Interesting People mailing list archives
tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr
From: David Farber <>
Date: Mon, 4 Jul 1994 14:58:09 -0400
display a checksum of the key, and the users verify that their phones are in agreement. The only way for the intruder to fool them is to intercept the part of the call in which the first caller says, ``My display reads: `3C6E' '' and change it to ``My display reads: `5A00' '' so that the second caller, whose display reads 5A00, will assume that the two displays agree. That would require the interceptor to alter the conversation in real time, a challenge that is probably insurmountable at present. For example, see the explanation of the Diffie-Hellman Key Exchange at the beginning of this chapter. This is a public-key encryption method used for secure telephones. \item In fact, STU-III users are encouraged, if not expected, to rely on voice authentication too, since many organizations do issue keys which are not unique to the individual. \item NSA's Mosaic system, employing the CAPSTONE cryptographic chip in a `Tessera' PCMCIA card is an attempt to make this approach economical. See Chapter 7. \item This was a technique used by the Morris Worm of November 2, 1988, which attacked at least two thousand of the six thousand BSD UNIX computer systems on the Internet. It caused administrators to disable some Internet network connection sites for two or three days [SSSC, pg. 64]. \item The widely used NFS was developed at Sun Microsystems in the early 1980s. \item An early false prophet in this respect is a panel member, Whitfield Diffie, inventor of the concept of public key cryptography. In reports in 1978 [Diff-78] and 1979 [Diff-82] he predicted that it would become ubiquitous by the mid-1980s. \end{enumerate}} \newpage \chapter{ A Law Enforcement View of Encryption: The Problems } \framebox[5.25in][c]{ \begin{minipage}{5.0in} \noindent Vocabulary words:\\ \smallskip \noindent Electronic bug: A minature electronic device that overhears, broadcasts, or records a speaker's conversation. \smallskip \noindent Electronic communication: Any transfer of signs, signals, writing, image, sounds, data, or intelligence of any nature transmitted in whole or in part by wire, radio, electromagnetic, photoelectric or photooptical system. \smallskip \noindent Electronic surveillance: The interception of oral, wire, or electronic communication. \smallskip \noindent Wiretap: The interception of wire or electronic communication. \end{minipage}} \medskip \noindent Technology causes a constant rearrangement in the relationship between the criminal and the law. The advent of telecommunications enabled criminals to execute their plans more covertly. Once law enforcement learned how to listen in, officials could obtain information without placing themselves in danger. Wiretapping is a tool that diminishes the value of communications to criminals; cryptography is its potential counter. \newpage \begin{center} Wiretaps and the Law (pre-1968) \end{center} \noindent The Civil War demonstrated the value of eavesdropping on an opponent's telegraph communications; afterwards, law enforcement adopted wiretapping as a tool against crime. Its legality was unclear: some states passed legislation permitting wiretapping; others ignored it. The first Federal statute appeared in 1918, and permitted wiretapping during the First World War. Its use was restricted to counterespionage purposes. After the war, Federal agents used wiretaps to enforce Prohibition. This was challenged, and in 1928, a closely divided Supreme Court ruled in Olmstead v. United States [Olm] that the Fourth Amendment protected tangibles only, that conversation was an intangible, and that evidence from wiretaps did not constitute an unconstitutional search. Because a majority of the Justices believed no violation of the Fourth Amendment had occurred, they further posited that there was no compelled self-incrimination and consequently no violation of the Fifth Amendment. Justice Brandeis dissented. He eloquently argued that the right ``to be let alone'' by the government included such intangibles as conversation; in his view, the Fourth Amendment required a search warrant if a wiretap was to be used. In 1934 the Federal Communications Act (FCA), containing provisions prohibiting the interception and divulgence of wire or radio communications, was enacted. Through a series of cases, the Supreme Court ruled that information gained from wiretapping was not admissable as evidence in court. The Second World War changed the stakes, and President Roosevelt authorized wiretapping of foreign agents to protect the nation. Meanwhile, the Court treated searches using electronic bugs differently from those using wiretaps. In 1942, in Goldman v. United States [Gold], law enforcement officers placed a bugging device against a wall of an office adjacent to the suspect. The Supreme Court held that the FCA did not apply, as there were no ``communications'' or ``interceptions'' as defined by the statute. The Court ruled that absent physical trespass, searches employing electronic bugs were allowed under the Fourth Amendment. Later cases maintained this distinction. In 1954, in Irvine v. California [Irvi], the Court upheld a state court conviction based on evidence obtained by microphones concealed in walls of the defendants' homes. But in 1961, in Silverman v. United States [Silv], the Court ruled inadmissable evidence that had been obtained via a spike mike that had been driven through the wall of an apartment adjacent to that of the defendant. It was the beginning of a change. In 1967, the court dropped the distinction between searches conducted through wiretaps and those conducted through electronic bugs. That year, in Katz v. United States, the Court held that there was reasonable expectation of privacy in using a public phone booth, the public nature of the booth notwithstanding. The Fourth Amendment applied, and a search warrant was needed. The Court abandoned a protection of places in favor of a protection of people; specifically, what was to be protected was the privacy of the person and his or her communications. The Katz decision led to the current Federal wiretapping statutes. In 1968, organized crime was considered a serious national problem, and several Congressional and Executive Branch studies had concluded that the impenetrability of these criminal groups made electronic surveillance -- both wiretapping and bugs -- a necessary tool for law enforcement.\footnotemark \begin{center} Wiretaps and the Law (1968 and after) \end{center} \noindent In 1968, the Omnibus Crime Control and Safe Streets Act\footnotemark\ was passed; Title III of the Act established the basic law for interceptions performed for criminal investigations. Wiretaps are limited to the crimes specified in Title III; this list includes murder, kidnapping, extortion, gambling, counterfeiting, and sale of marijuana. Electronic surveillance does not come cheap: in 1993, the average cost of installing a wiretap and subsequently monitoring it was \$57,256 [AO-93]. A court order is required for the installation of a tap. The investigator draws up an affidavit showing there is probable cause to believe that the targeted communications device -- whether phone, fax, computer -- is being used to facilitate a crime. The crime must be serious and indictable. A government attorney must prepare an application for a court order, and approval must be by a member of the Justice Department no lower in rank than Deputy Assistant Attorney General. The application must be decided upon by a Federal District Court Judge. In order for a judge to approve a wiretap order, he must determine that (i) there is probable cause to believe that an individual is committing, or is about to commit, an indictable offense; (ii) there is probable cause to believe that communications about the offense will be obtained through the interception; (iii) normal investigative procedures have been tried and have either failed, or appear unlikely to succeed, or are too dangerous; and (iv) there is probable cause to believe that the facilities subject to surveillance are being used, or will be used, in the commission of the crime. Such requirements may be waived in an emergency, if an application for a court order is made within forty-eight hours. Any oral or wire communication intercepted in violation of Title III cannot be divulged.\footnotemark When a court order for a wiretap is approved, it is taken to the communications service provider for execution. Under Title III, the provider is required to assist in discharging the wiretap, and the provider is compensated for all expenses. Taps are approved for at most thirty days, with any extension needing a new court order. Based on Title III, thirty-seven states have passed statutes permitting wiretaps by state and local law enforcement officers for criminal investigations. By law, state acts must be at least as restrictive in their requirements as the Federal code; many are more so. Applications for wiretap orders at the state level are handled similarly to Federal ones. Much data is kept on electronic surveillance -- duration, number of persons intercepted, type of surveillance used, etc. -- for a variety of reasons, including the importance of having a careful record for legislators conducting oversight. Since 1968, when Title III was passed, there have been an average of approximately nine hundred Federal and state wiretaps annually. The number of conversations intercepted has increased, the number of nonincriminating conversations intercepted has increased; the number of incriminating conversations intercepted has remained the same. The arrest level has remained unchanged. More specifically, in data released by the Administrative Office of the U.S. Courts, the average annual number of incriminating conversations intercepted between 1968 and 1993 has remained between two and four hundred thousand, while the number of intercepted conversations has shown a steady increase from roughly four hundred thousand in 1968 to over 1.7 million in 1993. In 1993, for example, there were 976 court-ordered electronic surveillance orders, which resulted in the interception of 1.72 million conversations. By the end of 1993, there were over two thousand arrests as a result of this surveillance [AO-93].\footnotemark The Foreign Intelligence Surveillance Act, Title 50 USC,\footnotemark\ authorizes electronic surveillance for foreign intelligence. This act governs wire and electronic communications sent by or intended to be received by United States persons who are within the United States. (A U.S. person is defined to be a U.S. citizen, a permanent resident alien, or groups of such people.) FISA does not cover intercepts of U.S. persons who are overseas (unless the communications are with a U.S. person resident in the U.S.). Under FISA provisions, U.S. citizens could be subject to surveillance if they are aiding and abetting international terrorism. A court order is normally required for a FISA wiretap, but there are two exceptions. Following a declaration of war, the President, through the Attorney General, can authorize a wiretap for foreign intelligence purposes for up to fifteen days without a court order. The other exception can occur if the communications are exclusively between foreign powers or involve intelligence other than spoken communications from a location under the exclusive control of a foreign power. FISA wiretap orders are granted by a special court, consisting of seven judges appointed by the Chief Justice of the United States. Applications for a court order are made by a federal officer, and require approval by the Attorney General. Semiannually the Attorney General must inform the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence of all wiretap activity. Although information on FISA wiretaps is classified, the Attorney General is required to give the Administrative Office of the United States Courts an annual report on the number of FISA applications and orders. Since 1979, there have been an average of slightly over five hundred FISA wiretap orders annually [AG-FISA].\footnotemark\ As of 1988, over four thousand requests had been made by the government for surveillance under FISA; none had been turned down [Cinq]. \begin{center} Wiretaps as a Tool of Law Enforcement \end{center} \noindent The law enforcement community views wiretaps as essential. Such surveillance not only provides information unobtainable by other means; it also yields evidence that is considered more reliable and probative than any that can be secured by other methods of investigation. Members of the law enforcement community argue that wiretapping is indispensable in certain cases [Freeh, pg.7]. According to the FBI, the hierarchy of the Cosa Nostra has had severe setbacks due to the use of electronic surveillance [Freeh, pg.8].\footnotemark\ Almost two-thirds of all court orders for wiretaps are for drug cases; the FBI believes the tool is essential in those situations [Denn]. With the help of wiretaps, an FBI investigation into the importation and distribution of \$1.6 billion of heroin by the Sicilian Mafia and the Cosa Nostra resulted in the indictment of 57 high-level drug traffickers in the United States, and five in Italy [Denn]. FBI Director Louis Freeh recently testified to Congress about an organized crime scheme to skim gasoline excise taxes, foiled by evidence obtained through wiretaps. Fourteen individuals have been charged with defrauding the governments of the United States and New Jersey of \$60 million in tax revenues; four convictions have occurred to date [Freeh, pg. 16]. Wiretapping is an important investigative technique in cases where the crime is partially hidden. In cases of governmental corruption, such taps are often the only way to uncover aspects of the crime as well as the participants in it. The recent procurement scandal, ``ILL-WIND,'' involving members of the Department of Defense and military contractors, has led to sixty-four convictions and \$271 million in fines, restitutions, and recoveries ordered; according to law enforcement critical evidence was uncovered through wiretaps [Denn]. The detection of other forms of governmental corruption may also rely on wiretaps: John Kaye, Prosecutor for Monmouth County, New Jersey, reported that wiretap evidence accounted for almost every police officer who has been indicted in the county [Kaye]. In a recent case of Medicare/Medicaid fraud seventy-nine individuals were convicted or pleaded guilty; much of the evidence came from wiretaps [Freeh, pg. 15]. Nonetheless, it is difficult to prove the efficacy of wiretapping. There is no way to know in every case what ultimately led to a conviction. Although hearing a defendant participate in criminal conduct undoubtedly influences a jury, it may be impossible to know what would have occurred without that particular evidence. In the period 1985-1991, the FBI reported that court-ordered taps conducted by the Bureau formed part of the evidence that led to 7,324 convictions, almost \$300 million in fines levied, and over \$750 million in recoveries, restitutions, and court-ordered forteitures [Denn]. Since the FBI conducts fewer than one-third of the non-FISA wiretap cases, it can be assumed that the numbers above would be substantially higher if all such surveillance were taken into account. While the number of taps is small, many people in the law enforcement community view wiretaps as essential to effective law enforcement. The FBI argues that such surveillance attacks the captains of the crime industry, goes after government corruption, and performs important antiterrorist functions. Not surprisingly, the law enforcement community views with great trepidation the introduction of nonescrowed strong cryptography into public electronic communications systems. \begin{center} Technology and the Ability to Tap \end{center} Off-the-shelf encryption technology may provide an easy way for lawbreakers to foil criminal investigative work. Even with a court order, law enforcement investigators might find it impossible to ``listen in'' to criminals' communications. The law enforcement community has already expressed concern that technological developments will impede its ability to intercept communications. In March 1992, the FBI prepared a Digital Telephony proposal for Congress; the proposal would have required providers of electronic communications services to ensure that advanced switching technology would not hinder the government in conducting legally authorized wiretap searches. A new proposal was submitted in March 1994; the Digital Telephony proposals are discussed in more detail in Chapter 6. Cryptographic protection of communications presents a difficult problem for the law enforcement community. Neither they nor computer security experts in academia and private industry advocate easy-to-break cryptography as a solution. So much economic activity occurs through electronic networks that weak cryptographic schemes -- whether for banks, airlines, hospitals, or corporations -- would seriously endanger the United States. The Willie Sutton model suggests that today's malicious hackers will be followed by professional criminals. Considered from a law enforcement perspective, what is needed is strong cryptography that protects the nation's communications infrastructure but that does not simultaneously imperil the government's ability to comprehend intercepted communications -- when law enforcement comes armed with a court order. \newpage \begin{center} Notes \end{center} {\small \begin{enumerate} \item The history of wiretap is based on information from [NWCCS]. \item This is 18 USC \S 2510-21. \item However, electronic communications intercepted in violation of Title III may be received in evidence (18 USC \S 2515). \item Under Title III requirements, all electronic-surveillance court orders must be reported upon -- even if the surveillance was ultimately not undertaken. However not all reports are filed. In order to determine the number of intercepted calls for 1993, we used 959 as the number of electronic-surveillance orders. This was derived from 976 (= number of court authorizations for electronic surveillance) - 17 (= number of surveillances that were never installed). \item This is the Foreign Intelligence Surveillance Act, Title 50 USC \S1801-1811. \item The discussion of current wiretap law is based on information from [DDKM]. \item Although not all electronic surveillance takes the form of wiretaps, the vast majority of electronic-surveillance court orders are for telephone wiretaps. For example, in 1993, there were 976 authorizations for electronic surveillance. Prosecutors did not submit reports on 21 of those cases, and there were also 17 court-authorized orders which did not result in electronic surveillance. Of the remaining 938 court authorizations, there were: 679 telephone taps, 55 electronic bugs, 141 electronic taps, and 63 combination taps [AO-93, pg. 21]. However, many important cases that used electronic surveillance rested on evidence obtained through electronic bugs and not through wiretaps; the John Gotti [Blum] and John Stanfa [Caba] cases are two such examples. \end{enumerate}} \newpage \chapter{ A National Security View of Encryption: The Complexities } \framebox[5.25in][c]{ \begin{minipage}{5.0in} \noindent Vocabulary words: \smallskip \noindent Dual-use technology: Technology which has both military and commercial applications. \smallskip \noindent Real-time system: A real-time system is a system in which operations are expected to complete by specified deadlines. \end{minipage}} \medskip \noindent In the context of national security, public availability of strong cryptography is a double-edged sword. Strong cryptography protects U.S. commerce and enhances U.S. products; economic strength is critical for national security. But foreign accessability to strong cryptography compromises communications intelligence. Any decision about dual-use technology is a judgment about balancing risks. \begin{center} Telecommunications Transformed Government \end{center} \noindent The development of telecommunications in the 19th century, first via cable and later by radio, presented a challenge to national security so severe as to challenge the very notion of national sovereignty. Nations could still regulate the flow of people and products across their borders, but in a process that continues unabated, news, ideas, and information began to travel in channels far harder to control. National states survived, of course. They acquired a degree of control over the new media and found that decreased control over the flow of information was more than made up for by increased control over far-flung possessions. Telegraph cables bound the British Empire together as the famous roads had bound the Roman Empire. Telecommunications transformed government, giving administrators immediate access to their employees and representatives in remote parts of the world. It transformed commerce, facilitating worldwide
Current thread:
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- <Possible follow-ups>
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)
- tex version of USACM Crypto report. Note The IEEE US Activities committee also took a position. Sorr David Farber (Jul 04)