Inteinet Suiveillance anu Boomeiang Routing:

A Call foi Canauian Netwoik Soveieignty

!"#$%&'()*)+#(,-./(0123(


}onathan A. 0bai
Anuiew Clement

Faculty of Infoimation
0niveisity of Toionto

14u St. ueoige Stieet, Toionto, 0N NSS Su6 (416) 628-6261
jonathan.obaiutoionto.ca; anuiew.clementutoionto.ca

Keywoius:
Suiveillance; Big Bata; Telecommunications; Piivacy; Netwoik Soveieignty

Abstiact

Pieliminaiy analysis of moie than 2S,uuu tiaceioutes ieveals a phenomenon we call
'boomeiang iouting' wheieby Canauian-to-Canauian inteinet tiansmissions aie
ioutinely iouteu thiough the 0niteu States. Canauian oiiginateu tiansmissions that
tiavel to a Canauian uestination via a 0.S. switching centie oi caiiiei aie subject to
0.S. law - incluuing the 0SA Patiiot Act anu FISAA. As a iesult, these tiansmissions
expose Canauians to potential 0.S. suiveillance activities - a violation of Canauian
netwoik soveieignty.

In the face of this uniegulateu suiveillance of Canauians, the Feueial goveinment
anu inteinet seivice pioviueis shoulu ie-asseit oui national netwoik soveieignty
anu bettei piotect Canauian civil libeities. In what follows, we piesent boomeiang
ioute finuings anu uiscuss NSA tiacking conceins. We then offei a plan foi
stiengthening Canauian netwoik soveieignty, incluuing: 1) stiengthening anu
enfoicement of Canauian piivacy law (e.g. PIPEBA), anu 2) iepatiiation of Canauian
inteinet tiaffic by builuing moie inteinet exchange points.



Inteinet Suiveillance anu Boomeiang Routing:
A Call foi Canauian Netwoik Soveieignty

National soveieignty is thieateneu when an otheiwise inteinationally
inuepenuent state has its iights anu poweis of inteinal iegulation anu contiol
violateu by the encioachment of a foieign bouy (Baii, 2uu2). As a soveieign will can
be imposeu in any aiea wheie theie is a ielationship between the political entity
known as the state anu its citizens, theie aie a multituue of sites foi potential
violation. 0ne such site is netwoik soveieignty - the authoiitative quality oi piocess
wheieby an entity (such as the state) oi set of entities uistinguishes the bounuaiies
of a netwoik anu then exeicises a soveieign will oi contiol within those bounuaiies.
Any contiolling entity, fiom a feuual monaich to an electeu goveinment, exeicises a
foim of netwoik soveieignty when they constiuct oi iegulate any numbei of
netwoik systems ianging fiom tianspoitation (e.g. ioaus, iailioaus, highways),
utilities (e.g. watei, electiic) to communication (e.g. mail ioutes,
telecommunication) in which the state has a vital inteiest. As soveieigns, they can
ueciue wheie these netwoiks go, theii stiuctuial uesign anu uevelopment, the
extent to which they opeiate, in whole oi in pait, anu at what speeu anu capacity, as
well as who oi what can tiavel on them, anu at what piice. It follows that a thieat to
national netwoik soveieignty constitutes encioachment upon the iights anu poweis
of the state to iegulate anu contiol any of these netwoik aspects.

Canaua's telecommunication system, as a ciitical infiastiuctuie foi nation
builuing anu socio-economic well-being, is one site wheie the state has, ovei many
yeais, attempteu to exeicise national netwoik soveieignty. Following fiom a long
histoiy of piotectionist policy, the Telecommunications Act of 199S notes that
Canauian telecommunications peifoim "an essential iole in the maintenance of
Canaua's iuentity anu soveieignty" (Telecommunications Act, 199S). Exeicising a
soveieign will, the Canauian goveinment also ueteimineu a connection between its
telecommunication system anu the piotection of civil libeities. Foi example, the Act
notes that Canauian telecommunications shoulu "contiibute to the piotection of the
piivacy of peisons" (Ibiu). These piivacy piotections aie ieinfoiceu by Section 8 of
the !"#"$%"#&!'"()*(&+,&-%.')/&"#$&0(**$+1/ that piotects against unlawful seaich
anu seizuie, anu by the 2*(/+#"3&4#,+(1")%+#&2(+)*5)%+#&"#$&63*5)(+#%5&7+581*#)/&
95) (PIPEBA), which safeguaius uata piivacy in the piivate sectoi. As a iesult,
shoulu a foieign bouy encioach upon the contiol of a Canauian telecommunication
netwoik anu its opeiation, that action woulu constitute a violation of Canauian
netwoik soveieignty, anu potentially thieaten Canauian civil libeities.

This papei piesents finuings fiom the IXmaps (foi inteinet exchange
mapping) pioject at the 0niveisity of Toionto
1
- a ieseaich initiative that maps anu
analyzes the ioutes Canauian uata packets take acioss the inteinet backbone. While
Canauians accessing Ameiican seiveis thiough intenueu communication with
Ameiicans anu Ameiican inteinet seivices shoulu expect to senu packets acioss the
boiuei, one might assume that Canauian-to-Canauian communication iemains
within national juiisuiction. Contiaiy to this assumption, the IXmaps ieseaich
makes visible a wiuespieau phenomenon we call 'boomeiang iouting' wheieby
Canauian-to-Canauian inteinet tiansmissions aie ioutinely iouteu thiough the
0niteu States
2
. Canauian oiiginateu tiansmissions that tiavel to a Canauian
uestination, but via a 0.S. switching centie oi 0.S. caiiiei, aie subject to 0.S. law -
incluuing the 0SA Patiiot Act anu FISAA
S
. As a iesult, Canauian-to-Canauian inteinet
tiansmissions that boomeiang expose Canauian communications to potential 0.S.
suiveillance activities - a violation of Canauian netwoik soveieignty.

In the face of this uniegulateu suiveillance of Canauians, the Feueial
goveinment anu inteinet seivice pioviueis shoulu ie-asseit oui national netwoik
soveieignty anu bettei piotect Canauian civil libeities. In what follows, we piesent
IXmaps boomeiang ioute finuings, anu uiscuss ielateu conceins about NSA tiacking.
We then offei a plan foi stiengthening Canauian netwoik soveieignty. Two
stiategies aie outlineu foi piotecting Canauian inteinet tiansmissions fiom
Ameiican suiveillance: 1) stiengthening anu enfoicement of Canauian piivacy law
(e.g. PIPEBA), anu 2) iepatiiation of Canauian inteinet tiaffic by builuing moie
inteinet exchange points.

Napping Canauian Boomeiang Tiaffic Thiough the 0.S.

When useis inteiact with inteinet applications (email, web, p2p, etc.) they
senu uata packets ovei the inteinet. As each packet takes its inuiviuual path, it
tiavels thiough uata tiaffic iouteis that pass the packet closei to the uestination.
Anyone who has tiackeu a couiieieu mail package knows that mail uoes not tiavel
in a stiaight line fiom point A uiiectly to point B, theie aie stops (oi 'hops') in
uiffeient locations along the way - the same is tiue foi uata packet iouting.

IXmaps softwaie maps uata packet ioutes ('tiaceioutes') using uoogle Eaith
anu uoogle Naps to tiace the ioutes packets take fiom the usei's machine, thiough
the uiffeient tiaffic iouteis ('hops') along the way to the final uestination. As shown
in Figuie 1, the softwaie pioviues location uata (i.e. latituue anu longituue) foi each
hop along the ioute.

|Figuie 1 about heiej

Since 2uu9, the IXmaps team has engageu in a ciowusouicing effoit to
geneiate anu accumulate tiaceioutes. Noie than 1uu contiibutois have installeu
anu iun customizeu tiace geneiation softwaie (TRgen), auuing to a uatabase
cuiiently containing appioximately 2S,uuu tiaceioutes fiom close to 2uu uistinct
oiiginating auuiesses, teiminating in moie than 2,Suu uistinct uestinations.

Figuie 1 piesents the tiaceioute uata foi a 'boomeiang ioute', a path that
oiiginates anu teiminates in the same countiy, but tiansits anothei. As uepicteu in
Figuie 2, this tiaceioute begins anu enus in Canaua, but ciosses into the 0.S. along
the way.

|Figuie 2 about heiej

Fiom the uatabase of 2S,uuu tiaceioutes, S,S6u oiiginate anu teiminate in
Canaua, of those, 1,28u, ioughly one-quaitei, boomeiang thiough the 0niteu States.
Some of the online inteiactions that boomeiang thiough the 0.S. incluue visits to
Canauian goveinment websites, incluuing the 0ffice of the Piivacy Commissionei of
Canaua, the Piime Ninistei's 0ffice, membeis of Pailiament, as well as a numbei of
peisonal banking sites such as Bank of Nontieal, TB Canaua Tiust anu CIBC.

Canauian Boomeiang Tiaffic anu NSA Suiveillance

In 2uu6, Naik Klein, a ietiieu AT&T technician, ievealeu that the 0.S.
National Secuiity Agency (NSA) hau installeu suiveillance equipment at AT&T's
main San Fiancisco inteinet exchange point (IXP) at 611 Folsom St. (Klein, 2uu9).
By installing splitteis that uiiecteu exact copies of all tiaffic passing thiough the IXP
to seciet computeis, the NSA's suiveillance system was capable of monitoiing the
piocess of communication (i.e. senuei anu ieceivei), but also the contents of the
messages as well. Nuch of the inteicepteu tiaffic is saveu foi latei analysis. The
NSA's seciet uata centei oi 'spy facility' cuiiently being built in 0tah, will soon be
capable of hanuling seveial uecaues woith of inteinet tiaffic (Bamfoiu, 1S Nai
2u12).
4
Recent ievelations by whistleblowei Euwaiu Snowuen have confiimeu
these allegations of wiuespieau NSA inteiception of uomestic 0.S. inteinet tiaffic
(uieenwalu, 7 }un 2u1S; uieenwalu et al, 2u1S)

Baseu on conveisations anu meetings with othei AT&T staff, Klein (2uu9)
iepoits that suiveillance installations, like that in San Fiancisco, exist in five othei
locations: Atlanta, Los Angeles, San Biego, San }ose anu Seattle. Clement (2u1S)
iuentifies 18 cities in the 0.S. that likely have similai suiveillance sites. Fuitheimoie,
of the 1,S19 0.S.-only tiaceioutes helu in the IXmaps uatabase, 99 peicent tiavel
thiough at least one of these cities, suggesting that the NSA has almost complete
suiveillance capabilities foi all 0.S. inteinet tiaffic (Ibiu).

The extent of 0.S. suiveillance of Canauian uata packets is less cleai. Table 1
lists the top-1u 0.S. cities suspecteu of having installeu NSA splittei opeiations
(Clement, 2u1S). The table also notes the peicentage of the 128u Canauian-0S-
Canaua boomeiang ioutes houseu in the IXmaps uatabase that pass thiough these
cities, potentially subject to 0.S. suiveillance effoits. Cuiient finuings ieveal that
cities closest to the Canauian boiuei aie moie likely to ioute Canauian uata.
Appioximately Su peicent of IXmaps boomeiang ioutes pass thiough New Yoik anu
Chicago, the top two cities suspecteu of having NSA splitteis, anu about 2S peicent
tiavel thiough Seattle.
S


|Table 1 about heiej

The boomeiang iouting anu consequent thieat of NSA suiveillance iuentifieu
by the IXmaps pioject, suggests that many of the ISPs opeiating in Canaua aie
jeopaiuizing both the soveieignty anu piivacy of Canauians manuateu by the
Telecommunications Act anu Peisonal Infoimation Piotection anu Electionic
Bocuments Act.

A Call foi Canauian Netwoik Soveieignty

Foieign suiveillance of Canauian ICT tiansmissions thieatens Canauian civil
libeities anu violates oui soveieignty. This call foi Canauian netwoik soveieignty
uiges the Feueial goveinment to stiengthen oui secuiity policies anu ielateu
enfoicement mechanisms to ensuie that Canauian-to-Canauian communication
iemains within oui national bounuaiies anu juiisuiction. Canauian uemociatic
institutions likely cannot affect 0.S. suiveillance piactices, but they can ensuie that
those opeiating within the juiisuiction of Canauian law make the piotection of
Canauian soveieignty anu civil libeities a top piioiity. We iecommenu that policy
effoits stiengthen anu enfoice Canauian piivacy laws, anu woik to iepatiiate
Canauian inteinet tiaffic by builuing moie inteinet exchange points.

:)(*#.)'*#%#.&!"#"$%"#&2(%;"5<&=">/&?%@*@&242679A&

Canauian uata iouting anu collection piactices neeu gieatei piotection by
Canauian piivacy policy. While the 2*(/+#"3&4#,+(1")%+#&2(+)*5)%+#&"#$&63*5)(+#%5&
7+581*#)/&95) (PIPEBA) uemonstiates the Feueial goveinment's inteiest in piivacy
piotections, moie neeus to be uone to ensuie iesults. When PIPEBA went into effect
at the tuin of the millennium, Facebook, Twittei anu smaitphones uiun't exist. Noie
of oui lives aie being liveu online, with each activity piouucing stieams of fine-
giaineu peisonal uata.

Canaua's Piivacy Commissionei }ennifei Stouuait has aumitteu that PIPEBA
is outuateu anu in neeu of iefoim,

As oiganizations finu new ways to piofit fiom peisonal infoimation, the iisks
to piivacy aie giowing exponentially. |.j It is incieasingly cleai that the law
is not up to the task of meeting the challenges of touay - anu ceitainly not
those of tomoiiow. (0PC, 2S Nay 2u1S)

Fuitheimoie, while the 0ffice of the Piivacy Commissionei (0PC) has
piompteu companies to impiove theii piivacy piactices, actions aie iaiely
pioactive, with minimal ieactions moie often the iesult aftei consiueiable 0PC
iesouices have been spent (Ibiu). Stouuait notes, "|tjhe legislation lacks
mechanisms stiong enough to ensuie oiganizations invest appiopiiately in piivacy"
(Ibiu).

The 0PC has ieleaseu a position piece (0PC, 2u1S) calling foi PIPEBA iefoim
that woulu uo moie to stiengthen national netwoik soveieignty as well as piivacy.
These iefoims incluue:

1) Stiengthening 0PC enfoicement poweis incluuing: a) statutoiy uamages
to be auministeieu by Feueial Couit foi violations, b) oiuei-making
poweis foi the 0PC that woulu foice oiganizations to peifoim oi cease
ceitain actions, anu c) monetaiy penalties to be imposeu by the 0PC.

2) Bieach notification: iequiiing oiganization to iepoit piivacy bieaches to
the 0PC anu to affecteu useis.

S) Incieaseu tianspaiency: tianspaiency iepoits woulu be iequiieu,
uisclosing law enfoicement anu othei goveinment iequests foi peisonal
infoimation, anu the extent to which entities comply.

4) Piomote accountability: oiganizations woulu have to uemonstiate
accountability (pioactive piivacy piotections) upon iequest. The
'enfoiceable agieements' concept, the notion that 0PC can compel action,
woulu be incoipoiateu into the law, with accountability piovisions being
subject to ieview by a Feueial Couit.

Each of these iefoims shoulu be implementeu with a focus on uata collection
anu management piactices, incluuing iouting behaviouis. While enfoicement powei
will be essential to ensuie compliance, gieatei tianspaiency is also vital to ensuie a
moie uemociatic assessment of cuiient piactices. It is uniealistic to expect a quick
anu complete shift to netwoik soveieignty, anu thus, public unueistanuing of the
iefoim is essential. Cuiiently, PIPEBA iequiies that useis submit piivacy
complaints to caiiieis. Without gieatei tianspaiency, this iequiiement is likely to
accomplish little piotection, as useis aie unable to ueteimine the extent to which
theii civil libeities aie being violateu. uieatei tianspaiency anu gieatei
enfoicement will push back against the uevelopment of inuustiy piactice that has
maue Canauians subject to 0.S. suiveillance effoits anu thieateneu both oui piivacy
anu oui national soveieignty.

-*B")(%")*&4#)*(#*)&C(",,%5&D<&D8%3$%#.&E+(*&!"#"$%"#&4#)*(#*)&6F5'"#.*&2+%#)/

Passing laws manuating iouting patteins will be pioblematic if caiiieis aie
not pioviueu with the tools to ensuie that a soveieign Canauian inteinet netwoik
will be able to function. While political economic ielationships between caiiieis
contiibute to iouting patteins, netwoik congestion issues, specifically Canauian IXP
bottlenecks aie a iealistic concein that can uiiect iouting anu as a iesult, impact
netwoik soveieignty anu piivacy.

Inteinet exchange points (IXPs) have many benefits incluuing the ability to
help ieuuce netwoik congestion anu inciease the likelihoou of local peeiing (IT0,
2u1S). It has been suggesteu that the piesence as well as management of IXPs can
impact an entiie iegion's Inteinet economy (Ryan anu ueison, 2u12; IT0, 2u1S).
0thei ielateu benefits incluue: ieuucing the numbei of netwoik hops to exchange
tiaffic as well as ioute options available, optimizing the use of inteinational
connectivity, impioving netwoik iesilience anu likely quality of seivice, ieuucing
tiansmission costs anu inteinational capacity costs (potentially millions of uollais
pei yeai), anu incieases the possibility of gieatei inteinet penetiation iates (IT0,
2u1S). Inueeu, given the iise of the inteinet economy anu the intensification of the
inteinet's centiality to eveiyuay life, the impoitance of IXPs is only giowing.

To ensuie Canauian netwoik soveieignty, moie IXPs neeu to be built. As of
}une 2u12, Canaua only hau thiee IXPs. In the last yeai, two auuitional IXPs have
been auueu to this list. By compaiison, the 0niteu States has 86 IXPs (Packet
cleaiing house, 2u1S). As Byion Bollanu, piesiuent of the Canauian Inteinet
Registiation Authoiity notes,

Theie is one way to piotect ouiselves, to some uegiee, fiom having oui uata
fall unuei the juiisuiction of a foieign countiy. We must ensuie moie of it
tiavels to its uestination via Canauian ioutes. |.j It is time foi Canaua to
iepatiiate its Inteinet tiaffic to the best extent possible |.j to uo this will
iequiie moie Inteinet Exchange Points |.j By builuing a iobust Canauian
Inteinet infiastiuctuie, incluuing a nation-wiue fabiic of IXPs, we can ensuie
moie Canauian tiaffic stays in Canaua, anu is theiefoie only subject to
Canauian law. (Bollanu, 24 }un 2u1S)

The Canauian goveinment shoulu continue to invest in this vital
infiastiuctuie, which is ceitainly linkeu to economic benefit, as well as the
piotection of piivacy anu netwoik soveieignty.

Conclusion

When Canauian inteinet tiaffic boomeiangs thiough the 0.S., the
tiansmissions become subject to 0.S. laws incluuing the Patiiot Act anu FISAA. With
0.S. secuiity agencies engaging in bioau uomestic suiveillance, Canauian-to-
Canauian tiansmissions may be subject to inteiception. To safeguaiu Canauian
netwoik soveieignty, the Canauian goveinment shoulu uo moie to ensuie that the
commeicial entities that ioute Canauian inteinet tiansmissions aie compelleu to
piotect them, anu as a iesult, usei piivacy. Netwoik soveieignty begins with
stiongei goveinment policy anu enfoicement mechanisms that can enhance best
piactices anu spui pioactive self-iegulation. The builuing of moie Canauian inteinet
exchange points anu piomotion of theii use will iemove justifications foi
inteinational peeiing, anu stiengthen Canaua's inteinet economy.

These effoits will contiibute to state soveieignty, but will not fiee Canauians
fiom being suiveilleu. Inteiception stiategies similai to those being peipetiateu by
the NSA aie also likely taking place in Canaua. Similai to the billion-uollai 'spy
centei' being built in 0tah (Bamfoiu, 1S Nai 2u12), Communications Secuiity
Establishment Canaua (CSEC) is cuiiently builuing an $88u million intelligence
complex iight next to the Canauian Secuiity Intelligence Seivice's heauquaiteis
(Pugliese, 12 0ct 2uu9). While CSEC uenies any claim of uomestic suiveillance
activity (CTv, 1u }un 2u1S) it has been suggesteu that the puipose of this new
facility is to emulate the NSA (Tencei, 8 }un 2u1S).

National netwoik soveieignty is thieateneu when an otheiwise
inteinationally inuepenuent state has its iights anu poweis of inteinal netwoik
iegulation anu contiol violateu by the encioachment of a foieign bouy. Though the
multituue of challenges piesenteu by oui evolving telecommunications system can
seem insuimountable (0bai, 2u1S), piagmatic anu iealistic stiategies foi bolsteiing
Canauian netwoik soveieignty aie neeueu. Canauians shoulu auvocate foi toughei
piivacy policies anu enfoicement of the law to ensuie that civil libeities aie
piotecteu. We shoulu also champion investment in telecommunications
infiastiuctuie, especially inteinet exchange points that woulu, in combination with
stiongei policies, ieuuce uepenuence on foieign iouting, stiengthen oui inteinet
economy anu iestoie faith in the commitments of oui public tiustees.

Woiks Citeu

Bamfoiu, }. (1S Nai 2u12). The NSA is builuing the countiy's biggest spy centei
(watch what you say). G%(*$@ Retiieveu }uly 2u, 2u1S fiom
www.wiieu.comthieatlevel2u12uSff_nsauatacentei

Baii, B. (2uu2). Piotecting national soveieignty in an eia of inteinational meuuling:
an incieasingly uifficult task. H"(;"($&I+8(#"3&+,&3*.%/3")%+#J&KLJ 299-S24.

Bauei & 0bai (2u12). Reconciling political anu economic goals in the net neutiality
uebate (woiking papei). Retiieveu }uly 11, 2u1S fiom
http:papeis.ssin.comsolSpapeis.cfm.abstiact_iu=1989648

Clement, A. (2u1S). IXmaps - tiacking youi peisonal uata thiough the NSA's
waiiantless wiietapping sites. 2(+5**$%#./&+,&)'*&4666&M&4:C9:&5+#,*(*#5*.
Toionto. }une 27-Su, 2u1S.&

CTv. (1u }un 2u1S). Bata-collection piogiam not taigeting Canauians: NacKay.
Retiieveu }uly 26, 2u1S fiom http:www.ctvnews.cacanauauata-
collection-piogiam-not-taigeting-canauians-mackay-1.1S19u96
&
uieenwalu, u. (7 }un 2u1S). NSA Piism piogiam taps in to usei uata of Apple, uoogle
anu otheis. C'*&N8"($%"#@&Retiieveu }uly 2u, 2u1S fiom
www.guaiuian.co.ukwoilu2u1Sjunu6us-tech-giants-nsa-uata

uieenwalu, u., NacAskill, E. & Poitias, L. (1u }un 2u1S). Euwaiu Snowuen: the
whistleblowei behinu the NSA suiveillance ievelations. C'*&.8"($%"#@&
& Retiieveu }uly 2u, 2u1S fiom
www.guaiuian.co.ukwoilu2u1Sjunu9euwaiu-snowuen-nsa-
whistleblowei-suiveillance

Bollanu, B. (24 }un 2u1S). PRISN, inteinet exchange points anu Canaua. 28O3%5&&
& $+1"%#&?O3+.A@&Accesseu }uly 26, 2u1S fiom
http:blog.ciia.ca2u1Su6piism-inteinet-exchange-points-anu-canaua

Inteinational Telecommunications 0nion. (2u1S). Inteinet exchanges points (IXPs).
WTPF backgiounuei seiies. Retiieveu }uly 26, 2u1S fiom
www.itu!"#$%&#%'$()-!"!"#$%&'()*!+,$-./#%(0'/-!"#$-!"-!"#$-!"#$%&!

Klein, N. (2uu9). Wiiing up the big biothei machine. anu fighting it. Chaileston, SC:
BookSuige Publishing.

0bai, }.A. (2u1S). Phantom uata soveieigns: Waltei Lippmann, big uata anu the
fallacy of peisonal uata soveieignty. Woiking papei.

0ffice of the Piivacy Commissionei of Canaua. (2u1S). C'*&5"/*&,+(&(*,+(1%#.&)'*&&
& 2*(/+#"3&4#,+(1")%+#&2(+)*5)%+#&"#$&63*5)(+#%5&7+581*#)/&95)@&Retiieveu }uly
26, 2u1S fiom http:www.piiv.gc.capail2u1Spipeua_i_2u1SuS_e.asp

0ffice of the Piivacy Commissionei of Canaua. (2S Nay 2u1S). New ielease: new
piivacy challenges uemanu stiongei piotections foi Canauians. Retiieveu
}uly 26, 2u1S fiom http:www.piiv.gc.cameuiani-c2u1Sni-
c_1SuS2S_e.asp

Packet cleaiing house. (2u1S). Inteinet exchange point giowth. Retiieveu }uly 26,
2u1S fiom https:piefix.pch.netapplicationsixpuiisummaiygiowth

Pugliese, B. (12 0ct 2uu9). Canauian spies' 'Camelot': uefence hoping ot attact
woilu-class talent with $88uN intelligence complex. P")%+#"3&2+/). Retiieveu
}uly 26, 2u1S fiom http:news.nationalpost.com2u121uu8canauian-
spies-camelot-uefence-hoping-to-attiact-woilu-class-talent-with-88um-
intelligence-complex

Ryan, P.S. & ueison, }. (2u12). A piimei on inteinet exchange points foi
policymakeis anu non-engineeis. Retiieveu }uly 26, 2u1S fiom
http:papeis.ssin.comsolSpapeis.cfm.abstiact_iu=21281uS

Telecommunications Act. (199S, c. S8). Retiieveu fiom the uoveinment of Canaua
}ustice Laws website: http:laws-lois.justice.gc.caengactst-S.4

Tencei, B. (8 }un 2u1S). NSA spying on Canauians, CSEC capable of similai
suiveillance: expeits. Buffington Post. Retiieveu }uly 26, 2u1S fiom
http:www.huffingtonpost.ca2u1Su6u8nsa-spying-
canaua_n_S4u8662.html

Zikopoulos, P., Eaton, C., ueRoos, B. Beutsch, T., & Lapis, u. (2u12). Q#$*(/)"#$%#.&
& O%.&$")"@ New Yoik, NY: Ncuiaw-Bill.
0%.8(*&RS&C+(+#)+TP*>&U+(VT!'%5".+TC+(+#)+&D++1*("#.&C("5*(+8)*&7*)"%3/&
&
&& &
0%.8(*&WS&C+(+#)+TP*>&U+(VT!'%5".+TC+(+#)+&D++1*("#.&-+8)*



& &
C"O3*&RS&!"#"$"TQ:T!"#"$"&D++1*("#./&"#$&=%V*3%'++$&+,&P:9&:8(;*%33"#5*&
NSA
Likelihoou

City

Boomeiangs
% of CBN-0S-CBN Tiaffic
(128u Routes)
1 New Yoik, NY 62S 49%
2 Chicago, IL 64S Su%
S Los Angeles, CA 6 <1%
4 Atlanta, uA 42 S%
S Ballas, TX 21 2%
6 San Fiancisco, CA 12 1%
7 Washington, BC 1Su 11%
8 Seattle, WA Su1 24%
9 San Biego, CA u u%
1u Boston, NA 1u 1%
Note. NSA likelihoou iefeis to the ianking of the likelihoou of NSA splittei opeiations in each city
pioviueu by Clement (2u1S). Boomeiangs aie iuentifieu by analysis of moie than 2S,uuu tiaceioutes
houseu in the IXmaps uatabase.

1
www.ixmaps.ca
2
While not iecognizeu publically, it is well-known in the inteinet iouting
community that significant poitions of intia-Canauian tiaffic tiansits the 0S.
S
Notably Section 21S of the 0SA Patiiot Act, anu Section 7u2 of the Foieign
Suiveillance Intelligence Amenuments Act (FISAA).
4
The size of big uata anu the speeu of its exponential giowth aie uifficult to giasp.
IBN iepoits that at the tuin of the millennium, 8uu,uuu petabytes (1u
1S
bytes) weie
stoieu in the woilu (Zikopoulos, Eaton, ueRoos, Beutsch, & Lapis, 2u12). In 2u2u, it
is piojecteu that this numbei will ieach SS zettabytes (1u
21
bytes). The amount of
uata the NSA will iepoiteuly be capable of stoiing is in the iange of yottabytes (1u
24

bytes).
S
These figuies aie appioximate as the geo-location of iouteis is not piecise.