Mr. Nobody, an anonymous source of no repute, posted a pretty savvy analysis of the politics of unauthorized wiretaps a week back:
anyone who believes the FBI and a host of other U.S. agencies even less scrupulous does not wiretap without permits, has been standing behind the door. generally, it does not matter if the information learned is admissable in court --they never admit wiretapping in the first place as the agency themselves, in many cases, *did*not*wiretap* --but the agency does buy info from usually unsavory "contractors" who do wiretap.
This conforms to my information too. Back in the mid-80s, I took a wiretap counterintelligence class with a lot of cops, PIs, and oil company securitymen. (The quietest guy in the class, a balding little whimp at the tech bench behind me, was a PI by the name of John Walker, who later drew some attention with his overseas business interests. The weirdiest guy in the class was another PI who kept trying to talk to the other guys about their work but was jerked around because everyone knew he was always wired and at the end of the day would rush back to his hotel room to put the tapes through a voice stress analyser. I would have said the most dangerous guys in the room were the grizzled Malasian oilmen, but in hindsight Walker probably takes the prize.) The instructors were big Ray Jarvis (now of Jarvis Security,) an ex-Marine reputed to have recently been the CIA's top wireman, and Allan Bell (now of Dektor Counterintelligence,) the former director of the US Army's spy shop R&D (who probably has as many secret patents as Friedman did) -- both smart, thoughtful, amiable guys who knew their tradecraft cold. What I remember most of the week long class was Ray Jarvis standing before my classmates and estimating that maybe 10-15 percent of the domestic wiretapping and bugging -- circa '85 -- by US police agencies was legally authorized. He paused and looked around the room for the consensus. Half the room (mostly big city US cops) paused, looked off in the distance for a moment, then nodded. My sense is that lawmen typically planted the relevant information in the hands (or mouths) of a maluable "trusted source" when they did the wire themselves. If a subcontractor did it for them (on a purposely vague assignment,) they just didn't ask how the "trusted source" managed to get the information. Either way, it worked like money laundering. Source laundering, you could call it. The cops didn't seem to view themselves as angels, but they were usually utterly certain the guys they were targeting were the scum of the earth. Maybe they were. My expectation was that most of the illicit wires would be focused on the drug trade (where cops feel like the Border Patrol in El Paso, hopelessly outclassed by their opponents) but -- at least at that time -- the scuttlebutt seemed to indicate it was much more broadly used in criminal investigations. Both wiretaps and bugs are just so damn easy to place, so cheap, so deniable, and (done properly) so untracable, the temptation was virtually irresistable. And there seemed to be a whole subculture of master wiremen, trained by the US Govt, accepting bids from both the Law and corporate security agents. (Outside the US, particularly in the oil business, it sounded like the Wild West before Judge Bean showed up. I've never doubted that the cost of a DES-cracking special purpose computer has been buried among the expense chits of many multinationals, certainly in the Big Oil Government budgets. I'd love to talk to the NSA guys who went in with Desert Storm to find out what the Iraqis picked up from Kawaiti government/oil IS installations;-) I don't expect much has changed, except everything has gotten smaller, cheaper, and (with datacom) vastly more automated. What those guys knew in the 80s were the phone systems (poor design left many PBXs with back doors, some of which could even be triggered remotely) but we've all learned new tricks -- and the NSA and others always concentrated on CompSec.
as for the NSA/CIA spying on US citizens --they dont, they spy on British citizens with facilities provided by M5 and M6. in return, British M5/6 agents spy on U.S. citizens from Langely or Gaithersberg, or wherever. The fact they just happen to share information is an "accident."
In this, I doubt Mr. Nobody. I can't see either the Brits nor the Yanks willing to trust the other nation's bureaucratic system to keep in-country spying secret. The rule was: governments leak... eventually. And the fallout of Revelation would be awesome. (And there were so many safer options.) I suppose, however, Nobody's scheme fits the "laundered source" model too. I recall talk of this sort of arrangement mostly to cover US citizen to US citizen phone links across the US border. I'm not even sure the NSA couldn't legitimately do this, but after the Church Committee hearings in the 1970s, everyone wanted to keep their numbers low. (The extreme was the FBI, of course, which would show up annually to report what? 7 or 11 authorized wiretaps for the year. Everyone barely able to control their snickers.) My apologies if Memory Lane took up too much bandwidth, but the politics of crypto have a heritage that's ever more relevant. (Witness all the direct and indirect reference to Kahn and Bamford's work on this List.) A thought: Being pessimistic lately, and assuming our elected US pols continue their subservience to the spy agencies, I have a question. How difficult would be it to concoct a encryption-based scheme which would hold escrow keys in some sort of serialized time-sensitive one-way account -- a device that would make it all but impossible to get a key out of the account without leaving a permanent record that it was retrieved. How many were retrieved? When? By whom? Is there such a scheme? How does/could it work? In defending privacy, Accountability is a very powerful weapon. (Remember those FBI reports of 7-11 wiretaps?) I'd love to see such a tamperproof recording device imposed upon the FBI's access to its new Master Wiretap circuits, for example -- with a legislatively-mandated revelation of the unforgable results, something comparable to the current law in criminal cases, and maybe with some 5-year sunshine provison for national security cases. Such a scheme might be all we can get if this Administration or a future one gets a version of Clipper mandated. Cynics like many of you on this list may not realize how desperately these guys want to keep to the shadows. Bright Lights and Accountability ought to be a Cypherpunk Goal -- even when the tide is running against us. A well-documented tamperproof accounting scheme to document the use of these intrusive powers could result in a potentially powerful piece of legislation. Suerte, _Vin Vin McLellan +The Privacy Guild+ <vin@shore.net> 53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548 <*><*><*><*><*><*><*><*><*>