What I think they'll do is work on virus software. They can write something which will hack the crypto on your PC and make it weak. If they want to wiretap some drug dealer, they get him to download one of their programs somehow. Maybe they've got a Java bug which lets them hack files when he goes to a certain web page. Or maybe they get him to download some free demo of a game or interaction service (hotchicks.com). Whatever, the program actually looks for PGP and other crypto software and hacks it. Now the FBI can read his stuff.
What we have here is a technology race. Assuming it is legal for a hypothetical government organization to pull a stunt like that, we merely build our own encryption software that is compatible with the current stuff, or failing that have an unreasonable amount of different publically available versions out there. Tell me what virus can alter 50 different programs in a different fashion and still be small enough to go unnoticed. If you were to program your own private version of PGP and have it produce output exactly the same as any version of PGP out there you wanted to, then there's a good chance that it would be overlooked by viri, logic bombs, trojans... and even if it wasn't there's an even better chance that a specific virus would need to be written to hack your private version. and what are the odds of actually infecting your particular desktop with the naughty program that's gonna do the dirty work? I admit that would take cnsiderable effort and the only reason for doing so is to protect against thief software designed to steal your keys, but it can be done. and probably would be done by many as a last resort / defense. -Stu "Work toward your vision of tomorrow, or you will surely live in someone else's" -- Art Sackett