Slashdot Mirror

← Back to Stories (view on slashdot.org)

2002 US Wiretap Report

Posted by michael on from the STU-III dept.

GMontag writes "Full report:2002 WIRETAP REPORT Administrative Office of the United States Courts Leonidas Ralph Mecham, Director I especially like this part: 'Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.'"

33 of 264 comments (clear)

  1. Encryption by Verteiron · · Score: 4, Insightful

    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    So are we talking ROT13 here, or real encryption? Seems a little unnerving if it's the latter.

    --
    End of lesson. You may press the button.
    1. Re:Encryption by Anonymous Coward · · Score: 3, Insightful

      Doesn't really matter. Theres no industrial strength encryption for telephones readily available that hasnt been defeated these days, and as for electronic communications... PGP doesn't help you one whit when the feds slip into your house at night and plant a keysniffer to get your private key/pass phrase -- and they will.

    2. Re:Encryption by Finni · · Score: 3, Insightful

      How does 10 years of experience translate into knowing about the hardware bug they slipped into your keyboard?

    3. Re:Encryption by jackdoodle · · Score: 3, Interesting

      It's almost as if you can read the air quotes around the word 'encryption'...you can assume that even if it is military grade encryption, the NSA knows how to crack it, via back doors or otherwise. After all they were in on DES from the beginning, and had a hand in selecting Rijndael as the new AES.

      From an American Mathematical Society report, for instance:
      "NIST's evaluation used published research from academic and industry experts and private advice from the National Security Agency (NSA)." Gee, I wonder what kind of 'advice' they gave...

  2. FYI - Starium 100 TripleDES bump in the line by wherley · · Score: 3, Informative

    Here it is.

  3. Read carefully by Shimmer · · Score: 4, Interesting

    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted

    Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

    -- Brian

    --
    The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
    1. Re:Read carefully by stratjakt · · Score: 5, Insightful

      Could be a ton of things.

      Could be that they got one end of the transmission to roll over on his buddy and hand out the plain text, this seems most likely. All the tough guy criminals squeal like little piggies when a DA starts talking about jail time.

      Could be they got the password to decrypt the wiretaps, or the plain text, through normal policework (like a warrant to search the PC). The fact that guy A is talking to known crime figure B is probably enough for such a warrant, regardless of whether its known what they said.

      I mean, if somethings encrypted on the wire, then it was plaintext when it went in, and when it came out. I'd think most detectives would try another angle before they sat around trying to brute force decrypt a transmission.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Read carefully by Tackhead · · Score: 4, Informative
      > > however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted
      >
      >Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

      Yes, it means all of the communications were successfully decrypted. It does not mean that failures were not reported.

      It is (deliberately) vague about whether decryption was done by s00per-s33kr1t quantum computers on Mars, or if it was done by using other methods to compromise the suspect's password, passphrase, key, or leaked transmissions of plaintext. I don't have a need to know, but I would suspect the latter is the more likely possibility. The weakest link in any cryptosystem is the moron behind the keyboard.

      I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")

      Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see. While it may be possible to do such a thing, it would still be prohibitively expensive. Not just in terms of computing gear (which is getting cheaper and always will get cheaper), but in terms of manpower (which ain't any cheaper, and ain't gonna get any cheaper) to analyze it.

    3. Re:Read carefully by GMontag · · Score: 3, Insightful

      The main reason that I included that passage in the story was because it appears that no investigation was thwarted by encryption.

      Point being, all of this claptrap on restricting encryption is just that, meaningless nonsense.

      If encryption were creating a real problem for law enforcement then there would be some number of un-decripted messages to account for and I would not assume even that would create a problem in each instance.

      --
      Eve Fairbanks says I drive a hybrid!LOL
  4. Indeedyay... by Hayzeus · · Score: 4, Funny
    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    ... it'say orthway ememberingray atthay igpay atinlay isay ayay esslay anthay idealay ormfay ofyay encriptionay.

    --

    Roving Web-Teleoperated Robot
  5. An interesting number by truthsearch · · Score: 4, Interesting

    For those who don't RTFA, here's one interesting number: Average cost per intercept order = $54,586

    I don't see any reference to how the number is determined, like if it includes parts of salaries for employees.

    --
    Developers: We can use your help.
  6. Public Report by Jim+Buzbee · · Score: 5, Insightful

    Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?

    1. Re:Public Report by limekiller4 · · Score: 5, Insightful

      Jim Buzbee writes:
      "Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?"

      Oo! I know! A country whose government realized a long time ago that they could fool 99% of the population -- and simultaneously marginlize the remainder as leftists -- by releasing just enough and/or falsified data to make people think this is evidence of an open government?

      Am I right? Do I get a lolipop?

      Iran-Contra taught me everything I needed to know about the government's willingness to not only lie to the people and Congress itself but to be proud of doing so. For those who don't remember all the details, this was Oliver North being directed by Ronald Reagan to sell arms to Iran (despite a Congressional ban) and using the proceeds to fund the South American Contras (which was also specifically banned by Congress by way of the Boland Amendment). The Contras were fighting the Sandinistas, a democratically-elected government that wasn't kissing our ass).

      Don't get me wrong here... I'm not claiming this data is either falsified or incomplete. But claiming that because we've recieved something from the government is prima facie evidence that we have a government that puts us before it's own perceived interests is nothing short of hilarious.

      --
      My .02,
      Limekiller
  7. Wow, another number by truthsearch · · Score: 3, Informative

    I just noticed that for the NY Organized Crime Task Force's 7 intercepts, the average cost was $886,999. Yet for Special Narcotics it's only $8747. I suppose it's due to the duration of the intercepts.

    --
    Developers: We can use your help.
  8. Re:Stupid bad guys. by Skyshadow · · Score: 4, Interesting
    Those bad guys really need to learn how to use some real encryption.

    I tend to believe that the government is able to either break or circumvent levels of encryption at a much higher level than commonly thought. I mean, it's entirely possible that old devices were being used for communication, but it seems to be if you're going to be cautious enough to encrypt comms at least one or two would have done it properly.

    I wonder: If encryption on the line prevents a court-ordered wiretap from obtaining useful information, is that enough cause to, say, break in and bug the room? The wording of the statement seems to suggest that...

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  9. How was the plain text obtained? by _bug_ · · Score: 5, Insightful

    You've got two ends of the pipe where the data winds up as plaintext. If either end was compromised, as would seem to be the case, then there's no need to worry about cracking the ciphertext.

    It's not the encryption algorithm or perhaps even the implementation that's weak. It's how the user manages his or her data.

  10. Form the report by Timesprout · · Score: 3, Interesting

    It looks like there were some 1350 odd state and federal authorised wiretaps. Anyone have any idea how credible this number is? Colour me paranoid but in the current climate I would have expected a much higher number. Or have I just misread the report (OK I admit I only glanced at it)

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  11. Re:Hey by Skyshadow · · Score: 3, Insightful
    Either way, it's probably easier just to sniff the keyboard or bug the encrypted phone.

    Easier, sure, but also a helluva lot more detectible. You gotta figure that anytime you have a local device, you're running a pretty high risk of getting caught given that you (a) have to place it, (b) have to have something physically there that might be found, and (c) it has to transmit data out somehow. Tapping a line at the phone company has none of these drawbacks.

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  12. They probably got the keys from the users by RhettLivingston · · Score: 3, Insightful

    10 to 1, they either found other evidence to force the users to voluntarily cough up the keys, got a warrant to put a sniffer on the user's keyboard in the case of computer communications and then retrieved the keys from the computer after they got the password, or they physically copied the encryption keys out of the phones in the case of encrypting phones.

    I've always wondered if they can get a password from you involuntarily by just hooking you up to a lie detector and asking questions like, "is the first letter a vowel? Is it 'A'? Is it 'E'? Is the second letter a number?... etc.

    Anyway, most encryption is pretty useless if the cracker can own the machine or its keyboard for a while without the user's knowledge and almost all of it is useless if you own the user.

  13. Re:Stupid bad guys. by koehn · · Score: 4, Insightful

    Believe me, right now I'm more worried about the bad guys getting my passwords than law enforcement. The bad guys might know what to do with the data I send around, law enforcement can't touch it without going to jail themselves. I'll keep using SSH, thank you very much.

    I do find it interesting that most of the taps had to do with narcotics... what passwords do drug dealers use that are easy to guess?

  14. Steganography, anyone? by sssmashy · · Score: 4, Interesting

    Given that the average cost of a federal wiretap in 2002 was $75,659, I imagine there was a strong incentive for gov't wiretappers to get their money's worth. And given the feds' almost unparalleled codebraking resources, it would take pretty solid encryption to sneak one past them.

    The supposed 100% success ratio in cracking encrypted communications is most likely because the individuals under surveillance (mainly drug smugglers and organized crime) lack the sophistication necessary to match wits with the feds.

    I'd assume that the most elite, technically savvy criminals out there don't get caught by law enforcement wiretapping, for two reasons:

    1. They are subtle enough that they never even come under suspicion, and are thus not under surveillance.

    2. They are smart enough to communicate in ways that are not easily intercepted by the feds: private couriers, simple signals that were agreed upon in advance, etc.. Those that rely on electronic communications probably use steganography or other means to disguise the fact that a "message" is even being sent. Let's face it, a suspected drug dealer sending a simple, encrypted text message may as well be waving a big red flag and shouting: "look at me! I've got something to hide!"

  15. Interesting tables. by RealAlaskan · · Score: 4, Interesting
    Take a look here. You'll see that there have been very few wiretaps on pagers, fac's machines and computers (59 total in 2002). The two groups doing that sort of tap are the Feds (17 taps) and the NYC Special Narcotics Bureau (24 taps). What do you want to bet that most of the NYC taps are drug dealer's pagers? So, wire-tapping computers doesn't seem to be a wide-spread practice.

    Another interesting table is this one. It gives $/tap. The average cost is over $50K. That suggests that a wiretap is going to take a big bite out of almost any agency's budget (average cost for the Feds is $75K). The cost may be the best protection of our privacy. Certainly it seems a better bet than the judiciary.

    Finally, there is the table which shows arrests and convictions. Slightly over half of the arrests related to wiretaps result in convictions. Does anyone know how that compares to investigations without wiretaps? It suggests that more than half of the wiretaps were in response to some broken law. Hopefully they were good laws, rather than DMCA-style disasters.

    In short, one could almost imagine that the folks in the tin-foil hats are crazy to worry about the cops tapping their computers.

    --
    See what I've been reading.
  16. Old joke: "Need a job?" by Tackhead · · Score: 3, Funny
    "NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one."

    - [source unknown, seen in .sig files for at least 10 years]

  17. Re:IN SOVIET RUSSIA... by gerardrj · · Score: 4, Insightful

    Your right... in the U.S. They'd decrypt the message with you during a 20 year to life term in a maximum security prison without ever charging you with anything or giving you a trial by your peers.

    The decryption sessions would occur in a a small dark room where you would be "inconvienenced" and "annoyed" and "harrased" by being forced to stand for LONG periods of time, having food and water withheld, being locked in a 3x3 room with no human contact for weeks on end, being woken up at random times just to be asked a question hoping that in a sleepy state you might divulsge something, having sound payed and near painful levels for hours/days on end.

    Yea... the U.S. system is SOOO much better than the old Soviet system. At least the Soviets had the balls to make it common knowledge what they did, you knew what to expect. Here in the U.S. the government pussyfoots around the issue and makes you think that the "interviewees" are treated just like you and I when questioned by the local beat cop.

    --
    Article X: The powers not delegated... by the Constitution...are reserved...to the people
  18. Re:Hey by FroMan · · Score: 3, Funny

    You ceratinly don't want to be sniffing my keyboard. I have like 5 years of cheerios and milk and other food living/dying in there. I have it willed to science when I die. Granted the longer I use the keyboard the better chance I have of being killed by it. Like last night it went out on the town and didn't come back until the wee hours of the morning all tipsy and drunk. Damn, I think my keyboard has a better social life than my wife and I. Just to reiterate, my keyboard is not safe to sniff. So, any FBI agents, just be careful around my keyboard. And wear nasal protection if you try to smell it.

    --
    Norris/Palin 2012
    Fact: We deserve leaders who can kick your ass and field dress your carcass.
  19. Re:PATRIOT Act and Freedom by Steve+B · · Score: 5, Insightful
    Since the PATRIOT Act was signed into law, how many terrorist attacks have we had? None. Zero.
    Homer: Not a bear in sight. The Bear Patrol must be working like a charm.
    Lisa: That's specious reasoning, Dad.
    Homer: Thank you, dear.
    Lisa: By your logic I could claim that this rock keeps tigers away.
    Homer: Oh, how does it work?
    Lisa: It doesn't work.
    Homer: Uh-huh.
    Lisa: It's just a stupid rock.
    Homer: Uh-huh.
    Lisa: But I don't see any tigers around, do you?
    Homer: Lisa, I want to buy your rock.
    --
    /. If the government wants us to respect the law, it should set a better example.
  20. well, not really. by SolemnDragon · · Score: 4, Informative
    Lie detectors don't work. THat is to say, they work, some of the time, when the person doing the lie detecting knows that there's a lie to detect. The problem with lie detectors... *cough* Fine. Let me rephrase that. There are a number of problems with lie detection equipment, and here are some of them.

    the polygraph is not a lie detector. A polygraph actually records a number of different signals. Respiration, persperation... A polygraph only detects your output, not your internal processes. That may eventually change with walk-through brain scanners at the airports...

    The polygraph operator may be thoroughly trained to interpret this data, or they might simply have bought a polygraph and hired themselves out immediately. Training and certification varies greatly from state to state. It's claimed that they measure 'deceptive reactions' pretty well, (bear in mind that they also run on Windows..No, i'm not kidding.) If you really believe what you're saying, a polygraph won't pick that up. But on the other hand, it might. I would say that the jury's out on their effectiveness, but they don't let polygraph results anywhere near a jury. (we'll get to that.) Dweceptive behaviour is not the same as lying. If you give a patently false answer to every question, it messes with the baseline. If you give honest answers that mislead, it may or may not pick them up. If you tell the truth but think about something bad you've done lately, you might get a false positive. It's that messy.

    Voice analysers promise similar results- the ability to pick up changes in a person's voice, microtremors, when deceptive intent creeps in... but have also been shown to be faulty. And then shown to be fine. And then faulty again. And so on.

    The supreme court has ruled that polygraph tests can be administered- but that the data may not be used as evidence in court. Although it is illegal to make a polygraph test part of the private industry hiring practice, the feds can do this all they want, and are expanding their activities in this regard as more sophisticated, digital equipment becomes available.

    It's more likely that brain imaging will evolve to replace the polygraph- and even then, it probably won't be 100%. There will always be those who can believe what they are saying to be true. It's all about confidence. So to answer the question- yes, they could try, but they might not be able to get anything useful from it, and if you know enough about how they work, you could give them enough false positives that they'd never work it out. Then they'd simply get a court order to bug your keyboard instead, out of sheer frustration. Unless you were deemed a REAL threat to national security- in which case they import you to egypt for 'questioning...'

    sorry if i sound pessimistic. But the answer is that if it's that important, they'll use something more proven than a polygraph....

    --
    "I'd say 'Have a good time,' but arson is still illegal.
  21. Misdirection; answer is elsewhere by Spamalamadingdong · · Score: 4, Insightful
    There is a simple and obvious reason for the decrease in reported Federal wiretaps:
    No statistics are available on the number of devices installed for each authorized order. This report does not include interceptions regulated by the Foreign Intelligence Surveillance Act of 1978 (FISA).
    The obvious explanation is that the agents have knocked so many holes in the "Chinese Wall" between domestic criminal surveillance and foreign snooping that they just ask the guys on the foreign side (where they don't need no steenking warrants) rather than troubling a judge.

    Or maybe I just need to check the shielding on my tinfoil hat, but history says that the above is probably much closer to the truth than anyone in the administration wants to admit.

    --
    Scientists restrict study to entire physical universe; creationist
  22. chaffing and winnowing by stdarg · · Score: 5, Interesting

    Has anybody read about chaffing and winnowing? (http://theory.lcs.mit.edu/~rivest/chaffing.txt) What is its strength compared to normal encryption?

    Anyway, the reason I was wondering is all the comments about extracting passwords from people. What would happen if something were encrypted in a way that different passwords revealed different content? It would be trivial with chaffing and winnowing, but I'm sure it could work with other types of encryption.

    The key idea is that of plausible deniability. Say you interleave three streams of data: the real stuff, the decoy stuff, and some random garbage to mess with messages sizes. If you can give 'them' the password for the decoy stuff, and it works, aren't you pretty much off the hook?

    1. Re:chaffing and winnowing by angst_ridden_hipster · · Score: 3, Interesting

      Check out the "Rubber Hose Filesystem" for other approaches to this idea: http://www.rubberhose.org/

      --
      Eloi, Eloi, lema sabachtani?
      www.fogbound.net
  23. Re:PATRIOT Act and Freedom by pmz · · Score: 3, Insightful

    Lisa: But I don't see any tigers around, do you?
    Homer: Lisa, I want to buy your rock.

    Additionally, given the immense inertia of the government, could the Patriot Act even have an effect by now? My guess is that any successful intercepts of terrorist plans recently are still done the same way they would have been done five or ten years ago.

    A good example of the inertia would be the Department of Homeland Security. They are progressing towards their goals, but I wouldn't be suprised if another decade goes by before any changes have really become effective. There are just too many people, too many departments, too many systems, etc.

    --
    Healthcare article at Kuro5hin
  24. Re:Dumb question by Cthefuture · · Score: 3, Informative

    Not necessarily. Especially not when encrypting multiple times using the same algorithm. Read Bruce Schneier's "Applied Cryptography" book. Good stuff. He covers this question much better than I can answer here.

    Even when using multiple different algorithms there is a chance of weaking the whole thing. Depends on which algorithms you're using and how you're using them. I think you are generally safe using different known-good algorithms though (say 3DES then AES). I would not encrypt multiple times with the same algorithm unless it has been mostly proven to be more secure.

    --
    The ratio of people to cake is too big
  25. Re:And to make matters worse... by mahler3 · · Score: 3, Insightful
    The technicality that overturned Poindexter's appeal was that he'd testified under an immunity deal with Congress. So, the appellate court decision that kept him out of jail was on solid legal ground.

    That, however, does not mean that he wasn't guilty as sin; only that he can't legally be punished for it. In any event, under no circumstances should he be serving in a senior Pentagon position requiring any level of security clearance.