A few leaks show the National Security Agency is able to redirect a part of a country’s traffic to a friendlier site, where it would be easier to tap the fibre.

In a report for The Century Foundation, Sharon Goldberg warns about a few gaps in American legislation allowing to bypass the restrictions by using the technique to spy on Americans outside the USA.

Diverting the traffic, if the leaked documentation is valid, is referred to in the NSA as “traffic shaping”. This usage of the term differs from the standard one as for most networking specialists, traffic shaping means bandwidth control and packet queueing based on analysing the headers, preliminarily on L3 and higher.

Technical loopholes

So, how exactly can the agency redirect traffic flows to another country? According to the paper “Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad” by Axel Arnbak and Sharon Goldberg of the University of Amsterdam and Boston University respectively, there are many techniques available for spy agencies.

First of all, such international companies as Yahoo and Google maintain data centres in multiple jurisdictions for reliability and faster content delivery, so tapping a line overseas would be enough. Such surveillance method the researchers call “interception in the intradomain”.

Are the packets flowing between different sites (e.g. a website and an ISP’s network), the NSA is able to manipulate with the PGP protocol, which is used by autonomous systems (AS), large-scale networks of which the Internet consists, to root the traffic dynamically.

Sometimes, no interference is required to direct packets from LA to NY through, say, London as under certain conditions transatlantic hops could be cheaper or even faster. Otherwise, an operator can impersonate legitimate AS and trick other ASes into choosing an illogical root by sending a crafted BGP message.

Since the DNS protocol defines which IP address corresponds to a particular domain name, it can also be abused on purpose of traffic redirection, the researchers assert.

Moreover, there’s dirty hack depicted by an unknown hacker, whose sketch was classified (if it is real — and there’s no evidence it is not). An NSA operator can hack into a router to make it mirror traffic to a tappable fibre:

Sometimes secret files look like this… The drawing was first revealed by The Intercept on June 28.

Legal loopholes

A presentation leaked in 2007 shows, if valid, that the agency is interested in and has methods of “traffic shaping” to spy on unfriendly countries:

While there’s no direct evidence the NSA is actually using the same techniques to spy on US citizens, American legislation doesn’t stricly prohibit to do so.

Rerouting packets overseas to minutely vet them outside the American jurisdiction without a warrant doesn’t appear to violate the Fourth Amendment to the United States Constitution. In our epoch, the amended section dating back to 1789, if applied to digital networks, looks ambiguous:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Intercepting data flows on US soil is viewed as seizure, so a warrant is required, and a special secret court was established for spy agencies under the Foreign Intelligence Surveillance Act of 1978 (FISA).

On the other hand, warrant-less gathering foreign intelligence, under the FISA, is legal. But there’s no clear answer whether domestic traffic redirection would be viewed as seizure and regulated respectively. Goldberg suggests a few solutions to clarify the legal status of the technique, one of which is to wipe the difference between the domestic and the foreign surveillance, so that a warrant would always be needed.

According to ZDNet, a spokesperson for the agency declined to comment:

“We do not comment on speculation about foreign intelligence activities; however, as we have said before, the National Security Agency does not undertake any foreign intelligence activity that would circumvent US laws or privacy protections.”