In Wiretapping and Cryptography Today Matt Blaze looks at the latest 2010 U.S. Wiretap Report and discusses why, despite all the predictions of doom we heard about strong crypto 15 years ago, in fact crypto has basically no effect at all on law enforcement ability to pursue an ever-increasing number of wiretaps:
the latest wiretap report identifies a total of just six (out of 3194) cases in which encryption was encountered, and that prevented recovery of evidence a grand total of … (drumroll) … zero times. Not once. Previous wiretap reports have indicated similarly minuscule numbers.
What’s going on here? Shouldn’t all this encryption be affecting government eavesdroppers at least a little bit more than the wiretap report suggests? Do the police know something about cryptanalysis that the rest of us don’t, enabling them to effortlessly decrypt criminal messages in real time without batting an eye? Is AES (the federally-approved algorithm that won an open international competition for a new standard block cipher in 2001) part of an elaborate conspiracy to lull us into a sense of complacency while enabling the government to secretly spy on us? Perhaps, but the likely truth is far less exciting, and ultimately, probably more comforting.
The answer is that faced with encryption, capable investigators in federal and local law enforcement have done what they have always done when new technology comes around: they’ve adapted their methods in order to get their work done.
Remember this the next time an earnest government official explains why they just have to store all your online communications for a couple of years.