Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
The Courts Government News Your Rights Online

2002 US Wiretap Report 265

Posted by michael from the STU-III dept.
GMontag writes "Full report:2002 WIRETAP REPORT Administrative Office of the United States Courts Leonidas Ralph Mecham, Director I especially like this part: 'Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.'"
This discussion has been archived. No new comments can be posted.

2002 US Wiretap Report More

2002 US Wiretap Report

Comments Filter:

  • Hey (Score:3, Insightful)

    by Bendebecker ( 633126 ) on Wednesday April 30, 2003 @02:30PM (#5845407) Journal
    DES broken? The evidence mounts...
    • DES or 3DES? Either way, it's probably easier just to sniff the keyboard or bug the encrypted phone.

      • Re:Hey (Score:3, Insightful)

        by Skyshadow ( 508 )
        Either way, it's probably easier just to sniff the keyboard or bug the encrypted phone.

        Easier, sure, but also a helluva lot more detectible. You gotta figure that anytime you have a local device, you're running a pretty high risk of getting caught given that you (a) have to place it, (b) have to have something physically there that might be found, and (c) it has to transmit data out somehow. Tapping a line at the phone company has none of these drawbacks.

        • Re:Hey (Score:3, Insightful)

          by Steve B ( 42864 )
          You gotta figure that anytime you have a local device, you're running a pretty high risk of getting caught given that you (a) have to place it, (b) have to have something physically there that might be found, and (c) it has to transmit data out somehow.

          These difficulties are manageable if the feds are only conducting this level of surveillance on a few hundred targets. For law-abiding citizens in general, imposing this sort of practical limit on the government is a feature, not a bug.

          • Re:Hey (Score:3, Informative)

            by theedge318 ( 622114 )
            You mean there is a question that DES is now insecure? For $10,000 you can buy the hardware to build a DES cracker. Still outside the range of private hacking, but definitely not outside the range of Corporate espionage. And as for the government, fur-get-abut-it.

      • Re:Hey (Score:3, Funny)

        by FroMan ( 111520 )
        You ceratinly don't want to be sniffing my keyboard. I have like 5 years of cheerios and milk and other food living/dying in there. I have it willed to science when I die. Granted the longer I use the keyboard the better chance I have of being killed by it. Like last night it went out on the town and didn't come back until the wee hours of the morning all tipsy and drunk. Damn, I think my keyboard has a better social life than my wife and I. Just to reiterate, my keyboard is not safe to sniff. So, an

    • Re:Hey (Score:2, Informative)

      by Lord Dimwit Flathead ( 668521 )
      Nah, it's more likely the plaintext was recoverd by compromising keyring passwords. If short keylengths (e.g. 56-bit DES) were used, they also may simply have brute-forced them.

    • Misdirection; answer is elsewhere (Score:5, Insightful)

      by Spamalamadingdong ( 323207 ) on Wednesday April 30, 2003 @03:20PM (#5846058) Homepage Journal
      There is a simple and obvious reason for the decrease in reported Federal wiretaps:
      No statistics are available on the number of devices installed for each authorized order. This report does not include interceptions regulated by the Foreign Intelligence Surveillance Act of 1978 (FISA).
      The obvious explanation is that the agents have knocked so many holes in the "Chinese Wall" between domestic criminal surveillance and foreign snooping that they just ask the guys on the foreign side (where they don't need no steenking warrants) rather than troubling a judge.

      Or maybe I just need to check the shielding on my tinfoil hat, but history says that the above is probably much closer to the truth than anyone in the administration wants to admit.

    • Re:Hey (Score:3, Insightful)

      by Qrlx ( 258924 )
      Well, it seems that we should be able to get the answer with a little bit of work. So, there were 18 cases one year and 16 cases the next where the feds encountered encrypted traffic.

      I would have to think that at least one of those would be coming to a federal courtroom sometime soom. Unless these are all secret wiretaps for secret hearings, which seems to be more and more common these days.

      Another method would be a survey of which encryption methods are likely to be used by individuals seeking to secur

  • Encryption (Score:5, Insightful)

    by Verteiron ( 224042 ) on Wednesday April 30, 2003 @02:32PM (#5845430) Homepage
    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    So are we talking ROT13 here, or real encryption? Seems a little unnerving if it's the latter.

    • Re:Encryption (Score:3, Insightful)

      by Anonymous Coward
      Doesn't really matter. Theres no industrial strength encryption for telephones readily available that hasnt been defeated these days, and as for electronic communications... PGP doesn't help you one whit when the feds slip into your house at night and plant a keysniffer to get your private key/pass phrase -- and they will.
      • Theres no industrial strength encryption for telephones readily available that hasnt been defeated these days

        Yes there is [canoe.ca].

    • How was the plain text obtained? (Score:5, Insightful)

      by _bug_ ( 112702 ) on Wednesday April 30, 2003 @02:40PM (#5845541) Journal
      You've got two ends of the pipe where the data winds up as plaintext. If either end was compromised, as would seem to be the case, then there's no need to worry about cracking the ciphertext.

      It's not the encryption algorithm or perhaps even the implementation that's weak. It's how the user manages his or her data.

    • 'muffy' is NOT a good encryption key. Either that, or get a better name for your pet.

    • Re:Encryption (Score:3, Interesting)

      by jackdoodle ( 644479 )
      It's almost as if you can read the air quotes around the word 'encryption'...you can assume that even if it is military grade encryption, the NSA knows how to crack it, via back doors or otherwise. After all they were in on DES from the beginning, and had a hand in selecting Rijndael as the new AES.

      From an American Mathematical Society report, for instance:
      "NIST's evaluation used published research from academic and industry experts and private advice from the National Security Agency (NSA)." Gee, I wonde

    • Re:Encryption (Score:2, Insightful)

      by CracktownHts ( 655507 )
      It would help to know who these LEOs are before guessing on whether they can crack RSA, 3DES and similar. Two possibilities:

      1) The list consists solely of FBI, DEA or similar "non-intelligence" agency (wait, that came out wrong...) whose activities were not supported by an intelligence agency (NSA, CIA)
      2) The list includes NSA or CIA-supported entities.

      If (1), these wiretaps were performed by someone other than an intelligence agency, then the encryption probably became a non-obstacle either because t

  • FYI - Starium 100 TripleDES bump in the line (Score:4, Informative)

    by wherley ( 42799 ) on Wednesday April 30, 2003 @02:33PM (#5845444)
    Here [starium.com] it is.

  • Read carefully (Score:5, Interesting)

    by Shimmer ( 3036 ) on Wednesday April 30, 2003 @02:34PM (#5845466) Journal
    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted

    Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

    -- Brian

    • Re:Read carefully (Score:5, Insightful)

      by stratjakt ( 596332 ) on Wednesday April 30, 2003 @02:38PM (#5845522) Journal
      Could be a ton of things.

      Could be that they got one end of the transmission to roll over on his buddy and hand out the plain text, this seems most likely. All the tough guy criminals squeal like little piggies when a DA starts talking about jail time.

      Could be they got the password to decrypt the wiretaps, or the plain text, through normal policework (like a warrant to search the PC). The fact that guy A is talking to known crime figure B is probably enough for such a warrant, regardless of whether its known what they said.

      I mean, if somethings encrypted on the wire, then it was plaintext when it went in, and when it came out. I'd think most detectives would try another angle before they sat around trying to brute force decrypt a transmission.

      • Re:Read carefully (Score:4, Insightful)

        by GMontag ( 42283 ) <gmontag AT guymontag DOT com> on Wednesday April 30, 2003 @02:52PM (#5845720) Homepage Journal
        The main reason that I included that passage in the story was because it appears that no investigation was thwarted by encryption.

        Point being, all of this claptrap on restricting encryption is just that, meaningless nonsense.

        If encryption were creating a real problem for law enforcement then there would be some number of un-decripted messages to account for and I would not assume even that would create a problem in each instance.
      • Remember though that while the detective is using a brute force cracker he can be siting eating doughnuts instead of out looking for real bad guys.

    • Re:Read carefully (Score:5, Informative)

      by Tackhead ( 54550 ) on Wednesday April 30, 2003 @02:45PM (#5845618)
      > > however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted
      >
      >Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

      Yes, it means all of the communications were successfully decrypted. It does not mean that failures were not reported.

      It is (deliberately) vague about whether decryption was done by s00per-s33kr1t quantum computers on Mars, or if it was done by using other methods to compromise the suspect's password, passphrase, key, or leaked transmissions of plaintext. I don't have a need to know, but I would suspect the latter is the more likely possibility. The weakest link in any cryptosystem is the moron behind the keyboard.

      I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")

      Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see. While it may be possible to do such a thing, it would still be prohibitively expensive. Not just in terms of computing gear (which is getting cheaper and always will get cheaper), but in terms of manpower (which ain't any cheaper, and ain't gonna get any cheaper) to analyze it.

      • Re:Read carefully (Score:2, Insightful)

        by Bradee-oh! ( 459922 )
        I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")

        Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see.

        I am not a huge conspiracy theorist myself, but playing devil's advocate on this is irresistable - do you really think that simply because the agency reported only 16 or 18 wiretaps for the given years that only 16 or 18 actually took place?

        Isn't the worry of all the 1984-ists o
      • I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")

        Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see.
        From the article:

        the number of wiretap applications granted for which encryption was encountered

        So, we see that:

        - The number of wiretaps applied for (i.e. that they had a legal justification for doing) which were actually encrypted was barely double-digits. This gives us no inf

  • Indeedyay... (Score:5, Funny)

    by Hayzeus ( 596826 ) on Wednesday April 30, 2003 @02:36PM (#5845483) Homepage
    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    ... it'say orthway ememberingray atthay igpay atinlay isay ayay esslay anthay idealay ormfay ofyay encriptionay.

  • An interesting number (Score:5, Interesting)

    by truthsearch ( 249536 ) on Wednesday April 30, 2003 @02:36PM (#5845494) Homepage Journal
    For those who don't RTFA, here's one interesting number: Average cost per intercept order = $54,586

    I don't see any reference to how the number is determined, like if it includes parts of salaries for employees.

    • Wow, another number (Score:4, Informative)

      by truthsearch ( 249536 ) on Wednesday April 30, 2003 @02:39PM (#5845530) Homepage Journal
      I just noticed that for the NY Organized Crime Task Force's 7 intercepts, the average cost was $886,999. Yet for Special Narcotics it's only $8747. I suppose it's due to the duration of the intercepts.

      • Re:Wow, another number (Score:3, Interesting)

        by hpa ( 7948 )
        More likely it is due to the number of lawful intercepts that they have to spill out the cost of the unlawful ones between.

        (If you think that doesn't happen, look at the past.)
      • I just noticed that for the NY Organized Crime Task Force's 7 intercepts, the average cost was $886,999. Yet for Special Narcotics it's only $8747. I suppose it's due to the duration of the intercepts.

        At $900K/wiretap, that's 6.2Million dollars in the NY area. If you subtract $300K for some donught-eating dective to exclusively listen on each line 24/7 ($100K*3 shifts), that still leaves 4.1Million for hardware and social engineering to circumvent those combined wiretaps' encryption.

        For my part I'd say

  • This makes me glad I ordered a whole slew of phone tap warning stickers [buyolympia.com] from CrimeThinc [crimethinc.com]. I can't wait for them to arrive. Maybe it can help make a difference against the evil Patriot Act.

  • Public Report (Score:5, Insightful)

    by Jim Buzbee ( 517 ) on Wednesday April 30, 2003 @02:37PM (#5845501) Homepage
    Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?

    • This is a law enforcement report, not something published by the NSA or the CIA (who actually do most of the real wiretapping). The latter two agencies don't publish any such reports. As for your question: most civilized countries, which includes all of Europe, publish similar reports.

    • Re:Public Report (Score:5, Insightful)

      by limekiller4 ( 451497 ) on Wednesday April 30, 2003 @03:08PM (#5845872) Homepage
      Jim Buzbee writes:
      "Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?"

      Oo! I know! A country whose government realized a long time ago that they could fool 99% of the population -- and simultaneously marginlize the remainder as leftists -- by releasing just enough and/or falsified data to make people think this is evidence of an open government?

      Am I right? Do I get a lolipop?

      Iran-Contra taught me everything I needed to know about the government's willingness to not only lie to the people and Congress itself but to be proud of doing so. For those who don't remember all the details, this was Oliver North being directed by Ronald Reagan to sell arms to Iran (despite a Congressional ban) and using the proceeds to fund the South American Contras (which was also specifically banned by Congress by way of the Boland Amendment [ncsu.edu]). The Contras were fighting the Sandinistas, a democratically-elected government that wasn't kissing our ass).

      Don't get me wrong here... I'm not claiming this data is either falsified or incomplete. But claiming that because we've recieved something from the government is prima facie evidence that we have a government that puts us before it's own perceived interests is nothing short of hilarious.

      • I'm convinced that Iran/Contra must have been considered the penultimate act of patriotism. How else could one rationally explain former convict John Poindexter's involvement with the TIA effort? (For those with short memories, his felony conviction for his involvement with Iran/Contra was overturned on a technicality).

        Oh wait...there's this thing called irony.
        • The technicality that overturned Poindexter's appeal was that he'd testified under an immunity deal with Congress. So, the appellate court decision that kept him out of jail was on solid legal ground.

          That, however, does not mean that he wasn't guilty as sin; only that he can't legally be punished for it. In any event, under no circumstances should he be serving in a senior Pentagon position requiring any level of security clearance.

      • Re:Public Report (Score:3, Interesting)

        by ces ( 119879 )
        Sorry, but wiretaps really ARE expensive and aren't all that common. The tinfoil hat crowd may think the NSA/CIA/FBI is monitoring all of their phone and computer communications but, really, there just isn't the manpower or the time. I've heard the paranoids claim there is "s00per-s33kr1t" voice reconition to do automated monitoring, but based on what I know about computers and linguistics this just isn't currently possible.
        • ces writes:
          "Sorry, but wiretaps really ARE expensive and aren't all that common. The tinfoil hat crowd may think the NSA/CIA/FBI is monitoring all of their phone and computer communications but, really, there just isn't the manpower or the time. I've heard the paranoids claim there is "s00per-s33kr1t" voice reconition to do automated monitoring, but based on what I know about computers and linguistics this just isn't currently possible."

          Post grad-level students were using 30-node (not a typo) AI nets to ex
        • Wiretaps are (or, at least, until very recently were) far less common than they were in the 1960's, when the McCarthy bug was going around. That's because we started requiring the FBI to get court orders to do wiretapping. Since then, it's become much easier to do a wiretap, and we've had 9/11, which has opened the floodgates on funding to "counter terrorism."

          They don't have the means or the funds to monitor everyone, or even most people. But they do have the means to at least somewhat monitor the milli

  • I wonder (Score:3, Insightful)

    by Telastyn ( 206146 ) on Wednesday April 30, 2003 @02:38PM (#5845514)
    if that includes this [slashdot.org]. Or another situations where the wiretap failed, and the police were able to get the information in a more traditional or creative way rather than breaking the encryption.

  • Oh my! (Score:2, Funny)

    by burgburgburg ( 574866 )
    Does this mean that my ROT 13 phone is not the security answer I was looking for?

    Am I going to have to filter everything through my Swedish chef filter? Bork bork bork, bork, bork bork?

    • Does this mean that my ROT 13 phone is not the security answer I was looking for?

      Not by itself. You need to chain two of them in series.

  • Form the report (Score:3, Interesting)

    by Timesprout ( 579035 ) on Wednesday April 30, 2003 @02:42PM (#5845565)
    It looks like there were some 1350 odd state and federal authorised wiretaps. Anyone have any idea how credible this number is? Colour me paranoid but in the current climate I would have expected a much higher number. Or have I just misread the report (OK I admit I only glanced at it)
    • This report seems to include only wiretaps granted by judges in the course of criminal investigations. Thus it wouldn't reflect any intelligence gathering monitoring, which gets approval for domestic-related wiretaps from courts that are not required to report anything about their decisions (there are judges that are appointed with the duty of granting these orders; they never hear oppositional arguments, thus they almost always grant them). Furthermore, anytime one end of the call lands outside the U.S
      • Table 3 [uscourts.gov]
        Major Offenses for Which Court-Authorized Intercepts Were Granted
        Pursuant to 18 U.S.C. 2519
        January 1 Through December 31, 2002

        Other
        Racketeering
        Homicide and Assault
        Narcotics
        Gambling
        Kidnapping
        Bribery
        Larceny, Theft, and
        Robbery
        Loansharking, Usury,
        and Extortion

        See report for numbers.

  • They probably got the keys from the users (Score:4, Insightful)

    by RhettLivingston ( 544140 ) on Wednesday April 30, 2003 @02:44PM (#5845609) Journal

    10 to 1, they either found other evidence to force the users to voluntarily cough up the keys, got a warrant to put a sniffer on the user's keyboard in the case of computer communications and then retrieved the keys from the computer after they got the password, or they physically copied the encryption keys out of the phones in the case of encrypting phones.

    I've always wondered if they can get a password from you involuntarily by just hooking you up to a lie detector and asking questions like, "is the first letter a vowel? Is it 'A'? Is it 'E'? Is the second letter a number?... etc.

    Anyway, most encryption is pretty useless if the cracker can own the machine or its keyboard for a while without the user's knowledge and almost all of it is useless if you own the user.

    • I've always wondered if they can get a password from you involuntarily by just hooking you up to a lie detector and asking questions like, "is the first letter a vowel? Is it 'A'? Is it 'E'? Is the second letter a number?... etc.

      Only if you believe in the polygraph's ability to tell truth. Polygraphs are garbage [google.com]; see for yourself. Their primary use is to scare people who don't know better into confessing something they otherwise wouldn't.

    • well, not really. (Score:5, Informative)

      by SolemnDragon ( 593956 ) <solemndragon AT gmail DOT com> on Wednesday April 30, 2003 @03:18PM (#5846036) Homepage Journal
      Lie detectors don't work. THat is to say, they work, some of the time, when the person doing the lie detecting knows that there's a lie to detect. The problem with lie detectors... *cough* Fine. Let me rephrase that. There are a number of problems with lie detection equipment, and here are some of them.

      the polygraph is not a lie detector. [howstuffworks.com] A polygraph actually records a number of different signals. Respiration, persperation... A polygraph only detects your output, not your internal processes. That may eventually change with walk-through brain scanners at the airports...

      The polygraph operator may be thoroughly trained to interpret this data, or they might simply have bought a polygraph and hired themselves out immediately. Training and certification varies greatly from state to state. [howstuffworks.com] It's claimed [techtv.com] that they measure 'deceptive reactions' pretty well, (bear in mind that they also run on Windows..No, i'm not kidding.) If you really believe what you're saying, a polygraph won't pick that up. But on the other hand, it might. I would say that the jury's out on their effectiveness, but they don't let polygraph results anywhere near a jury. (we'll get to that.) Dweceptive behaviour is not the same as lying. If you give a patently false answer to every question, it messes with the baseline. If you give honest answers that mislead, it may or may not pick them up. If you tell the truth but think about something bad you've done lately, you might get a false positive. It's that messy.

      Voice analysers [spyzone.com] promise similar results- the ability to pick up changes in a person's voice, microtremors, when deceptive intent creeps in... but have also been shown to be faulty. And then shown to be fine. And then faulty again. And so on.

      The supreme court has ruled that polygraph tests can be administered- but that the data may not be used as evidence in court. Although it is illegal to make a polygraph test part of the private industry hiring practice, the feds can do this all they want, and are expanding their activities in this regard as more sophisticated, digital equipment becomes available.

      It's more likely that brain imaging will evolve to replace the polygraph- and even then, it probably won't be 100%. There will always be those who can believe what they are saying to be true. It's all about confidence. So to answer the question- yes, they could try, but they might not be able to get anything useful from it, and if you know enough about how they work, you could give them enough false positives that they'd never work it out. Then they'd simply get a court order to bug your keyboard instead, out of sheer frustration. Unless you were deemed a REAL threat to national security- in which case they import you to egypt for 'questioning...'

      sorry if i sound pessimistic. But the answer is that if it's that important, they'll use something more proven than a polygraph....

      • I think the difference in this case is that the proof is in whether or not the password works. If the password works, you've met your goal which was to be able to get into the user's machine and decode the message using the keys there (and perhaps another password). The password itself doesn't have to be admissable in court.

        Also, I suppose I wasn't thinking of a normal polygraph. I was thinking of a device that I played with 17 years ago where you could put a set of electrodes on your head and move a cu

    • Wow. I can just see it now.

      This could lead to the slowest brute-force attack ever...

      FBI: So, is your password "jhT78$^&" ?
      Rube: No.
      FBI: He's telling the truth. Damn. So, is your
      password "jhT78$^*" ?
      Rube: No.
      FBI: Damn. He's still telling the truth.
      So, is your password "jhT78$^(" ?
      Rube: No.
      ...

      etc.

      (Yes, I *know* that's not what the poster suggests, but still...)
    • You might want to check out this site [antipolygraph.org] which debunks the myth that polygraphs work. And yes, I'll bet most people probably give up their passwords themselves. For instance, Jim Bell [wired.com], the guy behind Assination Politcs [outpost-of-freedom.com], a guy who should know better, gave up his PGP passphrase as part of his plea bargin. He is now suing [cryptome.org] the state of Washington and a host of others for the costs of breaking the encryption, brute-force using 1997 hardware.
      • I'm aware of the issues with polygraphs, but as posted elsewhere the conditions and objectives are different here in a way that changes the equation. In this case, I have a 100% accurate test to put in a feedback loop with the polygraph. Basically, if I can get a password that works, my objective has been met and the polygraph worked with 100% certain accuracy. So, even if it only works with 1 person in 10, its value is not significantly reduced. It still made an attack possible for that one person that

  • Only 16? (Score:2, Insightful)

    by lexbaby ( 88257 )
    Only 16 taps were encrypted? Either the "bad guys" don't even try, or they're not tapping the right people.

  • Steganography, anyone? (Score:5, Interesting)

    by sssmashy ( 612587 ) on Wednesday April 30, 2003 @02:50PM (#5845693)

    Given that the average cost of a federal wiretap in 2002 was $75,659, I imagine there was a strong incentive for gov't wiretappers to get their money's worth. And given the feds' almost unparalleled codebraking resources, it would take pretty solid encryption to sneak one past them.

    The supposed 100% success ratio in cracking encrypted communications is most likely because the individuals under surveillance (mainly drug smugglers and organized crime) lack the sophistication necessary to match wits with the feds.

    I'd assume that the most elite, technically savvy criminals out there don't get caught by law enforcement wiretapping, for two reasons:

    1. They are subtle enough that they never even come under suspicion, and are thus not under surveillance.

    2. They are smart enough to communicate in ways that are not easily intercepted by the feds: private couriers, simple signals that were agreed upon in advance, etc.. Those that rely on electronic communications probably use steganography or other means to disguise the fact that a "message" is even being sent. Let's face it, a suspected drug dealer sending a simple, encrypted text message may as well be waving a big red flag and shouting: "look at me! I've got something to hide!"

  • Interesting tables. (Score:5, Interesting)

    by RealAlaskan ( 576404 ) on Wednesday April 30, 2003 @02:55PM (#5845751) Homepage Journal
    Take a look here [uscourts.gov]. You'll see that there have been very few wiretaps on pagers, fac's machines and computers (59 total in 2002). The two groups doing that sort of tap are the Feds (17 taps) and the NYC Special Narcotics Bureau (24 taps). What do you want to bet that most of the NYC taps are drug dealer's pagers? So, wire-tapping computers doesn't seem to be a wide-spread practice.

    Another interesting table is this [uscourts.gov] one. It gives $/tap. The average cost is over $50K. That suggests that a wiretap is going to take a big bite out of almost any agency's budget (average cost for the Feds is $75K). The cost may be the best protection of our privacy. Certainly it seems a better bet than the judiciary.

    Finally, there is the table [uscourts.gov] which shows arrests and convictions. Slightly over half of the arrests related to wiretaps result in convictions. Does anyone know how that compares to investigations without wiretaps? It suggests that more than half of the wiretaps were in response to some broken law. Hopefully they were good laws, rather than DMCA-style disasters.

    In short, one could almost imagine that the folks in the tin-foil hats are crazy to worry about the cops tapping their computers.

    • The average cost is over $50K.

      That's only part of the cost. Back when Guliani was busting the New York Mafia, they had to pay New York Telephone's retail rates for each wiretap. Their wiretapping bill exceeded $1 million a year, and the New York FBI office wasn't budgeted for it. Much of the pressure for CALEA (the "communications assistance to law enforcement act) came from those days.

      Now, law enforcement doesn't have to pay telcos directly. Telcos are authorized to pass wiretapping costs along to thei

  • They would just decrypt the encrypted message with you, a small room with one bright light, and an "instrument" or two. It's not all bad over here.

    What, were you expecting something different here? Fine..

    IN SOVIET RUSSIA... encryption wiretaps YOU!

    • Re:IN SOVIET RUSSIA... (Score:5, Insightful)

      by gerardrj ( 207690 ) on Wednesday April 30, 2003 @03:10PM (#5845896) Journal
      Your right... in the U.S. They'd decrypt the message with you during a 20 year to life term in a maximum security prison without ever charging you with anything or giving you a trial by your peers.

      The decryption sessions would occur in a a small dark room where you would be "inconvienenced" and "annoyed" and "harrased" by being forced to stand for LONG periods of time, having food and water withheld, being locked in a 3x3 room with no human contact for weeks on end, being woken up at random times just to be asked a question hoping that in a sleepy state you might divulsge something, having sound payed and near painful levels for hours/days on end.

      Yea... the U.S. system is SOOO much better than the old Soviet system. At least the Soviets had the balls to make it common knowledge what they did, you knew what to expect. Here in the U.S. the government pussyfoots around the issue and makes you think that the "interviewees" are treated just like you and I when questioned by the local beat cop.

  • Old joke: "Need a job?" (Score:3, Funny)

    by Tackhead ( 54550 ) on Wednesday April 30, 2003 @03:00PM (#5845803)
    "NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one."

    - [source unknown, seen in .sig files for at least 10 years]

    • "NSA is now funding research not only in cryptography, but in all areas
      of advanced mathematics. If you'd like a circular describing these new
      research opportunities, just pick up your phone, call your mother, and
      ask for one."

      The first time I saw this was on a poster distributed by RSA Security. This was back in the clipper chip days when there was a real possiblity non-escrowed encryption might be banned.

  • Dumb question (Score:2, Interesting)

    by teamhasnoi ( 554944 )
    Is encrypting something multiple times more secure? Say if I run something through PGP twice with different keys, wouldn't that be pretty much bulletproof?

    • Re:Dumb question (Score:3, Informative)

      by Cthefuture ( 665326 )
      Not necessarily. Especially not when encrypting multiple times using the same algorithm. Read Bruce Schneier's "Applied Cryptography" book. Good stuff. He covers this question much better than I can answer here.

      Even when using multiple different algorithms there is a chance of weaking the whole thing. Depends on which algorithms you're using and how you're using them. I think you are generally safe using different known-good algorithms though (say 3DES then AES). I would not encrypt multiple times w
      • Even when using multiple different algorithms there is a chance of weaking the whole thing. Depends on which algorithms you're using and how you're using them.

        Assume that you have a message, M. You encrypt with with algorithm f using key kf into M'. Then you encrypt it with algorithm g using key kg into M''. If an adversary is able to decrypt M', he may or may not be able to decrypt M''. Let us look at the possibilities for the adversary:

        1. The adversary can decrypt every message encrypted with f: In th
        • I think you're basically agreeing with me in principal. That is that using different algorithms to encrypt multiple times is mostly safe.

          However, your example is missing a possibility. It is completely possible that the interaction between algorithm f and g could produce a weaker result M". Of course it would be easier for anyone trying to break it to know which algorithms you used, but we have to accept that there is a chance they would have this information.

          The attack would not be to try and break ea

    • Re:Dumb question (Score:3, Insightful)

      by Xenu ( 21845 )
      Not necessarily. Encrypting with key A and key B is often mathematically equivalent to encrypting with key C. It may not be any harder to crack.

    • Re:Dumb question (Score:3, Insightful)

      by DarkMan ( 32280 )
      Sort of, but the security gained can be gained in other ways, for less cost (in terms of operator time and computer time).

      In general, assuming a rock solid algorithm, you will not gain anything by using two 1024 bit keys, over a 2048 bit key.

      In practice, I suspect that with any actual algorithm, the 2048 bit key would be more secure. This is becuase there entropy in the key is not evenly distributed, but is concentrated in the higher order bits. So by having two sets of low order bits, you have less ent

  • chaffing and winnowing (Score:5, Interesting)

    by stdarg ( 456557 ) on Wednesday April 30, 2003 @03:20PM (#5846074)
    Has anybody read about chaffing and winnowing? (http://theory.lcs.mit.edu/~rivest/chaffing.txt) What is its strength compared to normal encryption?

    Anyway, the reason I was wondering is all the comments about extracting passwords from people. What would happen if something were encrypted in a way that different passwords revealed different content? It would be trivial with chaffing and winnowing, but I'm sure it could work with other types of encryption.

    The key idea is that of plausible deniability. Say you interleave three streams of data: the real stuff, the decoy stuff, and some random garbage to mess with messages sizes. If you can give 'them' the password for the decoy stuff, and it works, aren't you pretty much off the hook?

  • What a bunch of FUD!!! (Score:3, Interesting)

    by cavemanf16 ( 303184 ) on Wednesday April 30, 2003 @03:28PM (#5846161) Homepage Journal
    Seriously, let's think about it:

    • What's our "population"? Criminals (and from the looks of that report, primarily drug dealers.
    • What are we trying to answer? Whether computer encryption is easily breakable by government wiretapping and other mechanisms.
    • What info do we know?
      • 1) Criminals are generally stupid (why else would they be breaking the law so blatantly to require an investigation that cost >$50k?!)
      • 2) The government wiretaps did not encounter any problem with encryptions that prevented a wiretap from being successful
    The primary problem with most of you is that you're making a mountain out of a statistical molehill. Considering 95% or more of all criminals are complete morons, why would you assume any of them would be using secure 128-bit encryption, steganography, and other such encryption tools to encode their communications? They're usually more interested in how they're gonna whack that jerkoff down the street for lookin' at their girl the wrong way.

    • Criminals are generally stupid (why else would they be breaking the law so blatantly to require an investigation that cost >$50k?!)

      Note that we're talking about the 2,000 or so cases a year where the criminals are smart enough that 10 minutes of detective work doesn't break it wide open - they're sneaky enough that we have to spend $50K in resources to nail them to the wall.

      A criminal running a $10M/year drug ring is probably *smarter* than the average businessman who has a $10M/year business - the gu

    • Hmm,

      They can't all be that dumb. Otherwise, we wouldn't need to be spending $50k+ to track them down. Actually, at a certain point, criminal behavior -- particularly what is known as "organized crime" -- resembles a corporation in its structure and in the ability of its workers.

      These criminals' key weakness may not be normal run of the mill "I broke my cup holder" stupidity, but an arrogant belief that, unlike most criminals that came before them, they will not be caught.

      If these people really were stupi

  • There are two main problems at work here. Whom is listening in on your conversations, and who let them?

    The person within the law enforcement community listening in on your calls may not be perfect. They could use this information to their own ends. They might tip off a friend as to when you are going on vacation and have the rob you. Or they might let that information slip in a public place, with the same result. They might be a childmolester in the making, or a murderer, or something else. Just beca
  • According to the report encryption was encountered on only 18 wiretaps. It is entirely possible very poor encryption tools were used in these cases.

    Given that most wiretaps were for narcotics and that your average drug dealer isn't exactly a rocket scientist, I suspect most of the "encryption" was somthing lame Joe criminal picked up out of a "spy/PI" catalog.

  • Ummm (Score:2, Funny)

    by Mondain98 ( 562481 )
    So if they got around the encryption to decypher the conversations, they violated the DMCA and should be punished. Right? Hillary where are you now, bitch!??

Slashdot Top Deals

What is research but a blind date with knowledge? -- Will Harvey

Close