[tlrobinson]

Are they suggesting the NSA is tapping intra-data center communications? I hadn't seen that suggested before.

That's interesting. I hadn't considered that could be how Prism works, but it would make sense if these companies weren't encrypting those connections previously. Somehow I assumed they were.

[aaron42net]

Most companies have historically considered dark fiber (where nobody else's network gear is involved) to be secure enough. Passively decoding dumps of hundreds of gigabits or terabits spread over many colors of light (DWDM) into useful data was generally thought of as prohibitively expensive and therefore not a viable threat.

The routers that can handle those speeds don't encrypt the link itself, so the most common solution is to do per-connection encryption between hosts with SSL or SSH or similar. Do you run SSL when talking to all of your internal APIs, databases, etc?

What about between nodes in EC2, particularly between availability zones? Those are potentially subject to the same sort of sniffing without Amazon's involvement.

[Create]

Amazon does have certification by said agency.

[thrownaway2424]

Google has datacenters all over the world, including in hyper-intrusive surveillance states like India. The NSA is not the only reason to encrypt long-haul private traffic.

[Spooky23]

Some datacenters consider things like MPLS labels as a secure boundary. That isn't an issue at Google scale, but google almost certainly uses public fiber at between many connection points.