This protocol was created so that monitoring infrastructure could reprogram asic-based packet filters on collection routers (optical taps feed routers with half-duplex-mode interfaces), which grab sampled netflow plus specific targets selected by downstream analysis in realtime. It has to be extremely fast so that it can race TCP handshakes.
I don't think it's much of an exaggeration to say that the technical components of almost all the mass surveillance infrastructure is described in open sources. Yes, they don't put "THIS IS FOR SPYING ON ALL THE PEOPLE" on it, but they also don't even bother reliably scrubbing sigint terms like "tasking". Sometimes the functionality is described under the color of "lawful intercept", though not always.
One of the arguments that people made against the existence of widescale internet surveillance -- back before it was proved to exist-- was that it would require so much technology that it would be impossible to keep secret: the conspiracy would have to be too big. But it wasn't kept secret, not really-- we just weren't paying attention to the evidence around us.
> The techniques are described herein by way of example to dynamic flow capture (DFC) service cards that can monitor and distribute targeted network communications to content destinations under high traffic rates, even core traffic rates of the Internet, including OC-3, OC-12, OC-48, OC-192, and higher rates. Moreover, the techniques described herein allow control sources (such as Internet service providers, customers, or law enforcement agencies) to tap new or current packet flows within an extremely small period of time after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.
> Further, the techniques can readily be applied in large networks that may have one or more million of concurrent packet flows, and where control sources may define hundreds of thousands of filter criteria entries in order to target specific communications.
https://tools.ietf.org/html/draft-cavuto-dtcp-00
This protocol was created so that monitoring infrastructure could reprogram asic-based packet filters on collection routers (optical taps feed routers with half-duplex-mode interfaces), which grab sampled netflow plus specific targets selected by downstream analysis in realtime. It has to be extremely fast so that it can race TCP handshakes.
I don't think it's much of an exaggeration to say that the technical components of almost all the mass surveillance infrastructure is described in open sources. Yes, they don't put "THIS IS FOR SPYING ON ALL THE PEOPLE" on it, but they also don't even bother reliably scrubbing sigint terms like "tasking". Sometimes the functionality is described under the color of "lawful intercept", though not always.
One of the arguments that people made against the existence of widescale internet surveillance -- back before it was proved to exist-- was that it would require so much technology that it would be impossible to keep secret: the conspiracy would have to be too big. But it wasn't kept secret, not really-- we just weren't paying attention to the evidence around us.
For a related patent example: https://patents.google.com/patent/US8031715B1 which has fairly explicit language on the applications:
> The techniques are described herein by way of example to dynamic flow capture (DFC) service cards that can monitor and distribute targeted network communications to content destinations under high traffic rates, even core traffic rates of the Internet, including OC-3, OC-12, OC-48, OC-192, and higher rates. Moreover, the techniques described herein allow control sources (such as Internet service providers, customers, or law enforcement agencies) to tap new or current packet flows within an extremely small period of time after specifying flow capture information, e.g., within 50 milliseconds, even under high-volume networks.
> Further, the techniques can readily be applied in large networks that may have one or more million of concurrent packet flows, and where control sources may define hundreds of thousands of filter criteria entries in order to target specific communications.