Last week, a wiretap report from 2015 surfaced on the United States Courts website that suggests Americans are using less encryption to hide their activities online but the report may not tell the whole story.
According to the report, the number of federal and state wiretaps increased by 17 percent over 2014. In fact, according to the report, not a single wiretap application was denied in 2015 for a total of 4,148 wiretaps in all. Of those wiretaps, only seven taps encountered encryption, down from twenty-two in 2014.
Though the report suggests that encryption is waning among Americans, it is more likely that costs are driving law enforcement to be very selective in its wiretapping efforts. The report Court’s report details the average cost of wiretaps increased an average 7 percent over 2014 pushing the cost to US$42,216 per tap and this doesn’t even account for the costs associated with breaking encryption.
Just this year, the FBI paid an unknown person or group at least US$1.3 million to break into the 5C iPhone of Syed Rizwan Farook, who murdered 14 people and wounded 22 others in a terrorist attack in 2015 in San Bernardino, California.
According to FBI Director, James Comey, the method purchased by the FBI can be used in future investigations where encryption is involved but it is unknown if the FBI is willing to share its methodology with state and local governments facing the same problems. Without an easy button, state and local agencies have to weigh the costs of breaking encryption and the likelihood of a conviction if a wiretap unsuccessfully produces incriminating evidence.
The Court’s report also runs counter to warnings by John Brennan, director the US’s Central Intelligence Agency (CIA).
When asked why recent terrorist attacks in Pairs went undetected by the intelligence community he warned there were, “a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need.”
Making it even more difficult on the intelligence community, the Obama administration in November of last year suggested that “the time was not right” for legislation forcing technology companies to provide the government with methods of breaking encryption.
It’s not just the CIA raising concerns. National Security Agency (NSA) director James Clapper testified to Congress that the Islamic State is “very security conscious” and a “prolific user of strong encryption technology, posing a major challenge…”
According to clapper ISIL commonly makes use of end-to-end encryption creating a major obstacle for the intelligence community discerning the various plots by the terrorist groups. Clapper supports strong encryption for businesses such as Apple and Google, but called that support into question by stating U.S. officials are trying to “threat the needle so that we ensure privacy and security.”
The Court’s report also reveals that 94 percent of wiretaps in 2015 involved intercepts of voice communications being made through the use of cellular phones. It is widely known that US intelligence snoops have access to those calls and is likely pushing many criminals to use other methods of communication outside of the telephone networks.
Revelations made public by Edward Snowden about the NSA is likely a key factor in the tech-savvy nature of criminals using modern technologies. According to Clapper, Snowden pushed encryption usage seven years forward as many searched for ways to circumvent the NSA’s wide-reaching espionage program.
As government’s around the world continue to struggle with the privacy versus security equation, it is likely those adoption encryption are only going to increase and this could be even more problematic for law enforcement that the intelligence agencies. According to the Court’s report, a majority of wiretaps have been used in thwarting the illegal narcotics trade.
In 2015, wiretaps were responsible for about a 19 percent conviction rate of those arrested as the result of a wiretap. The Eastern District of Virginia reported a somewhat better result of about 25 percent. With results this low and costs being so high, the thought of encryption getting in the way all but indicates a need for selectivity in choosing who to wiretap.
It is clear that the debate between privacy and security will continue well into the future. Like the old saying, security does not exist in nature and we can’t avoid danger if we don’t see it coming. It’s a tough choice with no clear answer. Civil liberties groups and the federal government are likely to spar endlessly on the debate that will likely not be settled until public sentiment settles and politicians are forced to take a final stand on the matter. Perhaps, the biggest driver in swaying the debate one way or another is public safety and the threat of terrorism as James Clapper has warned.
The past few weeks the world has been rocked by a series of deadly terrorist attacks in Orlando, Turkey, Bangladesh, and Iraq. This is likely to push the debate forward as investigations may reveal that the ability to tap ISIL communications could have prevented the attacks.
Written by: Rick Gamache
Rick Gamache is a freelance writer with 25 years’ experience in the cyber security field. His past work includes the Managing Director of Wapack Labs, CIO of the Red Sky Alliance, and lead FISMA auditor for the US Navy’s destroyer program. Rick has written several high-level cyber and general risk reports with an emphasis on the Nordic countries, India, Russia, and Ukraine and has traveled extensively, speaking on strategic cyber threat intelligence matters as they relate global supply chains.
Twitter – https://twitter.com/thecissp
(Security Affairs – wiretaps, surveillance)