Re: a cryptographic deal with the devil

[George A. Gleason <gg@well.sf.ca.us>]

Re. the digital wiretapping "compromise."  As a telecom professional I
absolutely resent and will resist any attempts to mandate backdoors into my
PBXs.  No compromise on that.  Period.  We've all heard the arguements many
times: vast surveillance power, diminution of privacy, potential major
security problems...  

I'd like to suggest something of a compromise which doesn't have these
risks.  Common carriers (local and long distance telcos) are currently
required to provide access to line terminals when presented with a court
order for a wiretap.  This access could reasonably be extended to requiring
the telco to connect a demultiplexer in the case of digital transmission, or
some kind of appropriate signal splitter in the case of fiber optics.  The
agency requesting the tap would of course pay the bill for materials and
labor.  Now this gets law enforcement their demultiplexed signal path so
they can tap only the intended target line, but it preserves the existing
structure which prevents law enforcement "hacking," since no backdoors would
be involved. 

For PBXs (this is my department), a slightly distasteful but acceptable
compromise would be to have interconnect companies (the folks who install
your PBX or key system) register with the local operating telcos, providing
the interconnect company's name and contact information on the telco record
for each subscriber.  So for instance, General Widgets has XYZ Telecom
install a new PBX; XYZ Telecom is required to inform the local operating
company that they have just acquired General Widgets as a client. Now if a
law enforcement agency gets a court order for a tap, they go to the local
telco and ask who the interconnect company is for that subscriber.  (We're
talking here about a scenario in which one or a small number of extensions
in a phone system are believed to be used for criminal purposes, so law
enforcement has to tap those extensions only and not everyone who is on that
phone system.)  Now law enforcement visits the interconnect company and
presents them with the court order, which requires the interconnect company
to provide access to the line terminals of the suspect extension(s), and/or
provide a demultiplexer etc. if needed (at law enforcement's expense of
course)... and of course, under penalty of contempt of court, refrain from
disclosing the situation to the client.  

Now this gets law enforcement their legitimately needed access to suspect
extensions on PBXs, prevents interconnect companies from blowing the whistle
to their clients, and still preserves privacy protections since there is no
backdoor into the system.  

Now here is why I think the FBI wants backdoors:  Recall that under the "war
on drugs" etc., a ruling was handed down (I can't recall which branch of
govt originated this) which says that a wiretap may be conducted for up to
72 hours for "investigational purposes" without a court order; and the
material recorded may then be used to go and get a court order for a
continuing wiretap.  This places authority in the hands of law enforcement
agencies to conduct taps any time they suspect someone of something, and
then go see the judge after the fact.  Now without backdoors, law
enforcement has to depend on the goodwill of telcos to get access, and is
kind of stuck when it comes to PBXs and key systems.  I'm willing to bet
there is a pretty substantial amount of "investigational" tapping going on,
and that the FBI is interested in vastly expanding it.  The compromises I'm
proposing don't address this investigational tapping, and that's just fine,
since that ought to be challenged in court or defeated one way or another.

-gg@well