The State of Surveillance

Christopher SoghoianCenter for Cybersecurity Research

Indiana University

The state of surveillance(law enforcement)

Wiretaps in the US

• Real-time interception of communications content.

• Includes– Voice communications– Text messages / IM– Network traffic (think: tcpdump)

• To get one, law enforcement must get a “super warrant”: probable cause +

The use of real-time, content intercepts (“wiretaps”) in the US continues to grow each year

'87'88'89'90'91'92'93'94'95'96'97'98'99'00'01'02'03'04'05'06'07'08'090

500

1000

1500

2000

2500

Intercept orders granted between 1987 and 2009

Total intercepts authorized Federal intercepts authorized

Drugs are bad

(If you value your privacy)

'99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '090

500

1000

1500

2000

2500

Major offense specified in intercept order:Narcotics vs all other crimes

Narcotics All other crimes

If you are going to break the law, and don’t want to be wiretapped, stick with something safer…

Like murder, bribery, or extortion

Major offense specified in intercept orders (2009)

Arson, explosives, and weapons 18Bribery 2Extortion (includes usury and loan-sharking) 3Gambling 35Homicide and assault 82Larceny and theft 35Narcotics 2,046Robbery and burglary 9Racketeering 61Other or unspecified 85   Total 2376

Phone surveillance increases each year, while other forms all decline

(due to more intercepts by states,not the federal government)

'97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '090

500

1000

1500

2000

2500

Types of intercept orders(1997 - 2009)

Total Phone Intercept Orders Federal Phone Intercept OrdersTotal Electronic Intercept Orders Federal Electronic Intercept OrdersTotal Combined Intercept Orders Federal Combined Intercept Orders

In 2009, 95% of all intercept orders were for a portable device

'00 '01 '02 '03 '04 '05 '06 '07 '08 '090

500

1000

1500

2000

2500

Location of authorized intercept orders(2000 - 2009)

Personal residence Business Portable device

Electronic intercept orders used to be significant in number…..

'97 '98 '99 '00 '01 '02 '03 '04 '05 '06 '07 '08 '090

100

200

300

400

500

600

700

800

Electronic and Combined Intercept Orders(1997 - 2009)

Total Electronic Intercept Orders Federal Electronic Intercept OrdersTotal Combined Intercept Orders Federal Combined Intercept Orders

But have plunged over the past few years….

To less than 5 per year.

'04 '05 '06 '07 '08 '090

5

10

15

20

25

30

35

40

Electronic Intercept Orders(2004 - 2009)

Total Electronic Intercept Orders Federal Electronic Intercept Orders

What happened?

Network Wiretaps?

• Law enforcement agencies are simply not performing real-time data network intercepts of communications content.

• These stats do not cover FISA / intel agencies, who almost certainly are.

• Law enforcement are instead relying on access to stored communications (cheaper, easier, etc).

• Why tap your ISP in real-time when your email provider will readily give up the files later?