that a full 25% goes unmonitored. When you’re talking about a significant chunk of the internet’s infrastructure, representing exabytes (billions of gigabytes) of traffic every month, 25% is a significantly sizable swath that’s unchecked by the US government. 25% is easily enough room for you to surf the web without the omnipresent gaze of an overreaching government. But how do you stop being part of the quietly oppressed 75% and enjoy the freedom of the other 25%?

Are you being monitored?

Unfortunately, because we’re dealing with classified information and journalistic reports that redact a lot of the more juicy information, it’s quite hard to work out which 75% of the US internet is being monitored, and which 25% is fast and loose. Let’s start by running through what we do know.

At the very least, it seems that AT&T, Verizon, and Sprint have hardware in their data centers and transit hubs that mirror data, filter the data according to the NSA’s requirements, and then ferry that data to the NSA. Judging by the names mentioned in the leaked Prism slides, major US companies such as Microsoft, Google, Yahoo, and Facebook are all under the thumb of the secret Foreign Intelligence Surveillance (FISA) court, too.

Between AT&T, Verizon, and Sprint, the US government has a tap on most of North America’s US internet traffic. Not only do these companies act as ISPs (connecting consumers to the internet), but by virtue of being tier 1 operators they also run some of the largest backbone and backhaul links (connecting enterprises and whole data centers to the internet). AT&T and Verizon (via WorldCom and UUNET) also have extensive overseas networks, which the US government probably has access to as well.

Sprint’s US backbone map (date unknown, but probably quite recent)

Level 3′s North America internet backbone (2013)

The most notable omission from the leaks appears to be Level 3 — a US company that just so happens to be one of the biggest players in the global internet backbone business. If Level 3 hasn’t signed onto the NSA data collection programs, then that might explain the missing 25%. In reality, Level 3 is probably beholden to the same laws and FISA rulings that have forced other US companies to install the NSA’s special packet-mirroring routers. (See:The secret world of submarine cables.)

Escaping the ever-watchful eye of the US government

Which ISPs and backbone providers have escaped the US government’s digital dragnet, then? Deutsche Telekom, which is headquartered in Germany by operates a large tier 1 network in the US, is one possibility. T-Mobile (which is owned by Deutsche Telekom) has so far been unscathed by the recent spate of NSA whistleblowing, suggesting that its lawyers may have successfully navigated the various FISA rulings. NTT, a Japanese company, and Reliance, an Indian company, both have operations in the USA and may have escaped the NSA.

If I had to pick a major carrier/backbone provider that accounts for the missing 25%, it would probably be Deutsche Telekom/T-Mobile.

But these are just educated guesses. The other gloomy possibility, though, is that the missing 25% represents the data that the telecoms companies hold back from the NSA. According to the Wall Street Journal report, at least one telco has its lawyers only hand over “clearly foreign” streams of data. It’s entirely possible that the government has a tap on every major player in the US internet market.

If that’s the case, then your only real recourse is moving to another country and using an ISP/mobile carrier that doesn’t have ties to the US (very hard, as much of the internet backbone is owned by US companies), or perhaps waiting for an ISP to make a stand and publicly announce that it will not allow the US government to spy on your internet activity. In the meantime, your best bet is probably to use encrypted connections wherever possible. You should force HTTPS with a browser add-on when you’re surfing the web or using webmail, and use encrypted tunnels (SSH) or the secure versions of services (SFTP,  IMAP over SSL, etc.) whenever you venture outside your browser. If you’re really serious about your privacy, using an anonymity network like Tor or Freenet is probably a good idea, too.