Slashdot Mirror

← Back to Stories (view on slashdot.org)

2002 US Wiretap Report

Posted by michael on from the STU-III dept.

GMontag writes "Full report:2002 WIRETAP REPORT Administrative Office of the United States Courts Leonidas Ralph Mecham, Director I especially like this part: 'Public Law 106-197 amended 18 U.S.C. 2519(2)(b) to require that reporting should reflect the number of wiretap applications granted for which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders. Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.'"

18 of 264 comments (clear)

  1. Encryption by Verteiron · · Score: 4, Insightful

    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    So are we talking ROT13 here, or real encryption? Seems a little unnerving if it's the latter.

    --
    End of lesson. You may press the button.
  2. Read carefully by Shimmer · · Score: 4, Interesting

    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted

    Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

    -- Brian

    --
    The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.
    1. Re:Read carefully by stratjakt · · Score: 5, Insightful

      Could be a ton of things.

      Could be that they got one end of the transmission to roll over on his buddy and hand out the plain text, this seems most likely. All the tough guy criminals squeal like little piggies when a DA starts talking about jail time.

      Could be they got the password to decrypt the wiretaps, or the plain text, through normal policework (like a warrant to search the PC). The fact that guy A is talking to known crime figure B is probably enough for such a warrant, regardless of whether its known what they said.

      I mean, if somethings encrypted on the wire, then it was plaintext when it went in, and when it came out. I'd think most detectives would try another angle before they sat around trying to brute force decrypt a transmission.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Read carefully by Tackhead · · Score: 4, Informative
      > > however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted
      >
      >Does this mean that all the communications were successfully decrypted? Or maybe it just means that failures were not reported?

      Yes, it means all of the communications were successfully decrypted. It does not mean that failures were not reported.

      It is (deliberately) vague about whether decryption was done by s00per-s33kr1t quantum computers on Mars, or if it was done by using other methods to compromise the suspect's password, passphrase, key, or leaked transmissions of plaintext. I don't have a need to know, but I would suspect the latter is the more likely possibility. The weakest link in any cryptosystem is the moron behind the keyboard.

      I would point out that we're still barely talking about double digit numbers of wiretaps here. ("16", "18")

      Those of you with nightmares about everybody in the US being tapped can move along, because there's very little to see. While it may be possible to do such a thing, it would still be prohibitively expensive. Not just in terms of computing gear (which is getting cheaper and always will get cheaper), but in terms of manpower (which ain't any cheaper, and ain't gonna get any cheaper) to analyze it.

  3. Indeedyay... by Hayzeus · · Score: 4, Funny
    however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

    ... it'say orthway ememberingray atthay igpay atinlay isay ayay esslay anthay idealay ormfay ofyay encriptionay.

    --

    Roving Web-Teleoperated Robot
  4. An interesting number by truthsearch · · Score: 4, Interesting

    For those who don't RTFA, here's one interesting number: Average cost per intercept order = $54,586

    I don't see any reference to how the number is determined, like if it includes parts of salaries for employees.

    --
    Developers: We can use your help.
  5. Public Report by Jim+Buzbee · · Score: 5, Insightful

    Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?

    1. Re:Public Report by limekiller4 · · Score: 5, Insightful

      Jim Buzbee writes:
      "Make what you will about this report, but consider this for a moment: In what other country in the world would this report ever see the light of day?"

      Oo! I know! A country whose government realized a long time ago that they could fool 99% of the population -- and simultaneously marginlize the remainder as leftists -- by releasing just enough and/or falsified data to make people think this is evidence of an open government?

      Am I right? Do I get a lolipop?

      Iran-Contra taught me everything I needed to know about the government's willingness to not only lie to the people and Congress itself but to be proud of doing so. For those who don't remember all the details, this was Oliver North being directed by Ronald Reagan to sell arms to Iran (despite a Congressional ban) and using the proceeds to fund the South American Contras (which was also specifically banned by Congress by way of the Boland Amendment). The Contras were fighting the Sandinistas, a democratically-elected government that wasn't kissing our ass).

      Don't get me wrong here... I'm not claiming this data is either falsified or incomplete. But claiming that because we've recieved something from the government is prima facie evidence that we have a government that puts us before it's own perceived interests is nothing short of hilarious.

      --
      My .02,
      Limekiller
  6. Re:Stupid bad guys. by Skyshadow · · Score: 4, Interesting
    Those bad guys really need to learn how to use some real encryption.

    I tend to believe that the government is able to either break or circumvent levels of encryption at a much higher level than commonly thought. I mean, it's entirely possible that old devices were being used for communication, but it seems to be if you're going to be cautious enough to encrypt comms at least one or two would have done it properly.

    I wonder: If encryption on the line prevents a court-ordered wiretap from obtaining useful information, is that enough cause to, say, break in and bug the room? The wording of the statement seems to suggest that...

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  7. How was the plain text obtained? by _bug_ · · Score: 5, Insightful

    You've got two ends of the pipe where the data winds up as plaintext. If either end was compromised, as would seem to be the case, then there's no need to worry about cracking the ciphertext.

    It's not the encryption algorithm or perhaps even the implementation that's weak. It's how the user manages his or her data.

  8. Re:Stupid bad guys. by koehn · · Score: 4, Insightful

    Believe me, right now I'm more worried about the bad guys getting my passwords than law enforcement. The bad guys might know what to do with the data I send around, law enforcement can't touch it without going to jail themselves. I'll keep using SSH, thank you very much.

    I do find it interesting that most of the taps had to do with narcotics... what passwords do drug dealers use that are easy to guess?

  9. Steganography, anyone? by sssmashy · · Score: 4, Interesting

    Given that the average cost of a federal wiretap in 2002 was $75,659, I imagine there was a strong incentive for gov't wiretappers to get their money's worth. And given the feds' almost unparalleled codebraking resources, it would take pretty solid encryption to sneak one past them.

    The supposed 100% success ratio in cracking encrypted communications is most likely because the individuals under surveillance (mainly drug smugglers and organized crime) lack the sophistication necessary to match wits with the feds.

    I'd assume that the most elite, technically savvy criminals out there don't get caught by law enforcement wiretapping, for two reasons:

    1. They are subtle enough that they never even come under suspicion, and are thus not under surveillance.

    2. They are smart enough to communicate in ways that are not easily intercepted by the feds: private couriers, simple signals that were agreed upon in advance, etc.. Those that rely on electronic communications probably use steganography or other means to disguise the fact that a "message" is even being sent. Let's face it, a suspected drug dealer sending a simple, encrypted text message may as well be waving a big red flag and shouting: "look at me! I've got something to hide!"

  10. Interesting tables. by RealAlaskan · · Score: 4, Interesting
    Take a look here. You'll see that there have been very few wiretaps on pagers, fac's machines and computers (59 total in 2002). The two groups doing that sort of tap are the Feds (17 taps) and the NYC Special Narcotics Bureau (24 taps). What do you want to bet that most of the NYC taps are drug dealer's pagers? So, wire-tapping computers doesn't seem to be a wide-spread practice.

    Another interesting table is this one. It gives $/tap. The average cost is over $50K. That suggests that a wiretap is going to take a big bite out of almost any agency's budget (average cost for the Feds is $75K). The cost may be the best protection of our privacy. Certainly it seems a better bet than the judiciary.

    Finally, there is the table which shows arrests and convictions. Slightly over half of the arrests related to wiretaps result in convictions. Does anyone know how that compares to investigations without wiretaps? It suggests that more than half of the wiretaps were in response to some broken law. Hopefully they were good laws, rather than DMCA-style disasters.

    In short, one could almost imagine that the folks in the tin-foil hats are crazy to worry about the cops tapping their computers.

    --
    See what I've been reading.
  11. Re:IN SOVIET RUSSIA... by gerardrj · · Score: 4, Insightful

    Your right... in the U.S. They'd decrypt the message with you during a 20 year to life term in a maximum security prison without ever charging you with anything or giving you a trial by your peers.

    The decryption sessions would occur in a a small dark room where you would be "inconvienenced" and "annoyed" and "harrased" by being forced to stand for LONG periods of time, having food and water withheld, being locked in a 3x3 room with no human contact for weeks on end, being woken up at random times just to be asked a question hoping that in a sleepy state you might divulsge something, having sound payed and near painful levels for hours/days on end.

    Yea... the U.S. system is SOOO much better than the old Soviet system. At least the Soviets had the balls to make it common knowledge what they did, you knew what to expect. Here in the U.S. the government pussyfoots around the issue and makes you think that the "interviewees" are treated just like you and I when questioned by the local beat cop.

    --
    Article X: The powers not delegated... by the Constitution...are reserved...to the people
  12. Re:PATRIOT Act and Freedom by Steve+B · · Score: 5, Insightful
    Since the PATRIOT Act was signed into law, how many terrorist attacks have we had? None. Zero.
    Homer: Not a bear in sight. The Bear Patrol must be working like a charm.
    Lisa: That's specious reasoning, Dad.
    Homer: Thank you, dear.
    Lisa: By your logic I could claim that this rock keeps tigers away.
    Homer: Oh, how does it work?
    Lisa: It doesn't work.
    Homer: Uh-huh.
    Lisa: It's just a stupid rock.
    Homer: Uh-huh.
    Lisa: But I don't see any tigers around, do you?
    Homer: Lisa, I want to buy your rock.
    --
    /. If the government wants us to respect the law, it should set a better example.
  13. well, not really. by SolemnDragon · · Score: 4, Informative
    Lie detectors don't work. THat is to say, they work, some of the time, when the person doing the lie detecting knows that there's a lie to detect. The problem with lie detectors... *cough* Fine. Let me rephrase that. There are a number of problems with lie detection equipment, and here are some of them.

    the polygraph is not a lie detector. A polygraph actually records a number of different signals. Respiration, persperation... A polygraph only detects your output, not your internal processes. That may eventually change with walk-through brain scanners at the airports...

    The polygraph operator may be thoroughly trained to interpret this data, or they might simply have bought a polygraph and hired themselves out immediately. Training and certification varies greatly from state to state. It's claimed that they measure 'deceptive reactions' pretty well, (bear in mind that they also run on Windows..No, i'm not kidding.) If you really believe what you're saying, a polygraph won't pick that up. But on the other hand, it might. I would say that the jury's out on their effectiveness, but they don't let polygraph results anywhere near a jury. (we'll get to that.) Dweceptive behaviour is not the same as lying. If you give a patently false answer to every question, it messes with the baseline. If you give honest answers that mislead, it may or may not pick them up. If you tell the truth but think about something bad you've done lately, you might get a false positive. It's that messy.

    Voice analysers promise similar results- the ability to pick up changes in a person's voice, microtremors, when deceptive intent creeps in... but have also been shown to be faulty. And then shown to be fine. And then faulty again. And so on.

    The supreme court has ruled that polygraph tests can be administered- but that the data may not be used as evidence in court. Although it is illegal to make a polygraph test part of the private industry hiring practice, the feds can do this all they want, and are expanding their activities in this regard as more sophisticated, digital equipment becomes available.

    It's more likely that brain imaging will evolve to replace the polygraph- and even then, it probably won't be 100%. There will always be those who can believe what they are saying to be true. It's all about confidence. So to answer the question- yes, they could try, but they might not be able to get anything useful from it, and if you know enough about how they work, you could give them enough false positives that they'd never work it out. Then they'd simply get a court order to bug your keyboard instead, out of sheer frustration. Unless you were deemed a REAL threat to national security- in which case they import you to egypt for 'questioning...'

    sorry if i sound pessimistic. But the answer is that if it's that important, they'll use something more proven than a polygraph....

    --
    "I'd say 'Have a good time,' but arson is still illegal.
  14. Misdirection; answer is elsewhere by Spamalamadingdong · · Score: 4, Insightful
    There is a simple and obvious reason for the decrease in reported Federal wiretaps:
    No statistics are available on the number of devices installed for each authorized order. This report does not include interceptions regulated by the Foreign Intelligence Surveillance Act of 1978 (FISA).
    The obvious explanation is that the agents have knocked so many holes in the "Chinese Wall" between domestic criminal surveillance and foreign snooping that they just ask the guys on the foreign side (where they don't need no steenking warrants) rather than troubling a judge.

    Or maybe I just need to check the shielding on my tinfoil hat, but history says that the above is probably much closer to the truth than anyone in the administration wants to admit.

    --
    Scientists restrict study to entire physical universe; creationist
  15. chaffing and winnowing by stdarg · · Score: 5, Interesting

    Has anybody read about chaffing and winnowing? (http://theory.lcs.mit.edu/~rivest/chaffing.txt) What is its strength compared to normal encryption?

    Anyway, the reason I was wondering is all the comments about extracting passwords from people. What would happen if something were encrypted in a way that different passwords revealed different content? It would be trivial with chaffing and winnowing, but I'm sure it could work with other types of encryption.

    The key idea is that of plausible deniability. Say you interleave three streams of data: the real stuff, the decoy stuff, and some random garbage to mess with messages sizes. If you can give 'them' the password for the decoy stuff, and it works, aren't you pretty much off the hook?