>That wouldn't work without the company being at least passively complicit. Links between datacenters are encrypted.
They aren't always. In fact the Snowden leaks were the actual event that got many of these companies to do just that.
You mentioned MUSCULAR, but it was that revelation that the DC to DC connections were not in fact encrypted. I believe that program was taps on the DC connections, since the SSL connectivity was added and then removed in the front end, leaving the replication in the clear. Google seemed to be relying on the physical security of those links and them not being on some shared infra. [1]
WARNING: the link below has classified info from the Snowden leaks. If you have a security clearance, dont click it.
They aren't always. In fact the Snowden leaks were the actual event that got many of these companies to do just that.
You mentioned MUSCULAR, but it was that revelation that the DC to DC connections were not in fact encrypted. I believe that program was taps on the DC connections, since the SSL connectivity was added and then removed in the front end, leaving the replication in the clear. Google seemed to be relying on the physical security of those links and them not being on some shared infra. [1]
WARNING: the link below has classified info from the Snowden leaks. If you have a security clearance, dont click it.
[1] https://www.washingtonpost.com/world/national-security/nsa-i...