informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/conspiracy/wiretap.cst

414 lines
24 KiB
Plaintext
Raw Blame History

Newsgroups: sci.crypt
From: hanson@kronos.arc.nasa.gov (Robin Hanson)
Subject: Can Wiretaps Remain Cost-Effective?
Message-ID: <1993May13.020142.6486@kronos.arc.nasa.gov>
Organization: NASA ARC/ Information Science Division
Date: Thu, 13 May 1993 02:01:42 GMT
Lines: 405
I feel somewhat guilty for posting three different versions of this
paper to this newsgroup, but I wanted to be both timely and thorough.
Previous drafts were timely; this "final" version is more thorough. :-)
CAN WIRETAPS REMAIN COST-EFFECTIVE?
by Robin Hanson
hanson@ptolemy.arc.nasa.gov 510-651-7483
47164 Male Terrace, Fremont, CA 94539
May 12, 1993
Distribute Freely
SUMMARY: Compared to an average monthly phone bill of seventy dollars,
the option to wiretap the average phone line is probably worth less than
twelve cents a month to police and spy agencies. Claims that this
option is worth over a dollar a month ignore the basic economics of
law enforcement. Thus recently proposed government policies to preserve
wiretap abilities in the face of technological change must raise phone
costs by less than one part in seven hundred to be cost-effective.
Why not let a market decide if wiretaps make sense?
BACKGROUND
Until now, telephones have happened to allow the existence of "wiretaps",
cheap detectors which can pick up conversations on a phone line without the
consent of either party to the conversation. And since 1968, U.S. police
have been allowed to request such wiretaps from judges, and must compensate
phone companies for expenses to assist a tap. Since then, law enforcement
agencies have come to rely on this capability to aid in criminal
investigations.
However, wiretaps have become more difficult as phone companies have
switched to digital technologies. And powerful new encryption technologies
threaten to make truly private communication possible; a small chip in each
phone could soon make it virtually impossible to overhear a conversation
without a physical microphone at either end. So the U.S. government has
begun to actively respond to these threats to police wiretap abilities.
Regarding digital phone issues, a "FBI Digital Telephone Bill" was
circulated early in 1992 [1], proposing to require all communication
services to support easy wiretaps, now without compensation from the
police. Each tapped conversation would have to be followed smoothly as the
parties used call-forwarding or moved around with cellular phones. The
data for that conversation would have to be separated out from other
conversations, translated to a "form representing the content of the
communication", and sent without detection or degradation to a remote
government monitoring facility, to be received as quickly as the parties to
the conversation hear themselves talk. Congress has yet to pass this bill.
Regarding encryption issues, the White House announced on April 16, 1993
that 1) they had developed and begun manufacturing a special "wiretap" (or
"Clipper") chip to be placed in future phones, instead of the total privacy
chips which have been under private development, 2) they plan to require
this chip in most phones the government buys, and 3) they will request all
manufacturers of encrypted communications hardware to use this wiretap
chip. The same day, AT&T announced it would use these chips "in all its
secure telephone products".
The plan seems to be to, at the very least, create a defacto standard for
encryption chips, so that alternatives become prohibitively expensive for
ordinary phone users, and to intimidate through the threat of further
legislation. Such legislation would be required to stop privacy fans and
dedicated criminals, who might be willing to pay much more to use an
alternative total privacy standard.
Both the specific wiretap chip design and the general algorithm are secret.
Each chip would be created under strict government supervision, where it
would be given a fixed indentifier and encryption key [2]. At some
unspecified frequency during each conversation, the chip would broadcast
its identifier and other info in a special "law enforcement field". Law
enforcement officers with a court order could then obtain the key
corresponding to this indentifier from certain unspecified agencies, and
could thereby listen in on any future or previously recorded conversations
on that phone.
To date, most concerns voiced about the wiretap chip have been about its
security. Encryption algorithms are usually published, to allow the
absence of public demonstrations of how to break the code to testify to the
strength of that code. And it is not clear what government agency could be
trusted with the keys. Many suspect the government will not limit its
access in the way it has claimed; the track records of previous
administrations [3], and of foreign governments [4], do not inspire
confidence on this point.
This paper, however, will neglect these concerns, and ask instead whether
this new wiretap chip, and other policies to preserve phone wiretaps, are
cost-effective tools for police investigation. That is, which is a cheaper
way for society to investigate crime: force phone communications to support
wiretaps, or give police agencies more money to investigate crimes as they
see fit? Or to put it another way, would police agencies still be willing
to pay for each wiretap, if each wiretapping agency were charged its share
of the full cost, to phone users, of forcing phones to support wiretaps?
A recent U.S. General Accounting Office report on the FBI bill stated [1]:
"[N]either the FBI nor the telecommunications industry has
systematically identified the alternatives, or evaluated their costs,
benefits, or feasibility."
While this paper will not change this sad fact, it does aspire to improve
on the current confusion. To begin to answer the above questions, we might
compare the current benefits wiretaps provide to law enforcement agencies
with projected costs of implementing the new wiretap chip and other wiretap
policies.
WIRETAP BENEFITS
1990 is the latest year for which wiretap statistics are widely available
[5], though wiretap activity has been rather steady in recent years.
According to the Office of U.S. Courts, 872 wiretap installations were
requested by local, state, and federal police in 1990, and no requests were
denied. 2057 arrests resulted from wiretaps started the same year, 1486
arrests came from wiretaps in the previous ten years, and 55% of arrests
led to convictions. About 40% of wiretaps were requested by federal
authorities, while several states, including California and Illinois, still
do not allow wiretaps. About 60% of taps were regarding drug offenses, and
14% for gambling offenses. Wiretaps are most useful for investigating
"victimless" crimes, since victims will often give police permission to
record their calls.
Each wiretap installation heard an average of 1487 calls, 22% of them
incriminating, among 131 people, and cost an average of $45,125, mostly for
labor (extrapolating from the 91% of installations reporting costs). $1.6
million was also spent following up on wiretaps from previous years. Thus
a total of about $41 million was spent on wiretaps, to obtain about 4000
arrests, at about $10,000 per arrest, or four times as much as the $2500
per arrest figure one gets by dividing the $28 billion spent by all police
nationally by the total 11 million non-traffic arrests [6]. Thus wiretaps
are a relatively expensive form of investigations.
76% of the wiretaps were for phone lines (vs pagers, email, etc.), and are
the focus of this paper. The $31 million per year spent on phone taps
represents only one thousandth of the total police expenditures, and if we
divide this by the 138 million phone "access" lines in the country [6], we
get about 23 cents spent per year per phone line, or about two cents a
month. Since 1978, our foreign intelligence agencies have also been
authorized to tap international phone calls. No statistics are published
on these taps, so let us assume a similar number of "spy" wiretaps are
done, giving a total of ~$60 million annually, or four cents per month
spent on wiretaps per phone line.
Of course the amount police spend on wiretaps is not the same as the
benefits of wiretaps. How can we estimate benefits? Dorothy Denning, an
advocate of both the FBI bill and the wiretap chip, claims that "the
economic benefits [of wiretaps] alone are estimated to be billions of
dollars per year" [7], and then refers to amounts fined, recovered, and "$2
billion in prevented potential economic loss" by the FBI from 1985 to 1991.
Denning further relays fascinating FBI claims that through wiretaps "the
hierarchy of organized crime has been neutralized or destabilized", and
that "the war on drugs ... would be substantially ... lost" without them.
Two billion dollars per year of wiretap benefit would translate to a little
over a dollar a month per phone line. Denning, however, offers no support
for her claims, and appears to be relaying internal FBI figures, which the
FBI itself has neither revealed nor explained to the public. And the FBI
is hardly a neutral party on this subject.
Estimating the benefits of police investigations is not a simple as it
might seem, however, and certainly requires more than adding up amounts
fined or recovered. Long and well-established results in the economics of
law enforcement [8] tell us to reject the notion that we should be willing
to spend up to one dollar on police, in order to collect another dollar in
fines or to prevent another dollar of theft. So, for example, we rightly
reject IRS pleas for increased budget based solely on estimates of how many
more dollars can be collected in taxes for each dollar spent by the IRS.
In fact, a main reason given for using public police to investigate crime,
instead of private bounty hunters, is to avoid such police overspending.
In general, we deter a given class of criminals through a combination of
some perceived probability of being caught and convicted, and some expected
punishment level if convicted. And some crime is directly prevented, rather
than deterred, through some level of police monitoring. The optimum police
budget is a complex tradeoff between social costs due to the crimes
themselves, the punishment exacted, and police expenses.
How then can we estimate wiretap benefits? Let us assume that about the
right total amount is being spent on police, and that police have about the
right incentives, to spend their budget to monitor where it would help the
most, and to get as many as possible of the right kinds of convictions.
(If police budgets are too low, then the answer is to increase them, rather
than trying to crudely subsidize any one of their expenses.)
In this case the social benefit of being able to wiretap is no more than
about the additional amount police would be willing to pay, beyond what
they now pay, to undertake the same wiretaps (assuming this remains a small
fraction of total police budgets). The benefit of wiretaps is actually
less than this value, because were wiretaps to become more expensive, we
might prefer to get the same criminal deterrence by instead raising
punishment and lowering the probability of conviction, or perhaps we might
accept a lower deterrence level, or even decriminalize certain activities.
Police monitoring might be similarly adjusted.
How much police would be willing to pay for each wiretap would depend of
course on how what alternatives are available. If unable to wiretap a
particular suspect's phone line, police might instead use hidden
microphones, informants, grant immunity to related suspects, or investigate
a suspect in other ways.
The law requires that police requesting a wiretap must convince a judge
that other approaches "reasonably appear to be unlikely to succeed if tried
or to be too dangerous". But in practice judges don't often question
boilerplate claims to this effect in police requests [9], and
investigations often continue even after a wiretap has failed to aid an
investigation. Experienced investigators advise wiretaps as a last resort,
but mainly because wiretaps are so expensive.
More importantly, police can also choose to focus on similar suspects who
are more easily investigated without wiretaps. Most police cases are near
the borderline where it is not clear that they are worth pursuing, and will
be simply dropped should a more pressing case suddenly arise. Many cases
reach the point where a wiretap might help, but are dropped because a
wiretap seems too costly. And most cases now using wiretaps would probably
be abandoned if wiretaps became dramatically more expensive.
No doubt a few wiretaps are so valuable that it would have cost ten times
as much to obtain similar results through other means. But on average, it
is hard to imagine that police would be willing to pay more than a few
times what they now pay for each wiretap. If we assume that police would
on average be willing to pay twice as much for each tap, then the social
benefit of phone wiretaps is about equal to the current spending level of
four cents a month per phone line. If we assume that police would on
average be willing to pay four times as much per wiretap, the option to
wiretap the average phone would be worth twelve cents a month.
A better estimate of wiretap values might come from randomly asking recent
wiretap requestors whether they would have still requested that wiretap had
they expected it to take twice as much labor to get the results they had
expected, or three times as much, etc. The FBI will not allow such a
survey by ordinary citizens, but perhaps some state police would. But
until such research is done, the twelve cent figure seems a reasonably
generous estimate, and the four cent figure may be closer to reality,
Of course the value of the option to tap any particular phone line
presumably varies a great deal from the average value. But unless the
police can somehow pay only for the option to wiretap particular phone
lines of its choosing, it is the average value that matters for a
cost/benefit analysis.
WIRETAP COSTS
Let us for the moment optimistically assume that the U.S. government
encryption scheme used in the wiretap chip is as secure as whatever private
enterprise would have offered instead, protecting our conversations from
the spying ears of neighbors, corporations, and governments, both foreign
and domestic. Even so, the use of this chip, and of other policies to
support wiretaps, would create many additional costs to build and maintain
our communication system.
Some phone companies must have perceived a non-trivial cost in continuing
to support wiretaps while moving to digital phone transmissions, even when
compared to the widely recognized value of staying on the good side of the
police. Otherwise the police would not have complained of "instances in
which court orders authorizing the interception of communications have not
been fulfilled because of technical limitations within particular
telecommunications networks" [1].
The wiretap chip requires extra law enforcement fields to be added to phone
transmissions, increasing traffic by some unknown percentage. A special
secure process must be used to add encryption keys to chips, while securely
distributing these keys to special agencies, which must be funded and
monitored. The chips themselves are manufactured through a special process
so that the chip becomes nearly impossible to take apart, and the pool of
those who can compete to design better implementations is severely limited.
Private encryption systems not supporting wiretaps would require none of
these extra costs.
Perhaps most important, government decree would at least partially replace
private marketplace evolution of standards for how voice is to be
represented, encrypted, and exchanged in our future phones. It is widely
believed that governments are less efficient than private enterprise in
procuring products and standards, though they may perhaps perform a useful
brokering role when we choose between competing private standards. How
much less efficient is a matter of debate, some say they pay twice as much,
while others might say they pay only 10% more.
This type of wiretap support also raises costs by preventing full use of a
global market for telephone systems. It pushes certain domestic phone
standards, which foreign countries may not adopt, and requires the use of
encryption methods known only to our government, which foreign countries
are quite unlikely to adopt.
In 1990, 53 U.S. phone companies had total revenues of $117.7 billion for
domestic calls, $4.4 billion for overseas calls, and $4.5 billion for
cellular calls [6], for a total cost of $126.6 billion dollars to run the
phone system, and an average monthly phone bill of $76.45 per line. If we
generously assume that police and spies would on average be willing to
pay four times as much as the ~$60 million they now spent on wiretaps
annually, we find that wiretaps are not cost effective if we must raise
phone costs by as much as one part in 700 to preserve wiretap abilities in
the face of technological change. The twelve cents per line wiretap option
value must be compared with an average seventy dollar monthly phone bill.
(If we assume that police would only pay twice as much on average, then
this limit falls to one part in 2000!)
Dorothy Denning relays FBI claims that $300 million is the maximum
cumulative development cost "for a switch-based software solution" so that
phone companies can continue to support wiretaps [7]. Denning does not,
however, say how long this solution would be good for, nor what the
software maintenance and extra operating costs would be. And again this is
a figure which the FBI itself has neither revealed nor explained to the
public. If we use a standard estimate that software maintenance typically
costs twice as much as development [10], and accept this FBI estimate, then
this extra software cost would be by itself five times the above generous
estimate of annual wiretap benefits.
The current government contractor claims it will offer the wiretap chips
for about $26 each in lots of 10,000 [2], over twice the $10 each a
competing private developer claims it would charge [11] for a chip with
comparable functionality, minus wiretap support. And the wiretap chip
price probably doesn't reflect the full cost of government funded NSA
research to develop it. If only one phone (or answering machine) is
replaced per phone line every five years, the extra cost for these chips
alone comes out to over 27 cents extra a month per line, or by itself more
than two times a twelve cent estimated wiretap option value. Of course
most phones wouldn't have encryption chips for a while, but the wiretap
benefit is per phone, so this argument still applies.
COMPARING BENEFITS AND COSTS
Given the dramatic difference between the total cost of running the phone
system and an estimated social value of wiretaps, we can justify only the
slightest modification of the phone system to accommodate wiretaps. When
the only modification required was to allow investigators in to attach
clips to phone wires, wiretap support may have been reasonable. But when
considering more substantial modification, the burden of proof is clearly
on those proposing such modification to show how the costs would really be
less than the benefits. This is especially true if we consider the costs
neglected above, of invasions of the privacy of innocents, and the risk
that future administrations will not act in good faith [3].
If consensus cannot be obtained on the relative costs and benefits of
wiretaps, we might do better to focus on structuring incentives so that
people will want to make the right choices, whatever those might be.
Regarding phone company support for wiretaps, it seems clear that if
wiretaps are in fact cost-effective, there must be some price per wiretap
so that police would be willing to pay for wiretaps, and phone companies
would be willing to support them. As long as the current law requiring
police to pay phone company "expenses" is interpreted liberally enough, the
market should provide wiretaps, if they are valuable.
Monopoly market power of phone companies, or of police, might be an issue,
but if we must legislate to deal with monopoly here, why not do so the same
way we deal with monopoly elsewhere, such as through price regulation?
Legislating the price to be zero, however, as the FBI bill seems to
propose, seems hard to justify. And having each police agency pay for
wiretaps, rather than all phone companies, seems fairer to states, such as
California and Illinois, which do not allow wiretaps.
Regarding encryption chips, recall that without legislation outlawing
private encryption, serious criminals would not be affected. In this case,
it does not seem unreasonable to allow phone companies to offer discounts
to their customers who buy phones supporting wiretaps, and thereby help
that phone company sell wiretaps to police. Each phone user could then
decide if this discount was worth buying a more expensive phone chip, and
risking possible unlawful invasions of their privacy. Adverse selection,
however, might make privacy lovers pay more than they would in an ideal
world.
If outlawing private encryption is seriously considered, then we might do
better to instead just declare an extra punishment for crimes committed
with the aid of strong encryption, similar to current extra punishments for
using a gun, crossing state lines, or conspiring with several other people.
As in these other situations, a higher punishment compensates for lower
probabilities of convicting such crimes, and for higher enforcement costs,
while still allowing individual tradeoffs regarding wiretap support.
If, as seems quite possible, the stringent cost requirements described here
for preserving wiretap abilities cannot be met, then we should accept that
history has passed the economical wiretap by. Police functioned before
1968, and would function again after wiretaps.
[1] ftp: ftp.eff.org /pub/EFF/legislation/new-fbi-wiretap-bill
/pub/EFF/legal-issues/eff-fbi-analysis
[2] Clipper Chip Technology, ftp: csrc.ncsl.nist.gov /pub/nistnews/clip.txt
[3] Alexander Charns, Cloak and Gavel, FBI Wiretaps, Bugs, Informers, and
the Supreme Court, Univ. Ill. Press, Chicago, 1992.
[4] Headrick, The Invisible Weapon, Oxford Univ. Press, 1991.
[5] Report on Applications for Orders Authorizing or Approving the
Interception of Wire, Oral, or Electronic Communications, 1990,
Administrative Office of U.S. Courts, Washington, DC 20544.
[6] Statistical Abstract of the United States, 1992.
[7] Dorothy Denning, "To Tap Or Not To Tap", Comm. of the ACM, March 1993.
[8] Richard Posner, Economic Analysis of Law, 4th Ed., 1992, Chapter 22.
[9] Report of the National Commission for the Review of Federal and State
Laws Relating to Wiretapping and Electronic Surveillance, Washington,
1976.
[10] Barry Boehm, Software Engineering Economics, Prentice Hall, 1981.
[11] conversation with Steven Bryen, representative of Secure
Communications Technology, 301-588-2200, April 25, 1993.
--
Robin Hanson hanson@ptolemy.arc.nasa.gov
415-604-3361 MS-269-2, NASA Ames Research Center, Moffett Field, CA 94035
510-651-7483 47164 Male Terrace, Fremont, CA 94539-7921
Reference in New Issue View Git Blame Copy Permalink