Yep. I suspect we agree more than we disagree.

You are aware that every cable landing station has a classified area, right? And noone is allowed to visit a landing station w/out clearance from USG? And that the USG has a large data center near every cable landing station with rights to use the backhaul fiber from the landing station?

Ask Jay or Najam if they think the USG was tapping FB before they started encrypting everything.

There's on the order of 100 transoceanic cables terminating in the US with on the order of 80 lambdas per cables. That's 8k 100gs at $100k each, or $800M. That's less than 1% of NSA budget and about a tenth of 1% of the black budget. It's a relatively low cost to ensure "total information awareness" of comms in/out of the US.

I don't suggest that 100% of this being stored. It is a fairly trivial computer science problem w/ today's solutions to real time scan the words and pull out flagged data for analysis. That's the metadata you mention and I agree.

> And noone is allowed to visit a landing station w/out clearance from USG?

I work on a regular basis with people at ISPs who operate the terrestrial dark fiber and DWDM networks into many of the WA, OR and CA cable landing stations, and none of them have ever been required to get special permission from the feds. Most have gone through ordinary background checks through their employers, for basic stuff (way, way less involved than doing an SF-86 for a Secret clearance, basically just credit checks, criminal record check, and calling this previous references on their CV when they're hired).

I suspect the nuances, attacks, and mitigations around this would be a good topic of conversation at a conference or something if we ever run into each other.

Unfortunately there's not much that one can say in public around specifics of CLS etc :/