Comments on: Quick Quiz on Risk

By: Chandler Howell

Chandler Howell — Fri, 02 Dec 2005 22:06:53 +0000

If you want to start tap-blocking every phone call you send or receive, then you’re by definition increasing the expected rate of occurrence of a wiretap being blocked. Since the number of wiretaps is greater than zero, any blocking increases the risk of a tap being blocked by definition.

The more interesting question is, “What is the increase in the risk that information relevant to the warrant which granted the wiretap will now be missed?” This requires a lot more data and assumpions than I’m going to get into at this time.

Also, I still want to know why, if the target doesn’t believe their line might be bugged, we would expect them to be mitigating the risk?

From a pure Risk Management perspective, implementing a countermeasure if you don’t believe there is a threat is irrational behavior since the assessed risk would be zero.

By: Pete

Pete — Thu, 01 Dec 2005 23:38:33 +0000

@Chandler -

A good point, but what about the case where the target doesn’t believe the line is bugged, but it actually is (presumably the case with ALL successful wiretaps)? Since it is a simple protection mechanism for targets, there is no reason not to send the signal during all conversations.

By: Chandler Howell

Chandler Howell — Thu, 01 Dec 2005 23:19:11 +0000

While I already posted my own opinion about this paper, I didn’t answer that question exactly.

I’d say the risk is the same in your case because if a wiretap target believes their line is bugged, they will avoid the wiretap risk, not mitigate it by exploiting vulnerabilities in the wiretap system.