[webroot17]

I did it back when I worked for a major private university (enrollment 25k+). It was simple, add a tap to the fiber coming into our network (we had redundant fiber connections to our particular little niche of a network, and conveniently, there were taps on the market that would aggregate the traffic from both fiber connections), pipe it to a monitoring server and run the logging + monitoring tool of your choice.

My boss barely understood what I was doing, his superiors certainly didn't know anything about it. We were not part of what would be considered the university IT department either -- we were just some random organization within the university. Who knows how many different people on hops above us were doing the same thing. And I was capturing the full traffic (not metadata) of people who would normally take even extra offense at this sort of thing going on. Not because the traffic contained SSNs or credit card details or something like that, but because the traffic was sensitive in a more private, personal way (I can't go into the particular details any more).

Unfortunately, this brief story doesn't have a juicy ending. I didn't do anything nefarious with the data. I didn't use it to spy on anyone. I simply used it to watch out for attacks against services on our network -- I thought I was doing something positive for the users of our services. But reading the parent post made me pause for a moment and consider that all these things I'm reading about and taking issue with in the news today (the NSA, eavesdropping, etc), that I did something similar, albeit on a much, much, smaller scale myself, many years ago when I was younger and more naive.