Slashdot Mirror
2002 US Wiretap Report
GMontag writes "Full report:2002 WIRETAP REPORT Administrative Office of the United States Courts
Leonidas Ralph Mecham, Director I especially like this part: 'Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant
to the court orders. Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.'"
however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted
Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?
-- Brian
The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
For those who don't RTFA, here's one interesting number: Average cost per intercept order = $54,586
I don't see any reference to how the number is determined, like if it includes parts of salaries for employees.
Developers: We can use your help.
I tend to believe that the government is able to either break or circumvent levels of encryption at a much higher level than commonly thought. I mean, it's entirely possible that old devices were being used for communication, but it seems to be if you're going to be cautious enough to encrypt comms at least one or two would have done it properly.
I wonder: If encryption on the line prevents a court-ordered wiretap from obtaining useful information, is that enough cause to, say, break in and bug the room? The wording of the statement seems to suggest that...
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
It looks like there were some 1350 odd state and federal authorised wiretaps. Anyone have any idea how credible this number is? Colour me paranoid but in the current climate I would have expected a much higher number. Or have I just misread the report (OK I admit I only glanced at it)
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
More likely it is due to the number of lawful intercepts that they have to spill out the cost of the unlawful ones between.
(If you think that doesn't happen, look at the past.)
Given that the average cost of a federal wiretap in 2002 was $75,659, I imagine there was a strong incentive for gov't wiretappers to get their money's worth. And given the feds' almost unparalleled codebraking resources, it would take pretty solid encryption to sneak one past them.
The supposed 100% success ratio in cracking encrypted communications is most likely because the individuals under surveillance (mainly drug smugglers and organized crime) lack the sophistication necessary to match wits with the feds.
I'd assume that the most elite, technically savvy criminals out there don't get caught by law enforcement wiretapping, for two reasons:
1. They are subtle enough that they never even come under suspicion, and are thus not under surveillance.
2. They are smart enough to communicate in ways that are not easily intercepted by the feds: private couriers, simple signals that were agreed upon in advance, etc.. Those that rely on electronic communications probably use steganography or other means to disguise the fact that a "message" is even being sent. Let's face it, a suspected drug dealer sending a simple, encrypted text message may as well be waving a big red flag and shouting: "look at me! I've got something to hide!"
Another interesting table is this one. It gives $/tap. The average cost is over $50K. That suggests that a wiretap is going to take a big bite out of almost any agency's budget (average cost for the Feds is $75K). The cost may be the best protection of our privacy. Certainly it seems a better bet than the judiciary.
Finally, there is the table which shows arrests and convictions. Slightly over half of the arrests related to wiretaps result in convictions. Does anyone know how that compares to investigations without wiretaps? It suggests that more than half of the wiretaps were in response to some broken law. Hopefully they were good laws, rather than DMCA-style disasters.
In short, one could almost imagine that the folks in the tin-foil hats are crazy to worry about the cops tapping their computers.
See what I've been reading.
Is encrypting something multiple times more secure? Say if I run something through PGP twice with different keys, wouldn't that be pretty much bulletproof?
Has anybody read about chaffing and winnowing? (http://theory.lcs.mit.edu/~rivest/chaffing.txt) What is its strength compared to normal encryption?
Anyway, the reason I was wondering is all the comments about extracting passwords from people. What would happen if something were encrypted in a way that different passwords revealed different content? It would be trivial with chaffing and winnowing, but I'm sure it could work with other types of encryption.
The key idea is that of plausible deniability. Say you interleave three streams of data: the real stuff, the decoy stuff, and some random garbage to mess with messages sizes. If you can give 'them' the password for the decoy stuff, and it works, aren't you pretty much off the hook?
- What's our "population"? Criminals (and from the looks of that report, primarily drug dealers.
- What are we trying to answer? Whether computer encryption is easily breakable by government wiretapping and other mechanisms.
- What info do we know?
- 1) Criminals are generally stupid (why else would they be breaking the law so blatantly to require an investigation that cost >$50k?!)
- 2) The government wiretaps did not encounter any problem with encryptions that prevented a wiretap from being successful
The primary problem with most of you is that you're making a mountain out of a statistical molehill. Considering 95% or more of all criminals are complete morons, why would you assume any of them would be using secure 128-bit encryption, steganography, and other such encryption tools to encode their communications? They're usually more interested in how they're gonna whack that jerkoff down the street for lookin' at their girl the wrong way.Remember, in these kinds of reports the government agency generating the report for Congress (the source of all $$$) is trying to make themselves look good. With that in mind, pay attention to the bolded parts:
OK, if we don't want to report failure don't "terminate" the wiretap. Just stop using it and we don't have to tell anyone that we're stumped.
In this case, pay attention to what isn't written:
Note that the report doesn't say all text of communications intercepted. So if all the feds got off a wiretap was "OK, turn on your encryption now!", under what appear to be the rules of this report that wiretap would be considered "successful" in getting plaintext messages.
It's almost as if you can read the air quotes around the word 'encryption'...you can assume that even if it is military grade encryption, the NSA knows how to crack it, via back doors or otherwise. After all they were in on DES from the beginning, and had a hand in selecting Rijndael as the new AES.
From an American Mathematical Society report, for instance:
"NIST's evaluation used published research from academic and industry experts and private advice from the National Security Agency (NSA)." Gee, I wonder what kind of 'advice' they gave...
There are two main problems at work here. Whom is listening in on your conversations, and who let them?
The person within the law enforcement community listening in on your calls may not be perfect. They could use this information to their own ends. They might tip off a friend as to when you are going on vacation and have the rob you. Or they might let that information slip in a public place, with the same result. They might be a childmolester in the making, or a murderer, or something else. Just because you get a government check does not make you a saint. I wish it did.
Problem one : Unknown people spying on you.
The second problem deals with lazy people. Mainly the public who hjave given our governemnt their passive approval of this abuse. The public agrees and maybe even likes this lack of liberty in their own home. They enjoy their temporary safety, at the expenses of some unseen freedoms.
Problem two : The people.
The people, meaning you reading this, if you want things to change need to change yourself first. Change. Become someone who takes an active role in the shaping of your community and become a letter writing machine. Vote! Get the word out. Get out of that chair. If you don't I really don't want to hear your complaints, because you are the problem.
I have faith in the people. I have greater faith in those that read Slashdot. They are people who "hack" things when they need it. The government needs to hear from us. We have to enlighten people as to the lost freedoms. I see that things will change. The dream of freedom must live in the United States at all costs for the simple reason that without that dream there is little need for the United States.
I know how stupid and corny that sounds, but it's true. When you drive by a school and see those kids playing, know that they are counting on you to correct these problems. Think about what you would tell them about maintaining freedom. What advise you might offer. Take your own advise.
Freedom is not free. It take time, effort, and sometimes lives. There are peolpe who lied bloody in a field as the life slowly drained from their bodies who all had the same thoughts in their minds as they died. They though that dying was not that high a price if others will live free and keep the dream alive.
With all that is happening sometimes I think that the dream of freedom and liberty will die with us, but then my faith returns. I wil take action. I hope you will also.
-- Prepared at the direction of, or to be sent to Legal Counsel, in anticipation of litigation. Attorney Client Pri
Do you work for them or something? I went to their home page and I can't bring up anything on their products, just fluff about management and jobs. Not even an old Wired article from 1999 gets me to a "products" page.
"...we dont care about the economics; we just want to be able to hack great stuff."
Sorry, but wiretaps really ARE expensive and aren't all that common. The tinfoil hat crowd may think the NSA/CIA/FBI is monitoring all of their phone and computer communications but, really, there just isn't the manpower or the time. I've heard the paranoids claim there is "s00per-s33kr1t" voice reconition to do automated monitoring, but based on what I know about computers and linguistics this just isn't currently possible.
Happy Fun Ball is for external use only.
The numbers for FISA taps are available for 2001. The 2002 numbers aren't available yet.
Interesting post on this from Orin Kerr, a law professor at George Washington.