Canadian Internet Exchange Points (IXPs), Canadian Internet Registration Authority (CIRA), Internet Surveillance and Boomerang Routing, National Security Agency - NSA, NSA spying, Privacy, Security- Intelligence, Surveillance
IXmaps is a visual, interactive database of traffic routes, and uses real data to help Canadians get a sense of what happens when they are sending and receiving information. In some cases, even when the servers you are accessing are next door, the data packets will move around the United States before heading back into Canada.
The researchers call these “boomerang routing” and note that they move your information “into the jurisdiction of the U.S. National Security Agency.” In other words, put your details in the hands of the US government. It includes on the maps the sites of NSA listening stations.
Anyone who has a basic grasp of how the internet works will know that data packets will try to take the shortest and easiest route to their end point, and that can mean they travel to nodes that are physically located all over the world.
It is also well known that due to the size, scale, and speed of networks in the United States, huge amounts of global traffic end up going through US networks. And that the fastest route is often dependent on private agreements between different ISPs.
But what the researchers have been able to do is highlight how those peering arrangements between ISPs actually cause data packets to bounce around the world.
They have discovered that many of Canada’s ISPs have networks that tend to send data flows south of the border and back up again rather than across the country. Mostly this goes through a small number of key routing hubs in New York, Chicago, Seattle, and San Francisco. Hubs in which, incidentally, the NSA has installed splitter devices that provide it with a copy of everything going through.
“Canadians may be surprised to learn that when accessing Canadian sites, even those in the same city, their data often still flows through the United States,” the researchers note. “IXmaps research has found thousands of Internet traffic routes in which both ends of a data transfer are located in Canada, but the information travels via the US.”
It takes the view that this is “highly problematic,” as it undermines Canadians’ privacy and may expose “private or sensitive data, such as health information, student records, political affiliation, religious beliefs, financial information, controversial viewpoints, or intimate communications.”
The revelations of mass surveillance by the NSA have sparked a wide range of responses from other countries when it comes to their data traffic. Most significantly, the US-EU Safe Harbor agreement that covers data flows between Europe and the US has been effectively torn up following a successful legal challenge.
Essentially, Canadians are subject to U.S. law – including the USA Patriot Act and Foreign Intelligence Surveillance Act (FISA). As a result, these transmissions expose Canadians to potential U.S. surveillance activities – a violation of Canadian network sovereignty.
Keep it in-house
Many countries are starting to see how they can keep their country’s data flows within their own borders, and some are even considering laws to oblige companies to keep data on their citizens on servers in their own country: a level of complexity that gives Facebook and Google heart palpitations.
Brazil is known to be heavily researching how it can avoid so much of its traffic flowing through US systems, even going so far as to build a new submarine cable directly to Europe.
Such efforts are dividing internet engineers, who typically maintain the traditional view that the internet is borderless and should continue to be considered so in order to build the most effective network.
As such, the calm and pragmatic Canadians are working on a less dramatic and more effective solution than forcing data flows into self-contained boxes. They intend to use the Internets own inner workings to limit the amount of spill into the United States.
The company that runs the country’s “.ca“ Domain Names, Canadian Internet Registration Authority (CIRA). The projects most similar in scope to IXmaps are the DIMES project from Tel Aviv University, kahunaburger traceroute, the Gtrace project, the Geographical Traceroute project, and the xtraceroute project. IXmaps is distinct from all of these projects as it employs a unique traceroute visualization from the user’s system to the destination (displayed in Google Earth) and presents unique information about Internet exchange points transited along the way.
These developments are being implemented with funding from the Social Sciences and Humanities Research Council (SSHRC) ITST (Image, Text, Sound and Technology (ITST) program. IXmaps is part of the New Transparency Project at the Faculty of Information, University of Toronto.(CIRA) among other companies, has been investing in a national network of internet exchange points (Canadian Internet Exchange Points (IXPs)) that will share and exchange traffic within Canada.
By building up capacity and increasing the number of Canadian peering arrangements, the likelihood of data only flowing through Canada rather than crossing over into other jurisdictions is much higher (assuming of course you are only trying to connect to servers within Canada).
Lead researcher Andrew Clement notes: “There is nothing inherently wrong with data moving unencumbered across an interconnected global Internet infrastructure. It is, however, critical that Canadians understand the implications of their data being stored on US servers and moving through US jurisdiction. ISPs need to be transparent, privacy protective, and accountable custodians of user information in this regard. Internet users should be fully informed consumers and citizens when making choices about their sensitive personal data.”
If you are interested, you can contribute your own data to the project by installing the IXmaps Client traceroute generating software built by the researchers. It will carry out anonymized traceroute requests from your location and share the results.