Feeds

Secure phones no obstacle to wiretapping – US Govt

Uncommonly ineffective

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

The use of so-called secure telephones presents almost no barrier to wiretapping, according to official US government documents.

This interesting revelation is contained in a recent report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications).

The report (pages 10-11 of report or 8-9 of PDF) states:

Public Law 106-197 amended 18 U.S.C. 2519(2)(b) in 2001 to require that reporting should reflect the number of wiretap applications granted in which encryption was encountered and whether such encryption prevented law enforcement officials from obtaining the plain text of communications intercepted pursuant to the court orders.

In 2002, no federal wiretap reports indicated that encryption was encountered. State and local jurisdictions reported that encryption was encountered in 16 wiretaps terminated in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted.

In addition, state and local jurisdictions reported that encryption was encountered in 18 wiretaps that were terminated in calendar year 2001 or earlier, but were reported for the first time in 2002; in none of these cases did encryption prevent access to the plain text of communications intercepted.

Bruce Schneier, the noted cryptographer, deduces from the report that encryption of phone conversations (only encountered in sixteen out of 1,358 wiretaps, so very uncommon) is ineffective at concealing conversations.

"Every time law enforcement encountered encryption, they were able to bypass it," Schneier writes.

"I assume that local law enforcement agencies don't have the means to brute-force DES keys (for example). My guess is that the voice encryption was relatively easy to bypass," he adds.

Schneier argues that the apparently weak security of secure phones is best explained by a lack of peer review.

"Telephone security is a narrow field. Encrypted phones are expensive," he writes in Cryptogram, his excellent monthly newsletter.

"Telephone encryption is closed from scrutiny; the software is not subject to peer review. It should come as no surprise that the result is a poor selection of expensive lousy telephone security products."

Schneier extends his argument beyond the narrow confines of telephone security to criticise the closed security approach (hello TCPA!) in general.

"This wiretapping report provides hard evidence that a closed security design methodology - the 'trust us because we know these things' way of building security products - doesn't work," he concludes. ®

External Links
Report of the Director of the Administrative Office of the United States Courts on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (quite a mouthful)
Schneier's essay on secrecy and security

Related stories
Open and closed security are roughly equivalent
Linus Torvalds blesses DRM, and nothing happens
Of TCPA, Palladium and Wernher von Braun

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.