Slashdot Mirror
2002 US Wiretap Report
GMontag writes "Full report:2002 WIRETAP REPORT Administrative Office of the United States Courts
Leonidas Ralph Mecham, Director I especially like this part: 'Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant
to the court orders. Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.'"
Here it is.
I just noticed that for the NY Organized Crime Task Force's 7 intercepts, the average cost was $886,999. Yet for Special Narcotics it's only $8747. I suppose it's due to the duration of the intercepts.
Developers: We can use your help.
Nah, it's more likely the plaintext was recoverd by compromising keyring passwords. If short keylengths (e.g. 56-bit DES) were used, they also may simply have brute-forced them.
It wont matter much (aside from those who use keys to auth) on what crypto you use most of the time if the hardware you use to make the transaction work is bugged.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
>
>Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?
Yes, it means all of the communications were successfully decrypted. It does not mean that failures were not reported.
It is (deliberately) vague about whether decryption was done by s00per-s33kr1t quantum computers on Mars, or if it was done by using other methods to compromise the suspect's password, passphrase, key, or leaked transmissions of plaintext. I don't have a need to know, but I would suspect the latter is the more likely possibility. The weakest link in any cryptosystem is the moron behind the keyboard.
I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")
Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see. While it may be possible to do such a thing, it would still be prohibitively expensive. Not just in terms of computing gear (which is getting cheaper and always will get cheaper), but in terms of manpower (which ain't any cheaper, and ain't gonna get any cheaper) to analyze it.
the polygraph is not a lie detector. A polygraph actually records a number of different signals. Respiration, persperation... A polygraph only detects your output, not your internal processes. That may eventually change with walk-through brain scanners at the airports...
The polygraph operator may be thoroughly trained to interpret this data, or they might simply have bought a polygraph and hired themselves out immediately. Training and certification varies greatly from state to state. It's claimed that they measure 'deceptive reactions' pretty well, (bear in mind that they also run on Windows..No, i'm not kidding.) If you really believe what you're saying, a polygraph won't pick that up. But on the other hand, it might. I would say that the jury's out on their effectiveness, but they don't let polygraph results anywhere near a jury. (we'll get to that.) Dweceptive behaviour is not the same as lying. If you give a patently false answer to every question, it messes with the baseline. If you give honest answers that mislead, it may or may not pick them up. If you tell the truth but think about something bad you've done lately, you might get a false positive. It's that messy.
Voice analysers promise similar results- the ability to pick up changes in a person's voice, microtremors, when deceptive intent creeps in... but have also been shown to be faulty. And then shown to be fine. And then faulty again. And so on.
The supreme court has ruled that polygraph tests can be administered- but that the data may not be used as evidence in court. Although it is illegal to make a polygraph test part of the private industry hiring practice, the feds can do this all they want, and are expanding their activities in this regard as more sophisticated, digital equipment becomes available.
It's more likely that brain imaging will evolve to replace the polygraph- and even then, it probably won't be 100%. There will always be those who can believe what they are saying to be true. It's all about confidence. So to answer the question- yes, they could try, but they might not be able to get anything useful from it, and if you know enough about how they work, you could give them enough false positives that they'd never work it out. Then they'd simply get a court order to bug your keyboard instead, out of sheer frustration. Unless you were deemed a REAL threat to national security- in which case they import you to egypt for 'questioning...'
sorry if i sound pessimistic. But the answer is that if it's that important, they'll use something more proven than a polygraph....
"I'd say 'Have a good time,' but arson is still illegal.
Not necessarily. Especially not when encrypting multiple times using the same algorithm. Read Bruce Schneier's "Applied Cryptography" book. Good stuff. He covers this question much better than I can answer here.
Even when using multiple different algorithms there is a chance of weaking the whole thing. Depends on which algorithms you're using and how you're using them. I think you are generally safe using different known-good algorithms though (say 3DES then AES). I would not encrypt multiple times with the same algorithm unless it has been mostly proven to be more secure.
The ratio of people to cake is too big
And why exactly should it have any effect ? The way things are going in the USA right now, we're getting slowly but surely in a state of near everlasting, constant terror. At what point will the number of people that "disappear" in the "special" facilities outnumber the real terrorism victims ? On top of that the CIA, FBA and NSA had more than enough man power and funds to tackle the problem before it happened. They were just too busy doing some economical espionage on their european allies.
You mean there is a question that DES is now insecure? For $10,000 you can buy the hardware to build a DES cracker. Still outside the range of private hacking, but definitely not outside the range of Corporate espionage. And as for the government, fur-get-abut-it.
Sig Nazi- "No Sig for you, come back 1 year."
Terminated in the telco world means that it is active, not that it has been disconnected. As you terminate wires on a terminal strip - you terminate whatever equipment that the warrant calls for to the phone or data line.
It's not just 'free' that concerns me - that he's in a key position that demands a level of integrity that he does not posses.
I think this is exactly why he was chosen. Remember these are the same people demanded less accurate felon information so they could eliminate at least 50,000 legal black voters from the rolls in Florida, the same people who deployed the same voting machines to white and mixed districts but programmed the ones in 95%+ white counties to return a spoiled vote to the voter, and to trash the spoiled votes in the 25%+ black counties. They asked for more innacurate felon information to the point where less than 5% of those kicked off the rolls were actually inelligable to vote, they kicked off a judge, an senior election official, and a shitload of ministers for heavens sake. Do you think they WANT an honest man directing the office of domestic contro-- err, surveillance?