So? This isn't the equivalent to papers secured in your household, it's data sent over someone else's network. I'm not a huge fan, but saying it's the same as the government walking into your house and examining all your documents is ridiculous.
Either way, call me when someone finds out they can decrypt and examine all the SSL traffic in real-time.
You're somewhat correct in principle (I agree with the major thesis) but largely off-base in the details. Maybe 20/80. Here's why:
Since this is a mirrored copy of their entire backbone, they're also catching traffic to and from peering points. In Mark Klein's deposition[1], he testifies:
Starting in February 2003, the "splitter cabinet" split (and diverted to the SG3 Secure Room) the light signals that contained the communications in transit to and from AT&T's Peering Links with the following Internet networks and Internet exchange points: ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, Abovenet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet, and MAE-West.
Even if you're completely awesome and use SSL everything (like, say, Gmail), eventually that e-mail you sent is going to find its way from Google's servers to its final destination. That, with almost no exception, is plaintext. If the final destination's MX lives on AT&T's backbone and transits those peers (there might even be more possible scenarios I haven't thought of, such as AT&T selling transit), they are able to copy that e-mail in flight. All of the public information about this case is dated; I can't imagine that the NSA hasn't improved the facilities since.
This is a very specific example, but you get the idea. There are a lot more examples of why this sucks. It's not just your browsing they're catching; there's a shitload of traffic going into that room.
Aside: I'm really surprised this is coming up again. FISAAA mostly and grudgingly killed this story for me in what, 2008? 2009?
>Even if you're completely awesome and use SSL everything (like, say, Gmail), eventually that e-mail you sent is going to find its way from Google's servers to its final destination. That, with almost no exception, is plaintext.
Gmail sends mail out using TLS where available (though I agree with your point).
That's only even a problem if they target you. Danger comes when they can target everyone simultaneously and use automated means to find those who match their profile as enemies of an agenda.
Yes, but that's largely useless unless they target you. If they target you, it's likely they have the means to decrypt your traffic. They also have many other means if you are targeted.
The real danger would come if they didn't have to target you and could just mass mine every single encrypted packet.
Either way, call me when someone finds out they can decrypt and examine all the SSL traffic in real-time.