Country-in-the-Middle: Measuring Paths between People and their Governments

Understanding where Internet services are hosted, and how users reach them, has captured the interest of government regulators and others concerned with the privacy of data flows. In this paper we focus on government websites -- services which arguably merit a higher expectation of protection against foreign surveillance or interference -- and seek to identify countries in the middle (CitMs): countries that are neither the source nor destination in a path for a resident visiting their online government services. Finding these CitMs raises daunting methodological challenges. We propose a framework to identify CitMs and use a pilot study of 149 countries to refine our methodology before conducting an in-depth measurement study of 11 countries. For our focused study, we compile an extensive set of websites hosting government services and analyze over 9,000 IP-level paths from vantage points in those countries to these services. We conduct extensive manual validation to corroborate or discard paths based on the aforementioned challenges, and discuss paths that experience unexpected CitMs.