@ Dirk Praet,
"However much I agree with Clive, complicating the issue by presenting technological arguments in front of a layman's audience why a wiretapping infrastructure is pointless would only have strengthened their belief."
Yup I put my hand up I did not reread my post befor posting.
The points I was trying to bring about where,
1, A wiretap no mater where is going to fail when the communicating parties are sophisticated (as you cann't do an end run inside somebodies head currently).
2, You cannot have a wiretap facility in an information system without it being abused either by cyber-LEO's or cyber-crooks or the plain curious that is the way of the world.
And the "real issue" for society that arises from these points.
These two points are not about "privacy" as such they are the cold hard realities of life and how that plays out in a society where a small fraction are criminals.
One mistake I made was, whilst arguing Point 2 I was also trying to show Point 1 without stating it which is bad argument style.
Point 1 is the first unstated crux of the real issue.
1.A, Wiretaps will only work against those less sophisticated than those doing the eavesdropping.
1.B, Wiretapping will fail in a similar way to all technical solutions against adaptive and motivated individuals (targets) who become more sophisticated as other technology alows.
We have seen this already in that as good quality encryption has become available to the surveillance targets, it's use has started to force the use of "traffic flow analysis" by LEA investigators (and surprisingly to some has actually proved more benifficial than the simple "plain text" monitoring).
Thus we are seeing more sophisticated aproaches being adopted by targets to the way they communicate like the notion of "One Use Mobiles" actualy becoming a reality. With quite ordinary criminals now using low cost cash bought "pay as you go" phones for "One Time Communications" and then being thrown in lakes, rivers and waste bins (sometimes without the target dropping the call first).
In turn this "One Time Communication" issue has caused the LEA's to ask for all call records to be kept indefinatly, so that like CCTV video footage they can try to work backwards from an event to individuals.
However this "working backwards" has the same problem as that of "cause and effect" when you argue backwards from effect to cause and end up with "Magic Thinking" or "Conspiracy Theories" and are thus guaranteed to get miscarriages of justice at some point.
LEA's and those who legislate for them have to realise that there are no "magic bullet" solutions when dealing with the communications of sophisticated targets.
This is because the sophisticated target has many avenues available and leaving aside the simple case of bribery of officials to keep their activities legal (lobbying), the sophisticated target will develop a "cloak of invisability". That is they will use information entropy to "hide beneath the noise" or use patsies / cutouts as State Level players have done with "spycraft" throughout the centuries. Either way the sophisticated target wins against time and resource limited LEA's.
Thus wire tapping in it's various forms is plain and simple an arms race. It is directly equivalent to ECM/ECCM/ECCM... arms race that gave rise to amongst other things stealth technology.
However unlike conventional arms races wiretapping is also asymetric in favour of the sophisticated target. And worse for the LEA's as information systems and techniques do not have to be physical or expensive they can and will just like the "hoodie -v- CCTV" become available to less and less sophisticated targets with time and then be in common use by the general public.
Worse still for LEA's wiretapping in it's various forms is like playing "high stakes poker" where they are handicapped by having to show their hand via "due process" rules of "chains of evidence" whereby "methods and sources" can be forced into the open.
It is thus for LEA's at best a "Red Queen's" race which they can never win only run as hard as they can to stay where they are.
As I noted Susan Landau did not in any way address Point 1 she simply obsficated / hand waved around it with the notion of LEA's having a "dynamic" response to the techniques sophisticated targets will bring into use as a response to LEA activities.
With regard to Point 2, which is the second crux in the real issue.
In Susan Landau's testimony she gave a number of examples pointing out the sailient issue that all technology is double edged, and further that it is agnostic in that if a technology is available it will be used one way or another. Further that this issue has been known publicaly for nearly 40 years.
However, even though her examples are valid against ALL wire taps she argued only against "mandated infrastructure wiretaps".
Which effectivly gives the false impression that other wiretap techniques ("ET phome home" systems etc) are "still golden" when they are probably not to sophisticated targets.
She did however allude to the fact that it is "authentication" that failed at some level when wiretap systems are misused.
But she failed to mention "authentication of a physical entity" is an unsolvable issue in an information only system. As at the end of the day all "authentication" in such a system is based on "information" which can be trivialy disclosed and copied without it necessarily being obvious or more importantly even looked for.
[ As an aside to explain this : To an information system there is no such thing as "something you own" there is just the intangable "information" that describes some asspect of the tangable physical object "you own". It is thus directly equivalent to "something you know" which is again just "information". Further we currently have the notion of a "token we own" making the running. However all of the tokens are devices with known or disclosable charecteristics used to hold a "secret" which is again just "information" which in turn can be disclosed or discovered in some manner. That is to an intangable information processing system at some point everything physical effectivly becomes intangable information that can in some way be "spoofed". It is a point that most information security gurus wave their hands over by talking about logs and auditing (not that anybody looks at them till something is known to be wrong.]
The problem as I noted is that the remit the commity is working to appears to be the wrong, and thus is guaranteed to fail in it's "apparent mission".
The real issue is what the two points effect which is, the resources involved with the two sides of secrecy or "confidentiality" that is "hiding information from non autheticated entities" and "aquiring information as a non authenticated entity".
All of mankinds endevors are bassed on information and energy and the application of both to problems.
As information can be very effective at reducing the energy needed to achive any particular desired outcome, it means that although it is intangable, information has a very real value. Thus real advantage can be gained in concealing information from others or keeping it secret or confidential.
However as humans we also have the concepts of good and bad thus we get a problem.
That is it is a "given" in society that a "good person" concealing information is "good" and a "bad person" concealing information is "bad".
However a person good or bad who is concealing information will view all attempts to access the concealed information by an unautherised person as bad or an "attack". They will therefore try to prevent such access and will expend a certain degree of resources to keep the information concealed. The consiquence of this is increasing the resources required by the "attacker" to gain access making the chancess of an attack that much less likely.
With modern cryptography the resources required to conceal information securely can be very low in comparison to the resources required to access the information without authorisation.
Which is "very good" if a good person is concealing information against a bad person but "very bad" if it is a bad person concealing information.
Thus it becomes a societal issue, what value to society is gained by the use of modern crypto and other information concealing techniques and what value to society is lost by those seaking to conceal crimes etc using the same technology and how do those tasked with dealing with those crimes address the issue within the acceptable norms of society.
And it is a question that political nobody realy wishes to be asked.
That said there is the "Pandora's Box" issue, strong cryptography and other technology are now in the public domain and will remain so. And as Susan Landau noted the likes of the NSA unlike various LEA's appear on the face of it to have come to terms with this. That is they have through the likes of NIST certified a number of public domain crypto algorithms and methods.
That said as Bruce has been known to note security rests on the weakest link and the strength of modern crypto algorithms is not of real issue in modern systems.
Also the likes of the NSA, GCHQ et al and their forbears have been concentrating on other asspects of ComSec such as EmSec and traffic analysis for quite a long time (nearly a century on EmSec and over seventy years on traffic analysis). Unlike the open/academic communities who have only realy started taking an interest in them in the past ten years or so.
As I said the days of wiretapping in the current sense are effectivly numbered. The required storage and access to "billing" and "geographic" information will, in very short order be the chosen route especialy if corelated against other databases such as credit card and loyalty card databases and transport systems such as parking and toll systems.
For instance how long do yo think it would take to identify your car registration plate from your mobile phone number using the London congestion charge database and the mobile phone time/geolocation data?
All but a few very sophisticated users will be able to lead a normal life and also be able to avoid leaving footprints in these databases that could be used to "nail them cold" in front of an unsophisticated jury.