The NSA Selector

Don't forget the GHCQ which installs a mirror on each UK modem. I don't think the NSA goes to these extremes

I've worked with quite a few ISPs and exchanges. I haven't set up port mirrors for the NSA but I have setup temporary mirrors for the FBI upon request.

The NSA/govt gets its own dedicated floor in some DCs, esp. large interconnects

Oh man, I really hope they don't get all my TLS connections.

The NSA worked with GHCQ to tap Google's fiber between data centers, which at the time, was not encrypted. You can see several presentations including "SSL added and removed here" (reference to the SSL connection being terminated at the Google front end and then transmitted unencrypted to the backend in another data center), as well as an actual BigTable packet from tcpdump that included a user identifier.

If you read The Idea Factory, it shows that AT&T leadership worked closely with NSA and other governmental agencies (on a "secret schedule" so nobody would know who the execs were meeting with) to help them access US phone data.

I'd love to know the extent of what NSA has done between its founding and today; I'm sure they've pulled off some astounding things, and bolluxed up other stuff badly.

This seems hard to believe, given how many different modems from different sources you can use, as well as thirdparty ones. Source?

I doubt encryption makes much of a difference, depending on the magic numbers in your implementation.

FWIW, as we've had this twice, GCHQ - Government Communications Headquarters.