Schneier on Security
A blog covering security and security technology.
« Full Body Scanners |
| Video Interview with Me »
March 11, 2011
FBI and the Future of Wiretapping
Last month I posted Susan Landau's testimony before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security on government eavesdropping. In fairness to the other side, here's testimony of Valerie Caproni, General Counsel of the FBI.
Posted on March 11, 2011 at 6:06 AM
• 30 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The link to Caproni's testimony doesn't work :(
" Addressing the Going Dark problem does not require fundamental changes in encryption technology. We understand that there are situations in which encryption will require law enforcement to develop individualized solutions. "
Everyone thinks this is simply saying they're not asking for another Clipper chip, etc. But it's not.
This means that they actually DO NOT WANT encryption technology to change, because they've worked very hard to develop go-arounds. The last thing they want now is for someone to move all the furniture.
They now use social connectivity analysis. They do not care what you communicate, they want to know who you communicate with.
Any technology that would induce targets to stop communicating in visible ways must be prevented.
Maybe they installed statistical analysis on Tor packets that allows them to identify what packets go where. If you can observe a large enough part of the network, that is doable.
I like these quotes: "The Going Dark problem is not about the government having inadequate legal authority—the legal authorities we have for intercepting electronic communications are adequate."
and: "..addressing the Going Dark problem does not require the Internet to be re-designed or re-architected for the benefit of the government. Within the current architecture of the Internet, most of our interception challenges could be solved using existing technologies that can be deployed without re-designing the Internet and without exposing the provider’s system to outside malicious activity."
Maybe some sanity still exists?
A first reading sugests all the FBI want is the money and resources to build "new methods" kind of in line with the requirments of existing legislation.
However it does not quite feel that way...
I get the feeling the coms monitoring center is a first step and that legislation changes are further down the line.
For instance parts of the document don't hold together well. That is the wire tap is for 30days, but providers take months to provide solutions on individual cases....
Thus I get the distinct impression that a lot has been left blank to be filled in at a later date.
I've been thinking about the "new methods" way and I can't help but think "snoop-ware".
The FBI admit that centralised monitoring is a busted flush due to a number of reasons not least being people using "out of jurisdiction services" where they can knock on the service providers door all they wan't and just get either ignored or told "You have no authority here".
Moving outwards from the "service center" they are going to find it extreamly difficult to meet warrant requirments without causing infringment in the general network so this would sugest moving down to the ISP end.
But as they admit a user can have a multitude of connnection points thus service providers and hence ISP's etc. So this is making life difficult in respect to knowing who to serve warrents on.
Which kind of leaves the user end point or smart phone etc. So I'm thinking "snoop-ware" with as a minimum an "ET" function.
Now are the Feebies clever enough to make an ET function that is sufficiently covert it is not obvious to a sophisticated user...
This is a very clear statement of the situation, but it's an unclear statement of the problem. The problem is that most companies, governments, and people don't like unfunded mandates. If the FBI wants something, and they are willing to pay for it, then they have lots of suppliers lining up to provide it. "Going Dark" isn't a result of a shortage of folks willing to take money from the FBI. "Going Dark" is a result of the FBI being unwilling to pay for what it wants.
With a big, monopolistic, regulated phone company a legal mandate might raise costs. Those costs are passed along to all customers, effectively subsidizing the FBI. It's not a bad scheme, it has efficiencies relative to a "Law Enforcement Tax" that the government would distribute. The companies have an incentive to do the work efficiently.
While the FBI may wax rhapsodic for the "good old days", they are a small minority. Everybody else values the technology advancement that diverse communication providers bring to the party. Their "Going Dark" situation isn't going to get better, because communication has become so inexpensive that some providers no longer charge for it (make all your calls for free with !). When the price is free, or at least some providers are free, it's just not going to be possible to "pass the FBI's costs on to consumers". Sure, you can put a provider out of business, but that just makes three knock-offs spring up in it's place. Like Jack said about encryption, the FBI doesn't want that because it makes the problem 3 times harder (or maybe 9 times harder).
While I feel compassion for the FBI's problems, it's sorta like the vinyl record player needle company or the vacuum tube company. My feeling bad for them isn't going to do a bit of good. Everybody else is going to dump them like a hot potato. Sorry FBI. You might as well plan to get more money for "individual solutions" (great double speak), shift back to good old HUMINT (probably a good idea anyway), or become a lot more selective regarding which criminals are important enough to warrant spying on.
In the end, I hope to see the FBI become more selective, because much as they like to say they spend their time looking at child pornographers they waste a lot of it on pretty petty crimes.
@Clive, Just look at cell phones. Once you could get a number, track it back through billing data, and see all the numbers called. It worked great on folks who weren't criminals, but crooks bought "burner phones" with prepaid time and just threw them out when the prepaid time ran out. GPS is added to most smart-ish phones, under guise of better 911 support, and so now you and I can be tracked all the time. Too bad that crooks just buy dumber phones, since they throw them out anyway. The net result of most recent FBI "surveillance technology" is a lot more effective against citizens they shouldn't be spying on than it is on the folks they should be spying on. Like your ET example, unless everybody does it the bad guys just use it as another purchasing criteria. It becomes security theatre. They get money for "doing something" even though the enemy can spend a lot less on the counter-measure and get better effect for their money.
Sounds to me like they're simply whining that the ISPs can't do their jobs for them. Sorry to say.
Life would be so much easier for the FBI if we lived in a panopticon.
Life would be so much easier for a judge and jury if everyone on trial was guilty.
Life would be so much easier for plants|animals if humans were carnivores|herbivores.
Give a mouse a cookie, etc etc.
I read the testimony. Some thoughts come to mind.
1. They want the ISPs to make it easier.
2. They have some ways to snoop or break encryption that they are not talking about.
3. Most of the arrests are of the low lying fruit, ie. idiots.
4. The technical/smart people probably are not low lying fruit.
5. The smart ones are going to go dark, encrypted, alternate routes to hide.
I have talked to law enforcement and been told. Encryption? We rarely have to bother. You read into that what you want. It tells me that they can get the bad guys even if they use encryption with rootkits, keyloggers, code in web pages, emails, bluetooth, gps, hidden cameras, etc.
Now, if you are worthy of the NSA looking at you. Lotsa luck. I'm sure they have some tools that are worthy of jeff goldblum's hacking skills. LOL
>2. They have some ways to snoop or break encryption that they are not talking about.
If the FBI had ways to break AES they wouldn't be interested in you, they would be busy taking over the CIA, NSA, SS, etc.
The only thing that guarantees the security of encryption standards is that the FBI don't trust the CIA, the CIA don't trust the NSA, the NSA don't trust the secret service....
@ R Saunders,
"...but crooks bought "burner phones" with prepaid time and just threw them out when the prepaid time ran out."
Yes and some got caught because they made more than one call on the burner phone.
In the UK certain LEO's have noted "One Time Calls" where a crook actually does not even ring off, they just trow it in a pond or river or in the back of a truck or bus or whatever.
"GPS is added to most smart-ish phones, under guise of better 911 support, and so now you and I can be tracked all the time."
And that is a bit of a misnomer, cell phones have usually be locatable within a hundred yards or so simply because they can be heared at more than one cell tower. In the majority of cases this is more than sufficient for LEO needs.
"Too bad that crooks just buy dumber phones, since they throw them out anyway."
There is an easy way to stop the dumber phones being used or phones with GPS disabled, the question is are the Feebies or other LEO's going to push for that change...
"The net result of most recent FBI "surveillance technology" is a lot more effective against citizens they shouldn't be spying on than it is on the folks they should be spying on."
Yes and odly that was a push made more by the previous administration than by the LEO's themselves which to put it mildy was a bit of an eye brow lifter. As we now know the Feebies etc could not lift the load so the job went to the NSA. Which means it might stay there or then again not. Since the demise of the cold war the action has moved from political espionage to criminal espionage and general surveillance and I'm sure that the NSA are acutely aware of this and their undoubted strengths in this area. General surveillance is a high cost activity requiring considerable resources especially in computing it is not something which sits naturaly with general LEO's.
"Like your ET example, unless everybody does it the bad guys just use it as another purchasing criteria."
This is where the fun starts, as far as I can see the current legislation does not exclude the handset manufactures from placing a law enforcment tap in the phone...
And this is one of the directions I suspect the Feebies will push. There are actually less suppliers of mobile phones than you think and requiring a "Feebie backdoor" would stop many of the smaller companies consider making their phones available in the US. The Feebies could then require the network operators to only allow phones with "backdoors" onto their networks.
This would be a major issue for the criminals.
And not to costly for the phone manufactures (as the bulk of it is built in already) who would just pass the cost on to the network providers.
As I said a lot of it's in place the question is what way will the Feebies go once they have the funding for their nice new facility...
I wish the FBI/feds were as interested in electronically snooping on their contractors as they are in snooping on innocent people who ask them for help with abuses by their contractors.
@nobody. You either misunderstand or I was too obtuse. ;).
My point was that they don't need to break the encryption to find out what they want. Cameras, keyloggers, etc.
Yes, if someone could break encryption for truly valuable information like speed buys on the exchanges, yep. Or maybe they already have. Someone who did that would be very sophisticated and hard to catch, I think.
I was also trying to make the point that if the NSA, CIA or any other alphabet group really was out to get you, they could. For example miniature cameras are now very small. Recently, an RFP for federal agency went out for "forensic" software. It was commercial in nature. That is not to catch someone writing their own brew of privacy with farrday cage, encryption, dark internet, etc. It is for the low lying fruit. The guy trolling in chat rooms with the FBI. BTW what makes you think they don't spy on each other? Or they just have lunch, professional courtesy and all that......
Unfunded mandates? If the FBI needs a tap they expect the results without paying for it?
Do they also get cell phone service and vehicles without paying for them?
@RSaunders: "... While I feel compassion for the FBI's problems..."
I don't. The FBI is too bureaucratic, too politicized, too dishonest (multiple incidents of fraud in its forensic labs), and too inefficient. It spends 8 billion dollars a year to convict a few thousand criminals (most of whom could be dealt with by state and local law enforcement agencies) and a handful of terrorists or spies. I believe that the FBI could be dissolved without harming our security at all. The same is true of ATF and the DEA.
@ Nobody, Jacob,
"2. They have some ways to snoop or break encryption that they are not talking about."
The problem with encryption is not that you use it but that you use it badly.
AES as an algorithm is as far as we know unbroken in the cryptographic sense.
However we know that many implementations had and still do have bad side channel issues.
Thus the NSA certify AES for "data at rest" (ie stored on the hard drive) but not otherwise for their Inline Media Encryptors or IME.
AES implemented on a smart phone is in all probability very vulnerable to side channels and other EmSec issues. But such a phone is also susceptible to "end run" attacks where the use of encryption is unimportant as the snoop-ware or spy-ware is on the plaintext side and leaks information through the phone using timing attacks due to it's "efficiency".
If you want to know how this is possible look up "keybugs" on Matt Blazes crypto.com site.
Did I miss another witness or something? I saw no real difference in the two testimonies except that the DOJ did not address the question of vulnerability which IMHO was the only thing different about Ms Landou's. (Whom I'm sure would agree with the DOJ's statement as to the history and current state of affairs.)
What a waste of air bureaucrats are.
I didn't read every word in the testimony, I just scanned it, but the primary complaint I got mirrors what others have said: the ISPs don't cooperate as much as the FBI wants.
So this sounds to me that, in addition to coercing the ISPs to open up their systems more, they want to bypass the ISPs altogether and go on with the deep probing hardware at the telecom providers, but make it easier to single out the individuals they want to track down by "tagging" everyone's communications in some way.
Where they say they "can't develop evidence" I get very suspicious. There's very little you can do over any form of network that can't be revealed by other means of surveillance. If you're already a target for surveillance, they can bug you up your rear if necessary. You're basically already in jail at that point.
They can watch you entering keystrokes into your computer on video surveillance. They can directly tap your phone over the air or overhear your voice directly through an audio bug. I find it hard to believe that anyone can evade disclosing what they're up to in that situation. That makes surveillance of your computer and phone communications pretty much superfluous.
The only situation in which that might not be true is if the criminals are outside the borders of the US and there is no way to physically get either an agent or a snitch with surveillance equipment close to the target. That kind of situation has to be rare. Anyone in the US can be bugged blind and surveilled so closely they know when you're taking a leak by the water pressure in your apartment.
So the idea that they can't close cases without this sort of truly invasive monitoring of your communications is a red herring intended to extend their ability to monitor EVERYONE'S communications.
I also note the first thing she talks about is "child porn" - always the first excuse for evading civil rights.
On a larger note, it seems society doesn't want to pay for modifying the educational practices of the young and the economic prospects of the lower class demographics - the only way to prevent crime - but it doesn't mind spending billions and billions on law enforcement technology. What's wrong with this picture?
What a beat-up story!
These problems are trivial to solve!
I will guarantee you that with just $50M I can compromise every cell phone chipset in production. Of course that $50M would not be flowing into the "right" pockets, ah-ha, I think I'm beginning to see the point of the story....
"What a waste of air bureaucrats are."
The reason for the similarity is in all probability the very very narrow scope of the commities brief.
One trick seen in the UK by the enquiry by Lord Hutton was to limit the scope of the investigation so that it can only come up with the required answer (this is an old game in the UK and the public and press fall for it every time).
Part of the process is vested interests on committees discrediting any testimony that "strays to far" from the required path of inquiry.
@ Robert T,
I'm glad to hear from you, as your general posting times sugest that you may be a lot closer to the "sea/earthquake" than the rest of us.
"What a beat-up story These problems are trivial to solve!"
Yes indead they are either in hardware or software and as I noted above the law in the US (depending on how you read it) alows for the enforcement of these methods already.
There are various factions in the US that have tried to get "snoop-tech" or "control-tech" built into sillicon by legislation in the past. The US key escrow system being the most public, however at various times the likes of "The Senator from Diseny" (pay book) has tried to get mandated controls for "IP holders" (not artists) built in.
So far they have been unsuccessful with the direct aproach due in no small part political preasure from the likes of the counter lobby groups. So to my mind there is a possibility they are trying the "squirrely way" this time.
@ Richard Steven Hack,
"Where they say they "can't develop evidence" I get very suspicious. There's very little you can do over any form of network that can't be revealed by other means of surveillance. If you're already a target for surveillance, they can bug you up your rear if necessary. You're basically already in jail at that point."
Very true but the non network methods are manpower intensive by specialy trained overpaid and thus potentialy unreliable persons.
For some reason that is still unknown the US decided to stop using "Humint" but "Elint" at around the time of Ronnie "Ray-Gun" holding the deficit purse strings. The likes of the CIA got various cutbacks and the likes of the NSA and NRO got big slabs of cash.
There is some notion doing the rounds for the last fourty years or so the "technology does not lie". Which for many reasons is a very silly one, not least because technology is agnostic and sees what it is presented with by humans.
If a target knows or assumes they are under observation they can use this to their advantage and feed false data back to the electronics. It even works with humans. During "the troubles" in NI a man was observed by the general populas to always walk around with a pair of "Mickey Mouse Ears" on and a long heavy overcoat. It quickly became clear to everyone that he was under surveillance and the ancient practice of "goon baiting" started. Kids would look for and find the surveillance officers and point them out and giggle at them and sometimes go up to them and say "please sir my mummy says you are a policeman?" There where many results from these antics but the observers where undoubtedly the losers not only did the surveillance officers faces get well known all their tradecraft became well known as well so other officers became compramised by youngsters who just watched as a game. Not only is it demoralising as an officer having the tables turned on you but also quite frightening knowing that your target was quite deliberatly taking you through dangerous areas where soldiers and other officers had been wounded and killed on a regular basis.
And this is not limited to terrorists some criminals do it as well, and in atleast one case one criminal prefers 24x7 surveillance to actual jail.
People in the UK will have seen in the newspapers that a 63year old man by the name of Kennith Noye currently serving a sentance of murder is trying to get his conviction overturned. He first came to the general public attention when he got off of murdering a police undercover officer in the grounds of his house in the 1980's (basicaly he killed the officer and claimed self defence). To a lesser extent he was also known publicaly for his involvment with the Brinks Mat gold bullion hiest where 3 metric tons of gold went missing for which he went to jail. So it is reasonably certain he is a career criminal and quie central to many illegal activities, and not a "playboy property developer" he claimed he was.
Well after getting off he had the police on his tail night and day 24x7 and he blew a fuse one day and stabed a man a couple of times over what was incorrectly reported by the press at the time as a "road rage" incident. After murdering the motorist (who he may havve thought was a surveillance officer) he went and holed up in Spain for a while. Where he was quickly back under surveillance but much less obviously so, but enough to flush him out and get him extradited back to the UK where in 2000 he was jailed again.
There was an eye witness to the murder of the motorist who has since been shot and now Kennith Noye is trying to get the forensic evidence overturned so he can again claim self defence and get out of jail and then presumably sue for wrongful conviction...
Without a doubt if he is released he will once again be under 24x7 surveillance, and he must know this, so for him atleast being under surveillance 24x7 is not like being in jail.
So Valerie Caproni is stating the obvious, but how exactly does the bureau want to address the issue on the table other than requesting 15 million for a Domestic Communications Assistance Center (DCAC) ? I'm not seeing it.
"Within the current architecture of the Internet, most of our interception challenges could be solved using existing technologies that can be deployed without re-designing the Internet and without exposing the provider’s system to outside malicious activity."
Which means what ? Deploying "technologies" at ISP's and telcos not only is a dead-end street, Susan Landau also explicitly warned for its inherent dangers in her speech. As argued by several others, the only effective strategy against anything but idiots and lo-techs would probably be to move the spying to the end-points, i.e. the users. In addition to who would be bearing the costs, all of this also is way too vague for me and it sounds like someone is just asking for a blank cheque to be filled in later on.
"I'm glad to hear from you, as your general posting times sugest that you may be a lot closer to the "sea/earthquake" than the rest of us"
You can't get rid of me that easy! I often feel like I've certainly spent enough time in Narita airport to apply for residence but I'm rarely in Japan itself, usually S.Korea, HK, Taiwan, China.
If I have figured out how to compromise every phone chip in production, than I take it for given that a few 3 letter agencies have also figured out, how to leverage, the systemic weaknesses in the chip supply chain.
Hey if they haven't,than they need to know:
I CAN be bought!
@ Robert T,
"Hey if they haven't,than they need to know I CAN be bought"
I'm sorry I think they will just compel the phone manufactures to do so by use of existing legislation.
Heres how the US already has existing legislation requiring telecom providers to put a "wire tap" into the exchange equipment and as we know all switch manufactures have the hooks in their equipment.
We also know that phones can act as "local exchanges" in that they can do two party calls call transfers etc etc. Thus all they have to do is "extend the scope" to cover handsets. As we know like the switches all the hooks etc are already built into GSM phones and GPRS data systems would be a blink of an eye to do as well.
Technicaly the whole thing can be done as an "over the air upgrade" on modern phones without the user realy being aware it's been done...
And as the primary legislation is in place the extension will not have to go through the usuall new legislation process...
I'm realy surprised they haven't yet done it...
What Clive's talking about re: switch/exchange is CALEA - Communications Assistance for Law Enforcement Act. There is a centralized bridge where data can be siphoned off from any connection point in the telco network. Carriers are "compensated" for this compliance activity, and (Cryptome?) have published some of their rate cards.
Ah yes, here it is: http://www.schneier.com/blog/archives/2009/12/...
I really liked your quote Matthews that "The Going Dark problem is not about the government having inadequate legal authority—the legal authorities we have for intercepting electronic communications are adequate.". well said
It is interesting how the FBI was clamoring for backdoors in encryption during the 90's and when that was defeated, they have remained silent on the issue for about 15 years. Does anyone really think their silence is due to the fact they gave up or rather that they have reliable ways around it? Think about it: it makes no sense for them to spend all this time and money on expanding CALELA if they have no way to break a simple SSL connection. Any criminal with an IQ over 70 is going to be using encryption.
Nice article to read. It does make sense they why more and more business are trying to mitigate the risk. It is quite understandable that business would cut down on the potential risk. Thanks for the article. It was ineresting to read.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.