Saturday, November 02, 2013

Distrusting your telecoms provider

Telecoms companies sell communications services to companies and governments. In the wake of the Snowden revelations about NSA spying (the NSA has penetrated American telecoms and Internet companies) how would you feel - if you were a non-US Government - on contracting with AT&T (say) as your Service Provider?

Most telecom products contain the built-in assumption that the carrier is to be trusted. Carrier Virtual Private Networks transport customer traffic in clear (if using MPLS VRFs) or in multiple encrypted hops with the traffic decrypted in-between (for IPsec VPNs). The ability of a telecoms carrier to read its customers' traffic is pretty much required by 'legalized intercept' legislation.

If you decide that you don't want intelligence agencies checking your traffic at will, then you have to relabel your carrier as an untrusted network - like the Internet. This dramatically collapses the service portfolio you should buy from them.

You will have to encrypt the traffic on your own premises to create your own Internet VPN across the carrier network. You can buy a quality of service (QoS) product from the carrier, marking your IP packets yourself, but you can't let the carrier have any access to content: so almost no hosted services. Life gets awfully hard.