FBI Bugs Keyboard of PGP-Using Alleged Mafioso

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

I'm a victim; "erotic training" is a vicious lie

Logic alone tells us that some so-called 'freedoms' are mutually exclusive. Under your system, I was denied the freedom to grow up sexually at my own pace. Thanks to some brain-dead jackass like yourself who thought I needed 'erotic training' as a child, I'm now a 30-year-old virgin being treated for sexphobia.

Thank you very much. Please extend my thanks to the pedo community on behalf of all us victims.

BTW, the illogic in your statements is frightening:

• Being a member of a minority group doesn't automatically make you normal, whether you're pedo, Neo-Nazi, or worship Godzilla.
• You're projecting your repression onto us. We don't think sex is 'inherently harmful' as you put it.
• Don't confuse a subset with a superset. I would never (as you suggest) misuse the word 'pedophile' to mean a rapist or murderer, but I could easily use 'rapist' or 'murderer' to describe specific pedophiles.
• Sexual contact with adults is neither the only way, nor the healthiest way, to educate children about sex.

I'd like to believe you're just pathetically misguided, but we both know better. Pedo organizations work hard to pollute the public discourse on sex. Thanks for giving the Slashdot crowd a valuable example of the tradeoffs of free speech. While you're at it, why not make Mein Kampf required reading for all fourth graders.

Re:Get worked up!

> It's a flipping shopping list. Who cares?

> This is America! You aren't going to be persecuted for harboring seditious ideas.

> Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Which America are you living in? 'Cause in my America, prosecutors use purchases of serial cables as evidence in hacker trials, and police crack down on every major public demonstration to prevent people from expressing views the government doesn't want to hear.

It's naive to say that if you haven't done anything illegal, you don't have anything to worry about. Even if you're innocent, having to defend yourself against accusations in court can cause you tremendous emotional trauma, disrupt your personal and work life, and cripple you financially with legal expenses.

Re:What's wrong with pictures of children???

"I'd also agree that there's no such thing as a consenting child."

Ah. Having been a minor not so long ago, I am quite familiar with the 'rights are only for adults' meme.

What would you suggest as an age of consent?

er..

okay, so they bugged suspected criminals.

how is this wrong?

Re:er..

[Troy+Roberts]

Because they did not have to get the same sorts of permissions from the Justice Department as they would have had to get for a wire tap. But in essence they did the same thing as a wire tap, however, the wire tap laws only cover voice communications.

The point is that they can bug your computer much easier than they can bug your phone.

Should this be true?

Re:er..

[Martin+Blank]

Your sneakernet idea, while a good one, works off of the assumption that the devices will always transmit their information through the Internet. It would be trivial to create a bug (assuming they don't already exist) that would broadcast at a very low power level using the power feed from the keyboard to a car or van a hundred meters or so away. It could broadcast whenever the keyboard is used, or be scheduled for a particular time when the suspect is not likely to be using the system, depending on if the computer stays on all the time or not.

Re:er..

[wljones]

Increasing FBI monitoring powers is wrong because the court that hears wiretapping requests always agrees with the FBI that a suspected criminal is anyone the FBI says is suspect. Meanwhile, protecting yourself from the keyboard monitor is trivial. Never type anything critical on a computer electrically connected to anything else. Need to communicate? Use sneakernet to carry a disk with the encrypted message to a computer that is connected. Think you need more protection? Have a nice day.

Re:er..

[Kwikymart]

Well, that is a huge problem. When a judge or somebody gives the ok for a search warrant (ie, sneak in) he may not understand all the circumstances. Face it, judges probably know dick all about what is right or wrong on the internet. All they can do is horribly apply what they know to each circumstance they come upon. I wouldnt be suprised if they just start handing out search warrants left and right just because they dont understand what they are really doing.

eg1 )

FBI wants a search warrant. They tell the judge the current situation that Mr. S. Kiddie was found talking about hacking utils that were used in some major .com corporation crack . The judge would then authorize the search warrant because there is reasonable and probable grounds that he was the one that did.

How is this different from being suspected to have a gun that matches the description / make of the one that shot some guy? This person probably linked somewhat to the case, say, a neighbour or friend of the family? How, from a judges perspective, is this different from having the weapon "cracking util", and the link to the case "being one of those pesky internet hackers".

When a judge applies his knowlege and the constitution to something that was complety foreign during the time its conseption, there is bound to be a disrepencies here or there. Its simply just another situation where law is being misapplied to something that it was never thought to be under the juristiction at the time.

(excuse me bad speling plus gramar)

This is terrific news

as it considerably weakens the age-old argument against encryption for the masses (or for some sort of key-escrow solution). By proving capable of being able to monitor encrypted communications via traditional bugs, the FBI loses its strongest argument. Why should this scare us? The technology is there -- we all knew that. What it means, however, is that the would-be spy has to either get a trojan onto the system or physically break-in to the home and install the bug or monitoring software. This is the purview of law enforcement and not something I expect some random kid down the street to do if he feels like snooping my love-letters to ms. jones. Since physical access to a home is well-covered in existing law (ie. you need a warrant) there is no concern of information-age abuse via sniffers (carnivore) and other internet-based spying just because we don't have any directly applicable laws to stop them. Perhaps in the not-too-distant future all of our communications will be (adequately) encrypted with the cops having to resort to traditional cloak-and-dagger stuff (ie. planting bugs, as in this case) and traffic analyses.

Steganography

By having obviously encrypted data, you're asking for trouble. This is why god invented steganography. 8^) Incidentally, there are a number of online banks that use keyboard entry for passwords, Barclays in the UK being one of them. This of course is stupid since keystroke logging trojans will be rife soon, if they're not already. Combined with the Wonders of International Telegraphic Transfers... 8^) The National Australia bank uses Java apps where you have to enter the password using the mouse and an image of a keypad. Some even banks move the buttons randomly around on the screen so that you can't even get the password if you're logging the mouse! (St George bank in Australia used to do this, but presumably they stopped because people thought it was a pain in the arse.) If you read the Health Warning on PGP, you would have a good idea about what the vulnerabilities of encryption in general are: - the key logging trojan, - radio emissions attack, - the Back Orifice screen grabbing attack, - the password-on-a-PostIt-note attack, - the peek-over-the-shoulder attack, - the gun-to-the-head attack. Actually, passwords, per se, are overrated. Once they're compromised, they're compromised. Things like RSA's SecureID are a better way of doing remote access at least. (Yes, I know the secret key is still vulnerable.) The moral of the story is this: Faced with a determined and intelligent adversary, getting your privacy better than pretty good is pretty hard.

Why not?

Carnivore is dangerous, because it's a cost effective method for spying on millions of people.

But I have absolutely no objects to bugging a keyboard (as long as it's lawfully). Bugging a keyboard this way requires actual physical entry and installation, which is just not possible to do cost-effectively on a large scale. Alas, bugging keyboards doesn't really have the potential of making entire countries thoroughly monitored police states, orwellian style.

Carnivore is really dangerous to the future of democracy, the right to free personal communicatiuon and our future society. Bugging keyboards is just a new way of doing old fashion police work.

Not a bad idea...

Keeping the laptop in a good safe while I'm not using it...those FBI pukes can sweat a few hours trying to break in, wondering how long till I get back...other ideas:

1) Pinhole security cameras in the computer room, I check the tape when I get home, and

2) OpenBSD, tripwire, file hashes on CDRom with my digital signature.

Note that all these security measures have side benefits. The safe helps prevent burglary (I lost a computer that way), the cameras help catch burglars, tripwire helps avoid viruses.

Re:(Not So) Easy Answer

When it is realized that 99.999 percent of decrypted information is fluff and noise, it'll be too much of an effort to process every bit of encrypted data.

And that is exactly the way the government does it. Go into the Pentagon, pick up something marked TOP SECRET and 9 times out of 10 you'll be like "What? I read this in the newspaper this morning!".

Consider a shredder that can handle top secret information. Let's say you have 1 page, and it shreds it into 1024 bits of paper. Great, so the agent now has to somehow piece together 1024 bits of paper. But consider if you had 9 other pieces of paper, also labelled "TOP SECRET" but not very secret at all. Shred those, and mix it in. All of a sudden the agent has 10240 bits of paper they have to sort out - an order of magnitude of difficulty.

Then there's a matter of leaks. It's expected that out of 1/30 people that have secret+ clearance, 1/1000 will breach the security for any given reason. Now, if everything designated was of utter importance, there's still a good chance something devastating to national security might be revealed. Throw in 99% fluff though, and you are cutting your chances significantly again.

Re:What's wrong with pictures of children???

I am a member of a minority sexual orientation

You mispelled "perverse".

Re:Calm Down!

> The FBI clearly explains they want the warrant to get the guy's password, not so they can read his love notes.
> This is no different than the FBI drilling the lock to a safety deposit box with a search warrant, if you ask me.

If he's using PGP, then yes, it is quite different. A passphrase does more than just allow someone to decrypt messages. It establishes their identity in messages that they sign and send to others. If the FBI can install a keystroke logger on his computer, then they can grab the private keyring as well--and from there, they can impersonate him.

This could might end up being their undoing--IANAL, but it seems to me that simply possessing the passphrase makes it tainted evidence. Since the suspect is no longer the only person who knows it, from that point on, it can't be proven that any message signed with his private key and passphrase actually came from him. But the possibility of overzealous law enforcement agents manufacturing evidence still worries me.

Re:What's wrong with pictures of children???

> A pedophile, who has sex with a child, is having sex with someone who is far too immature to understand what is going on. Having sex with someone who is too young to know what is happening is quite clearly rape.

Indeed it is. I also wouldn't call this a pedophile. rape isn't love. this is a pedosexual which is something entirely different. a pedophile, just about by definition, does NOT have sex with kids. I don't agree with the original poster's opinion that your kid is better off with a pedosexual, but some of it did make sense. pedophiles arent bad, as long as they don't cross the line of love and rape.

Re:You are naive.

No, not true.

Re:What's wrong with pictures of children???

you are a criminal, ergo there is a high degree of likelyhood you are a linux user. You are the third pedophile linux user I have met this week, and I only met 3, therefore all linux users are criminals and pedophiles.

I think you should be effectively castrated by the directed application of hot grits.

to be more precise...

[mosch]

If you increase the numismatic value, the fine is up to $2000, and the jail term is up to 5 years.

--
"Don't trolls get tired?"

Re: but...

[The+Rizz]

Now I realize that this is a complete keyboard, but surely the FBI can reproduce the same type of hardware-based logging mechanism that this thing uses

Actually, if you look at the article that story references, you'll see this picture halfway down the page. That little tiny thing is the actual device, and something that size could be easily planted inside a computer.

Now, open up your keyboard and look inside it - basically, there's a small circuit board in there that has a little 4-wire plug (a lot like floppy drive power plugs) to connect the cord from your motherboard to. If you had one of these recording devices made to just plug into that spot, and then an output plug to connect the original cord to, you could probably plant this bug inside the keyboard in under 2 minutes. Undo the 8-10 screws holding the keyboard together, open up, swap a few plugs, screw back together.

Heck, even if they scraped the underside of your keyboard up a bit, or had to remove a label to get at one of the screws you'd probably never notice. How often do you look at the underside of your keyboard?

Are you sure you haven't been bugged already?

...just a thought...

--The Rizz

"Democracy is a form of government that substitutes election by the incompetent many for appointment by the corrupt few." --G. B. Shaw

To ensure a bug free lifestyle...

[Jeremy+Erwin]

I'm going to start weighing my keyboards on a regular basis.

Re:Calm Down!

[psychosis]

They could obtain the right to tap your keyboard - IF they showed a judge a legal need to do so. So, in this case, the fact that he had a slew of files on his system that they had a "reasonable degree of certainty" were directly related to his bookkeeping activities was enough to prove to the judge that they should do what they could to gain access to those files. Not a whole lot different than getting a courn order authorizing law enforcement to make a wax-copy of a key to get into a safe suspected of holding evidence.

Re:Calm Down!

[psychosis]

Agree. Please realize that there is not a whole lot of difference here between a law enforcement agency putting a legal tap on your phone line at the switch, and putting a legal listening device in the room where the phone is. this way, if the suspect is using voice encryption, the tap is being performed BEFORE the encryption "layer".
And, for the conspiracy theorists out there, there is something called "INTELLIGENCE OVERSIGHT" that you should be very, very aware of. It prevents the collection of information that could be used for intelligence purposes on ANY U.S. CITIZEN without a legal judicial order to perform it for a specific purpose, between specific times, etc, etc. These things (as linked above) are pretty tough to get approved.
I'd be the first one to bring up Franklin's quote on having freedom vs. privacy, but, if you break the law with a car, you risk losing your driver's license; If you commit a crime and discuss it over the phone, you risk having a legal phone tap placed on your line; If you use computer software with predominantly benign uses (i.e. PGP) to hide evidence of criminal activity, you run the risk of losing that sheild to whatever means the law enforcement community can leverage without crossing the line of legality.
Realize that law enforcement has always had rights to mitigate a citizen's privacy AS LONG AS DUE PROCESS HAS BEEN FOLLOWED. This is an inherent requirement to do their job, and, knowing the restrictions placed on them, I think that almost all of the time that ethic is upheld. (There will always be screw-ups, but those responsible are held to their actions.)

Re:Okay-

[psychosis]

>>>>"The application for the authorization, submitted by Wigler, contended that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply."
>> Bullshit. The keystroke capturer is in the computer and the stuff is remotely downloaded to an FBI computer at a later time. Of course the original record lies in the keystroke capturer, but the copy or mirror is just as implicating.
Yep... Please realize that the supposition that the federal wiretap regulations were useless was made by the article author. The FBI DID get a wiretap order with a very specific intent - to bug the wires between his greasy fingers and the computer.
The way the author ran his quotes got pretty confusing, and I had to re-read it a few times to get it straight...

Re:There Has To Be A Way

[Oloryn]

If you're really that paranoid, carry a laptop, or at least carry your own keyboard with you.

Or set up a program of regular keyboard disposal and replacement.

Re:Transparent keyboards

[Oloryn]

Obviously I also need a transparent computer case and that could create EMC problems :-(.

Hence the pressing need for someone to finally really invent Transparent Aluminum.

Please consider the consequences.

[Coins]

In my opinion, a certain bit of a criminal element is good in any society. We might not like it, but they are generally pretty enterprising folk.

What makes a person a criminal though? Breaking a law. The problem that I see with these situations is that law is (especially in this case) a matter of perception. It isn't cut-and-dry and a good lawyer can usually find ways to bend the law one way or another.

What happens if we let the FBI get away with this sort of thing and then the following scenario takes place. What if some politician gets the bright idea that only dangerous "hackers" would be up all night at the keyboard? Just for an example. So he puts a rider into an otherwise healthy bill that gets passed making it reasonable cause for search and siezure if someone is up all night at their computer. Now, that person (probably harmless), is a criminal. He or she can be tapped.

At first glance this might seem a silly example, however the fact remains that just because something is a law doesn't mean it's right. Just because something is illegal doesn't mean it's wrong.

Let's take this one step further. Do I really want to let the FBI wiretap people essentially because the government is pissed about missing income? That is what this case is really coming down to. The Feds don't care if the crime families kill each other. They want to protect their income.

New Keyboards

[Coins]

So is there going to be a new booming market for translucent keyboards?

Re:Get worked up!

[Malor]

> Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

This is a very common -- and frighteningly stupid -- argument. Everyone has something to hide.

Do you want to conduct the rest of your life knowing that every single communication you ever send to anyone can be intercepted, taken out of context, and broadcast for the world to see?

Can you imagine anything more restrictive to free expression than the knowledge that you can never again keep any written thought private? If that doesn't scare you, that means you aren't creative and intelligent enough to come up with ideas that frighten the authorities.

Don't you realize that you are talking about thoughtcrime?

Re:Get worked up!

[Mawbid]

The main point of the article, as I see it, isn't that it's bad that logging keystrokes is permitted, but that it's bad that there aren't the same limitations to that permit as there are with regular taps and audio/video surveillance.

Geophile isn't making up the idea that there should be limits to how much of a suspect's communications the investigators can monitor. That idea is already encoded in law, only the law is interpreted by the FBI not to cover the logging of keystrokes.
--

Re:What's wrong with pictures of children???

[Mawbid]

I don't know about America, but in the UK fake pictures are just as illegal as real ones.

It's my understanding that it's the same in the US because there was a story on Slashdot way back about a "comic" strip featuring a child in sexual situations with adults and the artist was being charged with distribution of child pornography. You may be thinking "Serves him right, the sick bastard!", but it wasn't like that. He was himself abused sexually as a child and was expressing his pain through the strip. It was all very dark and angry. I don't remember it being stated explicitly in what country this happened so, this being Slashdot, it must have been the US.
--

Wrong! Wire tap requires justice department ...

[Troy+Roberts]

... approval. The FBI in this case got a search warrent, not at all the same as a wire tap.

All, they had to do was go to the county Judge and ask for a search warrent. County Judges are elected and may not even have a law degree. Besides it's the FBI, surely they wouldn't never do anything wrong or illegal?? Yeah! Right.

Re:There Has To Be A Way

[Seumas]

But I've encased the interior of my apartment in lead, and I never leave without putting on my foil suit! ;)
---
seumas.com

FBI's Behavioral Analysis Program

[AftanGustur]

Everybody is innocent until proved guilty.

But apparently the Bureau can legally trick you into comitting crimes.

FISA, the secret court.
--
Why pay for drugs when you can get Linux for free ?

Re:Calm Down!

[seichert]

Now, I know that a lot of people around here are going to go off and start screaming about having your rights violated, but the fact of the matter is that the FBI had a court order here! They had every right to tap this guy's computer.

To be clear , they met the constitutional requirement to search and or seize this man's property. To say they have "every right" is a bit strong as we do not know what this individual is suspected of. Perhaps he is guilty of circumventing the DMCA and this is yet another law that many do not believe in.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

Many laws are unjust. Many laws give government powers not allowed in the constitution. Making it harder for the FBI to enforce these laws sounds like a good idea to me. In doing so I will have to bare the risk that it makes it easier for real criminals (murders, rapists, thieves) to get away with their crimes. Remember that you are your first and last line of defense. Don't rely on the FBI or local police to protect you from violent criminals.

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

Honestly, the latter. I value my own rights and my own privacy over catching criminals. I believe there is a famous historical phrase about trading freedom for security (i.e. you will end up with neither if you do).
Stuart Eichert

Presumption.

[Lemmy+Caution]

The problem is that he isn't a mafia bookie (as if being a bookie was so horrible) until he's proven to be so. And he can't be proven to be so until there's evidence. And they got their evidence through tapping his keyboard without a wiretap authorization.

Maybe you're a pedophile. Maybe we should tap all your communications until we have confirmed that you are.

Wow.

[um...+Lucas]

I don't believe that people here are riled up about the FBI using their legal powers in the course of a criminal investigation. Oh no... They're circumventing the (growing) use of PGP. Sorry, but if they just sat back and ignored encrypted messages, soon that's all anyone would ever transmit, making it a real pain if not impossible to track down culprits.

Isn't this what everyone wanted? Rather than using Carnivore which could possible read every email and report on every web page coming down the wire, the FBI snuck into the suspects home, and bugged just his computer. That's a good thing, right? Because if it's shown that they can do that, it can be more clearly shown why they do not need a system like Carnivore. Carnivore's useless (as far as i know) as far as encrypted network traffic goes.

in the end, they "violated" one persons privacy rather than potentially violated everyone's privacy that happened to use the same ISP as him. Privacy laws can only go so far. And i think they should stop short of impeding criminal investigations...

Re:There Has To Be A Way

[Sloppy]

That isn't going to slow down the FBI or an industrial spy for more than a second or two. But it might work on your girlfriend who buys a logger off eBay so that she can read what you've been doing with your other girlfriend(s).

If, nothing else, I guess it gives you an excuse to try DVORAK. :-)

---

Re:This is GOOD news for crypto enthusiasts

[Sloppy]

Damn good argument! It looks like they just made Carnivore obsolete. If they're really investigating a crook, then it should be no problem to get a warrant to break into the guy's house and install loggers.

---

Re:Calm Down!

[HiThere]

You have more faith in judges than I do. Esp. after this last week, but in any case:

Assume that 99.9% of judges are honorable, honest, upright, vigilant protectors of the rights of the citizen. Do you really think that it will be one of those that gets asked for a warrant?

Caution: Now approaching the (technological) singularity.

Re:You call that a troll?????!!?

[HiThere]

Well, judging by the language I would call it a troll. But I would also agree with giving a a score of 5.

Caution: Now approaching the (technological) singularity.

Re:My defense might be...

[Felinoid]

>My grandma can install and use RedHat!

Solarus advocates clame Linux is easy.. Not for profesionals....
Windows advocates clame Linux is hard... takes an expert to install...
Wrong both times...

Linux is easy to install and has a bit of a learnning curve but it's not that bad.
(Just enough so you honnestly can not call Linux user friendly)

Windows is painful to install but the avrage user never notices becouse Windows comes preinstalled.
Just buy a computer with Linux preinstalled..

A profesional uses the best tool for the job.
That could be Windows or it could be Linux.

Attacking someone becouse they don't do what you'd have them do is unprofesional.

In a day and age when a person can have a 6 pack of certificates and call themselfs an expert.. You are going to have some "experts" who don't know dick.
Once you have some experence you know better than to just attack someone for picking Windows or Linux.
My own personal objection to Windows isn't for the people who pick it for themselfs. Hay good luck enjoy...
It's for the people who pick it for ME...
And hay.. that gose for Linux, Solarus or any operating system.. Don't tell me I gotta run what ever software YOU like. I'll pick my own software ThankYouVeryMuch...

Re:Get worked up!

[Felinoid]

The FBI did once cease computers based soly on the fact that they had modems attached. They got warents from judges who were not familure with technology and would issue warents ignorence.
(A judge should NEVER issue a warent if he dosn't understand the request)

After a while of this Lotus and other companys helpped users sue to get equipment back based on the notion that the FBI is holding the cases open just so they can keep the equipment and for no other reason.

As I understand it the FBI was of the addatude that computers should be illegal for individuals as personal computers have no legal function.

On the radio a fedral law enforcment agent accually said he thinks anyone who supports legalising controlled substences (drugs) is clearly a drug addict and should be searched.

Clearly the FBI isn't above passing judgment based on some really flimsy notions...

It shouldn't matter.. The FBI is in the side of gathering proof etc...

On a side note... they got a warent...

I'd like to add that bugging my computer with software isn't much diffrent than stuffing a bug up my butt...
It interfears with my computer and most likely my computer interfears with it...

Re:Get worked up!

[Felinoid]

> How expensive is it for the FBI to enter your home, place a physical tap on your computer, and monitor it for months?

Very...
> How likely is it that they will be tapping people for no good reason?
Very...

The key words being "good reason" they have plenty of really lame reasons...
They are in the busness of being paranoid... So they get parnaoid..

Thats why it takes a cort order to get a tap...

Re:Get worked up!

[Felinoid]

Note.. replys not in order... sorry..

> It's a flipping shopping list. Who cares?

They don't.. I do... I don't exactly advertise how much hydrogen peroxide I go through in a month.
It's personal.. there isn't much than can be infered by it.. but I don't want someone reading that and discovering my strange querks...

Maybe I clean the house with isopropyl.. do I want some stranger knowing that?
That runs into some basic notions of privacy... I don't care if it never gets me in truble.. I don't want some stranger giggling over my shopping list..

> This is America! You aren't going to be persecuted for harboring seditious ideas.
Study history... 1950s.. the red mennace...
You can be persecuted for the APPERENCE of harboring seditious ideas...

>Well, now, that could be libelous... but again, if you don't acutally publish it, you're perfectly safe.

Not really.. people have sued for similer..
All it has to do is exist.. future publication can be assumed...

>Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

You have a computer and a modem.. you gotta be planning something criminall....
This was the whole basis of an operation where many computers were ceased.
No arrests were made as far as I know but the computers were ceased anyway and the FBI had to be sue before they'd return them.

>Read the Fscking article, man! They did respect the 4th amendment. They had a court order!

You got him on that one....

Be affrade

[Felinoid]

> The scary thing is you might actually be serious. If so, I'm dumbfounded at that level of total ignorance of history. Please say you were just trolling!

I think he is sereous...
Be affrade.. people really are that ignorent of history...

Could they do this with Linux?

[Felinoid]

Now wait let me claify.. Can they do this on Linux TODAY..

Can they do this on Linux ever? Hell yes.. Not that hard.

But fedral government agentcys tend to use existing commertal software. For keyboard watching that means Windows. Not Mac, not Linux, Not OS/2, Not Solarus, Not HackMeNowSeeMyKeys Os... It's not how easy it can be done that matters. It's the availability of commertal software to do the job.

That is one reason why there should allways be a subversive operating system. Linux is getting up there so support BSD, BeOS and AtheOs. The more subversives the better. Eventually there WILL be a key sniffer for Linux.. but I don't see one comming for AtheOs any time soon.

Yeah they can slip a chip into the keyboard... I'm not worryed.. I buy $9 keyboards for a reason... Hmm this ones about ready.. no wait.. I think it has a few weeks left in it... maybe a month.. cool... Thats longer than my LAST keyboard...

Re:My defense might be...

[Felinoid]

My Slashdot password is:
"The bomb shall be placed in the park"
My Zkey pasword is:
"Assult at noon"
My personal password involves illegal acts of violence apon a female body that are honnestly best left unpublished...

Not really becouse I'm not stupid enough to publish my passwords.. but they'd make quite effective passwords...
They'd also look pritty incriminating on a key logger..

Re:This is GOOD news for crypto enthusiasts

[Daffy+Duck]

Well I can't hope to make a contribution nearly as large as yours, but let me point out that Carnivore has roughly the same justification - that they need to have taps built in to the infrastructure because they're afraid they can't do email surveillance the old fashioned way at the endpoints.

Re:Please Read "Why You Should Use Encryption"

[nd]

You don't have to keep your private key on the hard drive. Someone who gets your passphrase shouldn't necessarily be able to decrypt your stuff.

Re:Another great reason to use.... Dvorak

[wemmick]

So the FBI would look at the garbled text... and probably immediately try a simple monoalphabetic cipher attack on it.

I don't think you'd gain much.

Now, consider the benefits of using emacs with lots of C-a, M-x dired, C-x b, etc. thrown in. That could throw them for a loop!

--

Re:Get worked up!

[Zwack]

Hmmm... You missed out Government book burnings...

What, I hear you cry, the government doesn't burn books...

Well, in 1957 the American Medical Association campaigned against Wilhelm Reich... A scientist with some VERY strange ideas... The end result was that the FDA burned his published research and arrested him...

Not what I would call "the cut and thrust of scientific debate"...

While I may or may not agree with what Reich said, I do not believe that arresting him and burning his books is a valid scientific argument.

I guess his rights to free speech didn't count.

Adam/Zwack

It was WWII, not WWI was :Get worked up!

[Large+Green+Mallard]

This was after WW2, but specifically after the Korean war. The Korean war showed that China had nuclear capabilities, which were obtained by spying on the USA.

And yes, I know that the korean war hasn't officially ended yet :)

Re:It was WWII, not WWI was :Get worked up!

[shyster]

There was no Korean War. It was just a Conflict and/or Police Action. (That way, Congress doesn't have to approve it)

Re:It was WWII, not WWI was :Get worked up!

[tom's+a-cold]

Internment of Japanese and Italian Americans was during WW2, not after. They interned some Americans of German origin during WWI too.

And Abraham Lincoln suspended parts of the constitution during the Civil War. I recall habeas corpus was one part.

There's a lot of danger in assuming that the Constitution is some kind of sacred text with magical powers. It only protects you as long as there are competing power centers within government, with uncorrelated interests. When they all agree (for instance, in a time of wartime panic or other mass hysteria), your rights are very likely to be trampled for the "greater good." And getting things back to normal later is not easy: look at how long it took for the government to give even a half-assed apology for what they did to Japanese-Americans. Incidentally, when the "enemy aliens" were interned, their property was sold off. Much of it was farmland that wound up being owned by commercial rivals. Look closely enough at bizarre government actions, and you'll find someone making a buck.

Now consider scenarios in our time in which the government enforces the law to support the "rights" of large corporate interests against individuals. Laws forbidding circumvention of copy protection spring to mind. Bureaucracies can only grow by expanding their role. The FBI is a bureaucracy. This is an instance where it could be argued that there is a high level of criminal activity, therefore, more agents are needed and more intrusive enforcement techniques are called for.

Think they won't do it just because it's unenforceable and a bad idea? Remember, this is the same system that brought you prohibition. Which, incidentally, also helped the FBI grow, notwithstanding the side-effect of massively increasing organized crime.

Re:You are naive.

[cornjones]

wow!!!
what a brilliantly argued point!!!

Re:What's wrong with pictures of children???

[nmarshall]

damn, /. needs a "+1 werd but rational" mod rating...

i could of moded you up, but your off topic...

while i will support your right to think as you do.but as an parent i wish here in the US ppl were more open to help those that need it. and yes as a parent i think you could use some help, but only if you what not to be that what you say you are.

IMHO ppl need sex bots, thus we all will be "saved" from harming others.

also PLEASE tell the other pedophile, homosexuals, etc, to STOP posting there pics in my usenet group! if i was looking for sex.with.young.chicks i would look there not in
alt.sex.cthulhu
not that i read alt.sex.cthulhu

much...


nmarshall

The law is that which it boldly asserted and plausibly maintained..

LAW ENFORCEMENT not bodyguards...

[7dragon]

You're being sarcastic....right?

Catching people who harm other people is not the purpose of LAW ENFORCEMENT.

Communities should do the job of protecting each other from the predators in the community. Which means:

1. You can't stick your head in the sand when you hear your neighbor beating the wife and kids (or husband and kids where the case may be)

2. If the harm being done is caused by a friend or realtive and you don't find some way to call it out, then you're part of the problem.

3. Having been compliant with 1 or 2. Law Enforcement mops up the resulting mess when there is clear evidence that Lawa have been broken.

(a) Make sure you have evidence of legal malfeasance
(b) Make sure that you are a credible witness.
(c) Watch your ass.

4. The LAW ENFORCEMENT community are not public bodyguards. Learn to cover your ass and your neighbor's. Otherwise, welcome to Brazil! c. 1984.

Re:There Has To Be A Way

[Snowfox]

There has to be a way to implement some manner of encryption between the keyboard and the OS, in which the keyboard mapping is jumbled and re-constructed via a random mapping once it reaches the OS. I'm no hardware expert but I would think some sort of device could act as an interface which the keyboard plugs into. Add some software to the PC and there you go.

If you're really that paranoid, carry a laptop, or at least carry your own keyboard with you. You could easily slip a Pfuca Happy Hacker keyboard in your briefcase.

This is worrysome.

[ff]

I think we should be fighting against any kind of grab for more rights that government agencies attempt.

More often than not, their interests are diametrically opposed to that of decent, freedom-loving people.

Isn't this illegal already?

[HerrNewton]

I thought search warrants had to be explicit in exactly what is being searched and possibly seized. Here, like Carnivore, it seems that a copy of everything is being seized. Like the article says, yea they'll get stuff on illegal gambling, but they'll also get personal correspondance, private documents, medical records, legitimate business documents, etc. are all captured by the device, documents which are arguably well outside of the FBI's need to know and would hardly constitute a specific search and seizure.

Or am I babbling? 4 hours of sleep in the last 48... finals nearing and all.

----

Re:Isn't this illegal already?

[HerrNewton]

Heh. And the funny thing is I don't even own a TV, nor do I watch TV...

----

Re:Its a lot harder on a laptop...

[HerrNewton]

one would more likely be able to always have a laptop in one's physical presence. Difficult to insert hardware under your nose.

----

Re:There Has To Be A Way

[HerrNewton]

What's a keyboard signal look like? An analog signal sent over a wire. We've got the technology to encrypt that, it's just a matter of encrypting it strongly enough so that it doesn't become the weak link in the chain. (ie one would PGP all your sensitive stuff and then put a plain text copy of your private key in a password protected zip archive.)

How complex would an analog key, something like an Enigma machine, need to be before it stopped being the weak link in the chain? And how would one tell the computer what the key is? Can't type it, after all, and using a mouse to type it leaves the mouse unencrypted...

----

Re:But even then...

[HerrNewton]

If someone breaks into the room whilst you're sleeping, would you not notice? Then again if they harass a college kid for looking at a site post crack and having books on BIND...

----

FBIEngineersAreWeenies

[jasha]

And, after countless manhours and taxpayer dollars, the FBI has been able to confirm that Scarfo's super-secret PGP passphrase is...

FBIEngineersAreWeenies

Re:Keystroke taps get EVERY keystroke, even pre-^H

[stg]

Or use an on-screen virtual keyboard and a mouse. :-)

Re:mixed feelings...

[Kynes]

Because, as the article points out, this will likely establish new case law not because its mafia related but because the case will be put to test new means of surveilance for which no real law covers just yet.
IANAL, but that basically means that if this stands then the FBI/police can use the technology on just about anyone without any specific law ever being passed that gives them that particular right and it will stand up in court.

Re:Get worked up!

[elb]

What this comes down to is not just whether I've done something that I *should* or *should not* care if other people know about -- it comes down to my FUNDAMENTAL right of personal autonomy.

I should have the RIGHT to decide whether anyone else can read my shopping list, whether anyone else can read my political manifestos, whether anyone can see my porn collection. The issue is the CHOICE.

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Do you have curtains on your windows? Do you close the stall door when you go to the bathroom?

The reason you assert your desire for secrecy is not because you're doing something illegal or illicit. It's because you have made a personal choice (or a default choice handed to you from your culture) that you don't want anyone else to watch you eat dinner or go to the bathroom.

Now, you may think it's weird for someone else to have different privacy values than you do. Sure, *you* don't care if random strangers read your shopping list or make copies of your not-to-be-published novel.

But if *I* care about those things, it's my own prerogative and you have no goddamn business telling me otherwise.

Re:Get worked up!

[elb]

More recent than WWII -- how about McCarthyism? Anyone suspected of harboring communist sympathies was dragged in for it.

During the Vietnam war, the gov't (FBI mostly) kept photos and lists of protesters. I do believe that the Supreme Court made this illegal.

For a while the FBI was keeping lists of suspected homosexuals. (Oh, wait, I guess that homosexuals commit crimes every time they have sex... good 'ol sodomy laws. However, those are all state laws, and the FBI does not have the authority to keep track of people whose only crime is a state/local one.)

Often, the government keeps tabs on people that it suspects might commit crimes in the future. It had a huge file on Martin Luther King Jr., and even wiretapped the man's phones. Wiretap laws and court rulings have made this illegal, but the overriding point is that law enforcement has a desire to monitor the activities of anyone it thinks might possibly commit a crime at some point in the future. And guess what? That ends up being most people.

Re:Calm Down!

[elb]

One interesting question is, how far can they go to "mitigate a citizen's privacy"? This case shows that they can go so far as to "bug" my keyboard to obtain my PGP passphrase.

The super-illegal things about the government's operations, in my mind, are as follows:

A warrant which allows the government to obtain someone's passwords (through several steps, i.e. keyboard monitoring ) is much more intrusive than wiretapping. Reason: wiretapping only allows the police to hear what is said over the phones (or data lines) from the time of the wiretap onwards. With password detection, the government has surreptitious access to data from ALL points in time.

This is like allowing the government to search your house on a regular basis (without you knowing it). Sure, it would catch more crime, but it's not a provision of our governmental charter to allow this. The government is only allowed to search for specific things relating to a specific crime. If they can have access to lots of data NOT relating to that crime -- data which was encrypted thus manifesting a subjective and objective expectation of privacy -- which may incriminate you, that does not mesh well with the 4th amendment requirement for individualized suspicion.

Keyboard Logging Prevention Techniques

[WowMan]

Maybe sensitive information should be entered with a graphic display of a keyboard along with mouse input. Randomization of the keyboards's layout (QWERTY) along with the position of the graphical keyboard on the screen would further frustrate FBI keyboard snooping efforts.

Re:Keyboard Logging Prevention Techniques

[WowMan]

Replace the Login widget with a keyboard graphic that randomizes the position of the keys and use the mouse to enter password information. To sniff out passwords under such a scheme would require monitoring mouse events along with a map of the graphic keyboard layout. Protecting the keyboard map is a problem assuming that the graphic display is also snooped. To protect against snoopers decoding the map directly from the Graphic Display's Memory may require eliminating the keyboard map from the display and instead scotch taping a transparet image of the map onto the monitor's screen. The problem then becomes keeping these keyboard maps safe - not entirely impossible if they are made to be temporary, limited use items.

Re:Calm Down!

[jovlinger]

It's a case of trying to balance the very absract good society derives from privacy against the concrete damange of crime. We all agree that no-privacy is really bad; the problem comes when we start trying balance the abstract against concrete. You find that it is almost impossible, so pretty much the only valid approach is going to one of the extremes. I would favor making the right to privacy be as absolute as the right to free speech (which is abridged, but not much). Recent legislation seems to tend in the opposite direction (c.f. recent brittish proposals to record pretty much EVERYTHING).

I think a decent compromise might be to take a page out of the DCMA of all places. Anyone who tries to protect their privacy (closing of doors, using encryption) has a right to it. Anything in the clear is fair game.

This would be completely in line with the current standards on police conduct -- without a warrant, they can look through windows and enter through open doors (== in the clear) but not break a lock or open a bag (== encrypted).

So by the above standards, the keyboard tap is A-OK, and so is carnivore. Damn. Knock me down, please. Oops.

Can anyone comment on how much a person whose house is being searched under warrant must cooperate? Opening safes? Unlocking doors? Locating documents?

hrmpf..

[radja]

looks like I'm gonna have to start weighing my keyboard.. if they're putting stuff in, I want to know.. now only to take into account the natural weight gain of a keyboard due to tobacco-in-the-keys

//rdj

Re:Is this ignorance, and on whose behalf??

[LordEq]

And who's breaking the law here? The Mafioso, or the Feds??

Yes.

--LordEq

Christmas Presents

[F250SuperDuty]

I think we all should chip in and get the staff of /. some readers & a dictionary.

It's spelled Philadelphia Inquirer!

-k

Re:There Has To Be A Way

[moshez]

It's beyond me how these things get moderated up, really it is. Come on, for encryption to work, you have to have a key. Where would you store the key? In the keyboard? The keyboard sends key codes, and these say *exactly* what keys were pressed.
So you'd need a "smart" keyboard to do that -- and even that won't work, if the put the tap between the smart part and the keys. Unless you think a person would keep the key in his head, and, say, use the key to the right of the key he intends to.
Well, that would make it harder for the white hat then for the black hat.

Re:There Has To Be A Way

[Octos]

Here's a simple way that is so simple it might be considered genius and overlooked.

Type using the Dvorak keybeoard layout on a normal keyboard and let the keymap in the OS get the characters right. The interceptor will get what it thinks is gibberish or code.

Re:Calm Down!

[lizrd]

Actually that's what I usually do. I (or my girlfriend) sits there and we talk about what we're going to eat for the next several days. As each food item is mentioned it gets added to the appropriate section of the list. So, yes it does get typed in all at once, and yes I do need the list.
_____________

Why doesn't the FBI concider....

[Elpacoloco]

...That the mafia could figure out that they're being bugged! Surely they would have SOME kind of techie working for them...

I wish it was so easy...

[Tau+Zero]

Use a laptop.

You are obviously a person who has never suffered from keyboard-related repetitive stress injuries. As soon as you plug in an external keyboard to deal with that, you're back to the problem of the bug in the keyboard.

Second issue: that only buys a little time. At the rate things are shrinking, bugs that fit into laptops can't be far off. Swapping the entire laptop for a bugged one is another possibility; all the FBI would have to do is swap the old hard drive into the new box. How often do you check your serial numbers? You only have to use a compromised machine once, and your PGP key is an open book. Maybe there are people who are meticulous enough to catch this, but I am not one of them, I don't know any, and if I did know any of them I would probably think that they were too weird to keep as friends.
"
/ \ ASCII ribbon against e-mail
\ / in HTML and M$ proprietary formats.
X
/ \

Now that I think of it, no, there doesn't.

[Tau+Zero]

The keyboard sends key codes, and these say *exactly* what keys were pressed.

So you change the way the keyboard works. When the system boots, the CPU and the keyboard do a Diffie-Hellman key swap, and carry on the rest of their data exchanges in cyphertext. This requires a new BIOS, but it's not impossible. The real problem is probably getting a suitable random-number source into something as low-powered as a keyboard.

even that won't work, if the put the tap between the smart part and the keys.

On most keyboards, the key switches are a physical part of the PC board which also contains the encoder chip. There's no connector to lift. The black hat could try connecting to the lines for the keyboard matrix, but that could be made very difficult too (chip-on-board technology, for example). Have the keyboard authenticate itself to the computer upon boot using some shared secret, and replacing the guts undetected becomes difficult as well.

It's never going to be impossible to intercept communications like this, but it appears that the right detection systems and countermeasures (which are not just for hiding criminal activity, they'd be entirely legitimate for use against industrial espionage) could make them extremely difficult to carry off.
"
/ \ ASCII ribbon against e-mail
\ / in HTML and M$ proprietary formats.
X
/ \

Re:What's wrong with pictures of children???

[townmouse]

You are confusing p(a)edophiles with pederasts.

A paedophile is someone who wants to have sex with children (more than with adults, let's say). A pederast is someone who has sex with children, perhaps because they are a paedophile, or because they can't get an adult partner, or because they've been ordered to rape every female in the village. Most paedophiles are not pederasts.

I agree that "Having sex with someone who is too young to know what is happening is quite clearly rape". But it is a huge and ludicrous jump to say that all children are "far too immature to understand what is going on". When I was almost 18 I was not far too immature, or even slightly too immature, to understand what sex was. I had known what sexual intercourse was for at least ten years, and had had a pretty detailed understanding for at least four years.

I would imagine, not having any evidence either way, that children suffer more psychological harm from being raped than adults do. I can also see some possible reasons for forbidding children under a certain age to have sex - they do not have as good an appreciation of issues like STDs and pregnancy as the typical adult. But deliberately confusing the two issues is silly and dangerous.

Re:What's wrong with pictures of children???

[DreamerFi]

To have sex with their peers? Any age they damn well please. 11, 12? Sure, for most. We were talking about adults having sex with kids, as in, pedophiles, the ulgy picture where a 35 year old fondles an 8 year old. Also note that, if you pick "adults" to be 18, I don't consider 17-with-18-year-olds to be a problem either, as some countries seem to do.

Easy workaround....

[supabeast!]

"The bug is the most effective and least likely to be discovered, said James Atkinson, head of Granite Island Group, a private electronic security and surveillance firm in Gloucester, Mass. The device, Atkinson said, is about the size of a sugar cube." No big deal. Just buy one of those cool new clear keyboards from the people that make Mac knock off products (Unless you already own a Mac.). The FBI will have to do a little better now that this one was exposed, as every computer literate criminal (Not to mention those of us that the government wants to make into criminals.) will likely spot this one out there.

Re:There Has To Be A Way

[kugano]

How would a keyboard cipher be any more susceptible to any specific kind of attack than a regular stream cipher, or any other cipher for that matter? Unless you know exactly what the person's doing at any given time, you have as much idea what he's typing as you would what's in a message encrypted using, say, PGP.

When everyone uses encryption...

[dmoen]

Everyone should be using encryption for as much as they possibly can.

When everyone uses encryption routinely, the FBI will initiate the Carnivore 2 project. This will require computer manufacturers to install a remotely controlled keyboard bug in every new computer. Naturally, the FBI will promise to obtain a court order before enabling the bug for any given computer.

Lazarus - HOW NAIVE!

[jmorse]

This is America! You aren't going to be persecuted for harboring seditious ideas.

Lazarus, you obviously haven't heard of a little FBI program in the late '60s and early '70s by the name of COINTELPRO. J. Edgar Hoover authorized the program for the purposes of spying on, infiltrating, and disrupting groups associated with the New Left like SDS, SCLC, SNCC, FOI, AIM, and the Black Panthers among others. FBI agents routinely attempted to cause infighting among these groups by several underhanded means (like snitch jackets), prompted several murders, and collaborated with local police to frame suspected leaders of these groups.

I guess some people still believe what their school textbooks tell them about living in the land of the free. The truth is, people are persecuted for their political beliefs in the US. Our friendly government just finds more innovative ways of doing it.

(offtopic)

[jmorse]

noahbagels? I once worked at a noah's bagels...for 3 long years!

Joe

How'd they bug his keyboard?

[-kevin-]

I'm curious, i'm assuimg they used a hardware keylogger, but how'd they get it on without him noticing? just wondering....

Re:Get worked up!

[rakslice]

"How likely is it that they will be tapping people for no good reason?"

Why? Where are you getting your statistics? What does your source consider a "good reason"?

This means one of three things

[Greg+Koenig]

Ignoring the aspect of FBI agents sneaking around and installing sneaky devices in peoples' keyboards, this means one of three things:

1. Nobody in the government (FBI, CIA, NSA) has the capability of easily decrypting PGP-encrypted files.

2. The FBI cannot easily decrypt PGP-encrypted files, but other government agencies (CIA, NSA) can but will not share.

3. The government can routinely decrypt PGP-encrypted files, but don't want to tip their hand to this ability. Therefore in order to explain how they have access to such encrypted files they have to install a device that could give them access to the files through a means other than decrypting them with sheer computing power.

Re:This means one of three things

[hoeferbe]

I did find it interesting that the 6th point in the district court's order said:

6. Normal investigative procedures to decrypt the codes and keys necessary to decipher the "factors" encrypted computer file have been tried and have failed.

I wonder what the "normal investigative procedures" are. Are they serious crypto-analyst attacks on the encrypted files & key, or are they just "Well, I tried his wife's maiden name, his dog's name and his SSN. None of them worked. We better go get a warrant!"

Re:High tech?

[CodeMunch]

Ya, and the report was generated with a typewriter. That seemed just a little manufactured. Yes, it could have just been a font but it also could have been:

1. A bogus report to get the conspiracy monger in all of us going
2. A _sure_ way to not have your keystrokes logged
3. Many other things our creative little minds could come up with

--Clay

Re:Well now, this is interesting...

[CodeMunch]

"to install and leave behind software, firmware"

heh, I hear he's also up on w4r3z charges now too :)

--Clay

Re:High tech?

[CodeMunch]

Ya, if it was a plastic ribbon & the ink was removed but if it was a cloth ribbon (as the doc appears to be kuz of the ugly typeface) you might be able to get something off reading the ribbon impression but it is highly unlikely, especially after it is re-wound.

_sure_ implied there is no sure way.

--Clay

Re:mixed feelings...

[TheCarp]

> Yes, the whole Big Brother stuff is pretty damn
> creepy...

Yes it is.

> On the other hand, we're talking about a mafia
> bookie... like I should feel sorry for 'em?

Well if hes just a bookie...hell my grandmother was a bookie for a while. Probably for the mafia I would assume (given her age, I would bet it was even quite a while before I was born).

All bookies do (afaik) is deal in gambling. If a person wants to gamble their money away on all manner of sporting events, I say let them.

If thats all he did, then I certainly feel sorry for him.

Actually the maffia is an interesting topic. Neither of my grandparents were (other than my grandmothers possible association as a bookie)...but once when they were mentioned my grandfathers response was "Oh those guys" in a tone that seems to say "Yea I knew some of those guys" or at least had met some on one occasion or another.

-Steve

Re:You are naive.

[Winged+Cat]

On the other hand, if you haven't done any of these things, and think you've never done anything illegal in your life (including knowingly allowing others to do illegal things), I'd like to hear from you.

Well...if one can plausibly deny "knowingly" letting certain others do specific illegal things (as opposed to "there's a crime going on somewhere in the U.S.; why haven't you stopped it?")...

<slowly raises hand>

Re:You are naive.

[owain_vaughan]

> Drink before you were 21?

Yep. But then again the legal limit is 18. :)

Re:The one problem with this.

[rediguana]

Just goes to show that encryption (and by association digital signatures) isn't the silver bullet everyone thinks it is. I am scared of the day that a government accepts digital signatures as legally binding.

Bruce Schneier makes some excellent points in Secrets and Lies about the difference between having your computer digitally sign a document, and you physically signing a document. There is a huge difference when you consider all the different ways that you can convince the user to sign documents they didn't intend to.

Re:There Has To Be A Way

[rediguana]

But whats the point? Any agency can still get around it.

• They just mount a camera above the keyboard where you work and record your keystrokes.
• They replace the encryption chips in the keyboard with specially manufactured chips with weak or no encryption.

Fact of the matter is that motherboard manufacturers will have to adopt a standard to include the chips on the keyboard and motherboard. Do you think they're gonna try and piss off the government by doing it?

Re:PGP = probable cause?

[Cheshire+Cat]

Unfortunately your logic is incorrect. Just because a person is using PGP doesn't give the FBI the right to tap their keyboard. However, when they have reasonable evidence that someone is doing illegal acts, and they are attempting to hide those acts with encryption, then the FBI was granted the ability to monitor his keystrokes.

Re:Get worked up!

[h0mee]

Don't forget the executive ordered COINTELPRO operations- responsible for systematic harrasement, and in some cases murder, of activists in 60's and 70s coordinated by the FBI and local police departments...

Then there was ARTICHOKE/MKULTRA in the 70's which kidnapped American citizens for the purpose of investigating mind control...

Of course, in the 80's the drug war sped full steam on, causing a situation with minority and poor communities that rivals the gulags: spiraling incarceration rates in the U.S. to some of the highest in the nation...

In the 90's, we have a re-emergence of activism, and subsequent demonization of citizen militias, involving takedown after takedown of any dissident in the U.S. We also have a demonization of the teenage hacker misfit, causing witchhunts on the nations own children, all spearheaded by the like of the FBI, MJTF, etc.

Remember that history usually isnt revealed or accepted until much after the incident. In America, everyone *thinks* they are free... When in reality, groups like the FBI ranks right up with the SS, KGB, etc.

Of course, we dont have people mysteriously disappearing in large quantities, yet.

Re:Calm Down!

[Vinster]

i hope you're not serious, because you mangled the FUCK out of that quote. There is a great deal of confusion about who said that quotation, and how. The main consensus is that it was either Ben Franklin or Thomas Jefferson. Here are a few examples from around the net of how people attribute that quote:

snip, snip

So who actually said it? Drum Roll please...

Benjamin Franklin, Historical Review of Pennsylvania, 1759:
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.

Re:Calm Down!

[mesterha]

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

I tend to doubt it. Wiretaps were legalized to enforce laws that involve consenting adults committing immoral actions. Examples are gambling, prostitution, and the sale/use of drugs. (Almost all wiretaps are used for prosecutions stemming from these types of crimes.) If we get rid of these bad laws, we could also get rid of wiretaps.

Re:Calm Down!

[Fesh]

I believe there is something seriously flawed about a system of law and order that assumes everyone is a criminal. The default assumption of law enforcement should be that everyone is a law-abiding citizen, and they should have to show evidence to the contrary before they can invade an individual's right to privacy.

I think the major problem is that Law-Enforcement personnel have seen so many cases of people who are demonstrably guilty that after a while it just becomes easier for them to assume that everyone is guilty and that they just don't have enough proof to take it to court yet. My worry is that use of encryption in and of itself can become (in their minds) an indicator of criminal behavior, even if it is only your shopping list. That's why universal use of encryption would be a good thing, because those of us who like our privacy would no longer be singled out for being a little more privacy-concious than the rest of the sheeple.

--Fesh

Re:Get worked up!

[DukeofURL]

***reading my shopping list,
It's a flipping shopping list. Who cares?***

It has nothing to do with "IF you haven't done anything illegal, you have nothing to hide"
IT has everything to do with privacy, because your shopping list is just that, YOUR SHOPPING LIST. Not the fbi's shopping list. All you morons would change your opinion here if this was actually happening to you.

Re:What's wrong with pictures of children???

[CFN]

it's just as valid as homosexuality, bisexuality

How dare you make this claim.
Hetro/Homo/Bi-sexuals have sex with other adults, people who are old enough to understand the situation they are about to enter, and its consequences.
A pedophile, who has sex with a child, is having sex with someone who is far too immature to understand what is going on. Having sex with someone who is too young to know what is happening is quite clearly rape.
Imagine if someone you had not given consent to had sex with you while you were unconscious. You would indeed feel violated and raped. Having sex with an underage child is equivalently as wrong.

Re:Calm Down!

[CFN]

Your following two ideas cause a contradiction:

• Explain to me how it has been shown that any man has violated the rights of another before a trial. I could care less what the government suspects him of. Let a jury decide.
• defendant asks nothing - wants nothing, but to be let alone until it can be shown that he has violated the rights of another

If we must wait until a trial (and guilty verdict) before we have the power to not 'let alone' a defendant, how will we ever get him to stand trial?

Re:What's wrong with pictures of children???

[CFN]

I did mean consenting.
And I agree with you that someone should not be persecuted for their thoughts, but only their actions. However, there are still some differences between pedo and the others: for instance, making child-porn is illegal, b/c a child cannot consent to that, and purchasing it should be illegal as well, because it encourages its production.

Re:How this seems to read to me....

[DarkProphet]

Good point, though I think the feds would have a hard time pulling that off without me knowing about it. Unless they uploaded some software keylogger from the net, they'd have to physically screw with my computer to install the bug (inside the keyboard, install software, etc etc). My computer desk (and keyboard itself) happens to be covered with a fine dusting of cigarette ash, and it would be pretty apparent if anything was moved around ;-)

Still, to do this, I'm pretty sure the feds would need a warrant to enter my home and do this. Otherwise any information they recieved with the bug is illegal evidence, and can't be used (IIRC).

So, lock your doors and windows. (heh, no pun intended).

-DP

Re:True.

[DarkProphet]

Yes, but unfortunately, the FBI probably doesn't need to work real hard to get a court order to do surviellence(sp?), and in any case, they don't (and won't) TELL YOU they are going to be watching you!

So yes, they have to have a court order, but once they have it they can do damned near whatever they want.

Besides, the court will decide whether to issue that order based on the reasons the FBI wants to investigates, and by applying those reasons to current law (which is a fallacy in itself because there are not specific laws concering "PC-Wiretapping", IIRC). The reason people are (or rather, should be) concerned about this is not so much because the FBI is playing spy (after all they do have a court order), but rather HOW they got the court order in the first place.

And, not to sound like a pretentious dick, when it comes to our good old U.S. goverment, "I don't see what the big deal is here" is a very naive mindset. If you're a U.S. citizen, you might want to be a little more wary of the shit big brother tries to pull... The latest presidential election aughtta be enough reason to question those in power ;-)

One Good Thing...

[Mzilikazi]

You know, for once, I'm actually happy I've got this semi-transparent Apple keyboard. ;)

Re:Spies in sandcastles shouldn't throw waterballo

[e7]

Speak in code and write in code, codes that are indistinguishible from noise.
In other words, /. is a perfect place to hide coded messages! ... Whoops, blew your cover.

Not electronic communication?

[BlackSabbath]

One thing that struck me as odd was the FBI's claim in their application for authorization that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply. Say what??? They mention in their application that they need to install "software, hardware and/or firmware". If this is the case, what kind of communication ARE they capturing? light beams? (fibre-optic tap?), thought waves?

The other thought that occurs is that this seems to be a case of the FBI doing what a lot of people who post to this forum claim as their "right". That is, to operate "beyond" (not necessarily "against") the law. ie since there is no specific law covering activity XYZ (notwithstanding specific laws covering similar activities), we can go ahead and do it. Any attempt to regulate or restrict activity XYZ is seen as an infringement of rights or an attempt at government/business/big-brother to restrict our freedoms.

It seems hypocritical to attack the FBI for taking advantage of a "hole" or "loop-hole" in the law (if that's what it is) when we all too often seek the same protection of the ability to take advantage of "loop-holes" in the law ourselves.

Just a thought.

The Keyghost

[alexburke]

This is probably what they used to bug his keyboard.

--

Re:Calm Down!

[Ambush]

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list? The most valuable commodity I know of is information. - Michael Douglas as Gordon Gekko, Wall Street How ironic! First you indicate that personal information is no more valuable than a shopping list, then your .sig shouts about the value of information. Freedom has got to be more important than the illusion of safety.

Re:How incriminating can my keystrokes really be?

[mr_gerbik]

That may be true... but can it put me in jail?

by the way.. how did you tap my keyboard?!

Re:Get worked up!

[jallen02]

So let me come in your house. Let me go look through your personal belongings, hell dont leave your door unlocked and put a sign that says, browse my house, I dont need privacy.

Its one thing to say "If you ahvent done anything illegal you have nothing to hide", And oh what a prty line that is, but it is so untrue. Some people are just private by nature, things are more meaningful and your security is protected by you maintaining your own personal privacy. So the what if it IS just a shopping list, its MY shopping list and not anyone elses, and I wish people would not be so willing to give up their freedoms people fought and died to preserve..

Jeremy

Re:How this seems to read to me....

[gengee]

Blah. I wouldn't notice. At work, I sit at a desk with a wireless keyboard, wireless mouse, flatscreen LCD monitor, and all the innards hidden from me. So long as nothing abnormal were to happen, it would be unlikely that I would get out a flashlight and look for YAFBIDDFS (Yet another F.B.I.-Designed Device For Snooping).

signature smigmature

Re:Calm Down!

[gengee]

They had every right to tap this guy's computer.

Congratulations. You have frightened me. Have you ever heard the phrase "The right to be let alone?". While this was not explicitly stated in the articles of the US Constitution, I have trouble believing it was not meant to be inferred. The Supreme Court has said, as far back as 1834, the "defendant asks nothing -- wants nothing, but to be let alone until it can be shown that he has violated the rights of another." Wheaton v. Peters, 33 U.S. 591, 634 (1834).

Explain to me how it has been shown that any man has violated the rights of another before a trial. I could care less what the government suspects him of. Let a jury decide.

Warren and Brandeis understood this phrase to be a truth - As one could surmise from their famous dissenting argument in Olmstead v. U.S., 277 U.S. 438, 478 (1928) - The first wirtetapping case in the country - In which Warren uses the term. Through numerous U.S. Supreme Court decisions cited later in this article, this phrase has come to be associated with preventing invasions of the private sphere by the government.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

Boo-hoo. I call this FUD. Technology has not always been around. The government was not always able to so easily and woefully invade ones privacy. And quite frankly, I'm a little bit more afraid of the Government peaking in my windows, than I am of some low-level Mob member, trying to get me to play a game of poker.
signature smigmature

Note to self...

[MousePotato]

1. Be sure to label triple beam balance as keyboard scale first thing in AM.
2. Take apart keyboard... ugh! What does it look like inside afterall?
3. Change all passwords regularly or your mileage may differ.

Private Conversation

[Gefiltefish]

Back in the day before digital communication, wiretapping, and listening devices I wonder what the authorities did to investigate and prosecute crime...

Two people who wanted to have a private conversation could just step aside or walk outside to have a completely privileged and private conversation.

While I would'nt suggest sliding back to some of the other pieces of the past, it still seems that people should be able to communicate with each other or (with this keystroke example) write completely private notes or whatever in their personal documents.

Do it yourself!

[Daniel+Rutter]

Ah, another golden opportunity for me to plug my most recent review of a KeyGhost gadget, at www.dansdata.com/keyghost2.htm. If you've not read about this thing, and people who might want to spy on you for whatever reason have physical access to a workstation you use, you should. It's the most elegant mass-market hardware keylogger in existence at the moment. Takes a few seconds to install or remove, on anything with a PC-compatible keyboard.

No remote monitoring (they're working on that...), but it's simple, relatively cheap, and comes in various inconspicuous form factors. Distilled evil, in a small beige box.

Re:Could be much worse

[x-empt]

Fortunately Carnivore does help to lead investigators to people committing crimes by keeping logs of certain users/data. This is a Good Thing (tm) if the Carnivore beast does not log innocent civilian data.

I believe (and would hope) that the FBI should still be required to go through the courts before actually logging any data.

But I definately believe that this was NOT a violation of anyone's rights, so why was it included in the "Your Rights Online" section ?

Re:Keystroke taps get EVERY keystroke, even pre-^H

[kd5biv]

So take advantage of it. While nothing but your OS is open, take the opportunity to type out messages to the FBI detailing how you feel about their bugging your keyboard. If they are, they will log that along with everything else, and if it all ends up in court, it will get read from the log. ;-)

This works in Windows or Mac OS ..

How to avoid this if it may be happening to you?

[kd5biv]

I know, about as likely as getting struck by lightning for most people, but if there's some danger, what's to keep you from swapping out keyboards every once in a while, or cleaning out all your drivers and reinstalling only the ones you know you need, or putting a device in between the computer and keyboard that only allows certain types of communication between them?

I guess there's a question of level of sophistication involved. I know on both the Macs I use I would be very suspicious if strange new extensions just appeared in my system folder, or random bits of innocuous looking hardware just appeared at my ADB or USB port connection -- I'm certain anyone who's familiar with their Registry contents would be equally concerned if new keys started showing up in there. So maybe we should all just get very familiar with our machines and keep an eye out for stuff we didn't install?

Obviously, if anyone notices anything like this, it would be worth it to make a trip to a randomly selected library to drop a quick message here .. ;-)

Re:So, whatsamatter with you?

[SlugLord]

Not so... If each individual key were tapped, there are no wires involved and they are only monitoring his physical movements, not his electronic communication.

Re:You are sick

[aozilla]

It was a joke

Re:Could be much worse

[Ray+Yang]

You're right. If the FBI had to get a warrant and attach an actual recorder for everybody whose computer they wanted to bug, they'd have to go to a lot of trouble, and that would keep them within reasonable limits. It's when they use computers to enable them to watch a few thousand people at a time from one terminal that we need to get really worried (and it seems like they're definitely trying).

I still think the FBI was wrong in this case, though (granted, I only know what was in the article). I think this is a good, old-fashioned case of police abuse here --- they had a warrant to *search* the computer, not to *tap* it. A search warrant doesn't enable a cop to sabotage somebody else's equipment, or to intercept communications (both apply).

Transparent keyboards

[HuskyDog]

I notice a trend these days to sell electronic products with transparent plastic cases (e.g. telephones). Does anyone make transparent keyboards? Such a thing would make it much harder to hide one of these sniffer gadgets and save me the trouble of taking my keyboard apart every week (as I intend to do from now on!).

Obviously I also need a transparent computer case and that could create EMC problems :-(.

Its a lot harder on a laptop...

[zaius]

One of the many reasons I use a laptop...

Re:Its a lot harder on a laptop...

[Technician]

I noticed in the FBI request, they asked for a time extension as the target computer was not at the target location. It had been moved. This prevented them from installing the password capturing stuff. Physical security is important folks! If they can't touch it, they can't hack it!

Just Say "NO"

[PingXao]

Look, I know there are bad guys and criminals and terrorists. That doesn't mean the government should have the power - I was going to say "right" but governments don't have rights, only the people do - to tap into any stream of information they feel like. Historically, there were no telephones or telegraphs, let alone computers or the internet, earlier than something like 100 years ago. But there was snail mail. Even worse than snails was the Pony Express, for instance.

I suppose the gov had the power to open mail back then with proper court orders (can anyone confirm this?). That was fairly simple. Then telegraphs and telephones came along. The gov decided that it would be a simple matter to eavesdrop on calls at the central exchange - properly authorized, of course. Now we have the internet and all these packets floating around. The gov, naturally, wants to extend their powers of communications interception to all these bits of information. The problem, as I see it, is one of practicality.

It's simply not as easy to tap into the flow of modern widespread networking. You can't simply set up shop downtown at one location and steam open TCP/IP envelopes. You can't enter a central office and clip your tape recorder to two screws and get access to every TCP/IP conversation someone is party to. The government would have us believe otherwise. Sure, it can be done but it's massively expensive. I guess the NSA is already doing it to some degree, but look at their budget (LOL). Domestic law enforcement would have us and the Congress believe it's their inalienable right to access this information, since it's just an extension of the powers they already have to do this. I say bullshit.

When it was easy to lawfully intercept communications, like paper envelopes or two-wire telephone circuits, they had and made a good case for having that power. We're way beyond that now. It's no longer easy to do. They argue for huge budget increases in order to preserve what they see as their divine right. Again I say bullshit. It's not something they ought or need to be getting involved in.

There are plenty of ways to catch criminals and terrorists without having to resort to these Big Brother tactics that are fraught with potential for abuse. National security is one thing, but the needs of domestic law enforcement just don't meet the standard, in my eyes, of needing draconian measures to "enforce" the law. It's time to turn the tables and JUST SAY NO to Big Brother.

Re:Calm Down!

[shepd]

>FBI... ...they can impersonate him.

That is something I didn't think of. But I wonder if there were any past cases where the FBI did impersonate someone to gather evidence. ie: Send an FBI agent into a drug house, pretending to be a dealer, to see how much and if that dealer normally got their stash from there.

If so, then similar identity stealing action has been taken before. I'd not like it either, though, if the FBI were trying to get ahold of my identity. But, being that this person is a suspected criminal, and that a third party (the judge) gets to decide whether or not the search warrant should be accepted, I sleep pretty well at night knowing the FBI isn't going to be raiding my identity.

>possessing the passphrase makes it tainted evidence.

This is a distinct possibility, and I would think the FBI would catch this angle too. They're probably days away from arresting him, and don't need any more evidence than what they (think) they already have.

We'll see how this turns out. News at 11. ;-)

Re:The one problem with this.

[panum]

I am scared of the day that a government accepts digital signatures as legally binding.

Welcome to Finland :) Our HST makes that already possible. HST stands for Electrical Idetification of a Person, the acronym is in Finnish of course. More info is available. Just select English from top-left corner for language challenged persons :)-P
--

Re:You are naive.

[Suidae]

Have you ever mutilated a U.S. coin?

Thats only illegal if the intent is fraud. Its perfectly legal to destroy your own money if you wish.

Re:Why they need your keystokes

[Suidae]

I think I'd notice any extra little boxes on the keyboard port.

You had better start taking apart your keyboard and checking inside, because that is likely where they are placing it, ala the keyghost device, which you can buy as a keyboard wedge, or as a device that comes built into the keyboard. From there it is a small step to make a device which is installed into your existing keyboard and includes a small RF transmitter to broadcast your keystrokes to a panel van down the street.

Or at the very least take apart the keyboard and pot the whole thing in clear epoxy with some unique items imbedded to make it nearly tamper-proof.:)

It just goes to show you how important the physical security of the system is.

Re:Get worked up!

[SigVn]

"This is America! You aren't going to be persecuted for harboring seditious ideas."

I am Sorry Did you MISS McCarthy? Let me Remind you "Are you now or have you ever been a member of the Communest party"

This will work itself out...

[Murellus]

I think we'd all agree that the FBI should be able to get wire taps, search warrants, or whatever as long as they go through the proper procedure and have a good cause. There is no real reason why this shouldn't carry over into the realm of the internet. The primary problem is that there will constantly be improvements in technology that allows people to be more secretive in what they do on the internet. At the same time, the FBI will be coming up with more and more ways to get around them. We aren't going to be able to have specific laws for each way that the FBI can monitor us or we won't be able to keep up. The courts are simply going to have to come up with some generalized guidelines for this type of thing.

Re:Calm Down!

[Fat+Rat+Bastard]

That was my point.

Re:Calm Down!

[Fat+Rat+Bastard]

Lazarus Short - auto104604 at hushmail.com

Smell that??? That's irony.

Re:Get worked up!

[sqlrob]

And how expensive is it to create a virus/trojan that installs a keyboard monitor and have it report back periodically?

Not very, especially considering you'd get economies of scale there.

Philadelphia Inquirer, that's all

[flicman]

Not Enquirer. That's a national tabloid. The Inquirer may indeed be a rag fit only for kindling fires, but no more so than the NY Times or the Washington Post.
that's it.
thanks.

...flicman

Re:Get worked up!

[noahbagels]

It is more important to me to protect myself from having FBI agents (not bureaucrats, agents) reading my shopping list...

Do you really believe they are going to tap you ?

Cmon people - get serious for a change. Consider this:

* How expensive is it for the FBI to enter your home, place a physical tap on your computer, and monitor it for months?
* How likely is it that they will be tapping people for no good reason?

I am an advocate for privacy, and this isn't Carnivore - it's a local one-time tap, on one-individual's typing!

Re:There Has To Be A Way

[duffbeer703]

I suggest moving and remapping all keyboard keys on a daily basis. By doing this, you will have no idea which key is which, and will either not use your computer or input quasi-random data into the pc.

This is the ultimate encryption.

Re:Calm Down!

[Enigma2175]

Yes, the FBI had a court order, but that does not mean that the judge was wise (or even following the law) by issuing this order. And then you jumped suddenly from a guy who was running a few numbers to mob bosses, terrorists, and child pornographers. Are you comparing the deplorable practice of child pornography to being a bookie? That's like saying "We should put to death all the murderers, rapists and jaywalkers." It's a totally different class of crime. You just put it in there to evoke an emotional reaction in people who read it, it's inflammatory and prejudicial. I personally don't see anything wrong with gambling, it is even legal in a few places. I think it is unwise to legislate morality. As for protecting myself from having the FBI read my shopping list, I will paraphrase a quote I have seen around here: "He who gives up freedom for safety deserves neither."


Enigma

Re:What will your defense be...

[xjosh]

You are asking the question that is at the heart of my point. If an examiner of the evidence cannot see the entire context of the user's interaction with the computer, how can they be sure that the evidence is even relevant and not something unrelated? If it is not relevant then it must be minimized.

Setting aside the copyright implications, etc here is an example (albeit not neccesarily the best one):
If I type the words to Body Count's Cop Killer into MS Word, and you can only see my keyboard input, how can you be sure what application received that data and how it will be used. It could have been directives to another person, a recount of my own actions, or merely fiction. Did I enter that information into a word processor, an email, my journal, my to-do list?

If it is not relevant to the case it must be minimized. Same with phone taps. If a person being monitored begins a personal conversation unrelated to the case, then investigators must minimize (not listen to and ignore) that conversation. If that person casually drops information related to the case during that conversation, then it is basically lost. The only way that the information could have been obtained would have been monitoring something that was to be minimized.

My defense might be...

[xjosh]

Since a keystroke logging device cannot see any screen output or mouse actions, what is captured may not be what it seems.

How can someone reading the keystroke log be sure that it is "criminal data" rather than some really crappy abstract gangster fiction work. Can they be sure that "Whack Vinnie" is going into a to-do list rather than Word?

If that is true, then what bearing does the crappy fictional work have on this case? If what the government suspects to be the passphrase appears in that crappy fictional work, should they have not minimized it? Doesn't that make the passphrase essentially unusable?

I know it's a bit of a stretch, but the gist of what I'm saying is this: If the government sees only half (or less) of the picture, they cannot presume to know that what they are seeing is definately relevant to the case. Taken further, if the government cannot know that the material is relevant, then they cannot attempt to use parts of that material to build their case.

What would Ben Franklin say?

[sonnerbob]

I believe in the necessity of giving law enforcement the power to do the job of enforcing the laws which protect us all. I realize they have a tough job and its easy to rationalize that the subject was a "bad guy" and deserved what he got.

The problem I have is justifying the means by the ends. In the US, at least, we have a Constitution that strictly limits such unlawful searches and seizures. Whether or not the search is justifiable because it pinches a Mafioso is immaterial. Planting a key stroke monitoring system without the same restrictions or obligations necessary for a phone tap, I think, violates that right. I'm pretty sure Benjamin Franklin would agree with me.

By the way...Ben Franklin's Web Site is a great book.

Re:Here is what Mr. Franklin Said

[sonnerbob]

...and he was a lush (and a lech). Thomas Jefferson owned slaves. Politicians engaged in duels and killed each other. Only land owning white men had suffrage. What's your point?

what does your keyboard weigh?

[referee]

"It weighs a few grams, and unless you . . . routinely weighed your keyboard, you'd never notice," he said

"I can't believe good security now involves weighing my keyboard." -Nicodermo Scarfo Face-o

Scary enough

[Ummite]

"Anything he typed on that keyboard - a letter to his lawyer, personal or medical records, legitimate business records - they got it all," said Donald Manno, Scarfo's longtime lawyer. "That's scary. It's dangerous," he said. We all know this. Wiretaping will always be litigious. But, I think in some case it's more than correct to use all technological ways to sentense someone, when real reasonnable doubts are in case, and I think it's one.

Re:Related case

[perlyking]

Yeah some people I knew actually recorded their login name/pass in these keys!
Actually I loved those keyboards, you rarely hit the wrong keys as you got nice feedback from them and the keys were fractionally larger.

But even then...

[achurch]

If it's on your person, the FBI would have a very difficult time getting to it without your knowledge.

Who's going to watch over it while you're asleep? And how do you know they're not an FBI spy?

--
BACKNEXTFINISHCANCEL

Physical security!

[DigitalDreg]

A friend of mine wrote me a DOS TSR back in 1989 that captured and recorded every keystroke. The victims were users that I helped adminstrate systems for. I wanted them to tighten up password security.

Just like the hardware device, every keystroke was captured.

It was hilarious to watch the look on the sysadmin's face as I told him the passwords that people were using were too trivial. He said how do I know. I told him his passwords. Then I showed him a list of a few others.

The moral of the story - physical security is still important. PGP gets you nowhere if you've been compromised at the physical level.

Who cares if he was "Familia" or not...

[Zecho]

I for one don't want anyone screwing around with my machine, hell my wife doesn't even touch it. Not that I have anything to hide really, and not that there are any illegal activities being committed with this machine. I want my privacy. No matter how many Jimmy Hoffa's are buried in my basement!

(Note to FBI: there are no Jimmy Anybodys buried in my basement)

touchscreen?

[Cre8oR]

So why couldn't you get an on-screen keyboard to protect against something like this? If there's no wire there can be no tap right? If they had access to the internals of your computer and it's OS you'd be screwed anyways so unless they can tap the physical keyboard you're safe. Keep it all-in-one and their job becomes much more difficult ;)

Let me put it this way:

[spectatorion]

Everyone who says, "so what, he's a mafia guy and monitoring him will make it easier to convict him," should consider this: If you give the government this kind of power, once they run out of "real criminals," they will come after you and your rights. It would seem that punishing all criminals is the eventual goal of law enforcement (more or less), which would supposedly make all the "good citizens" happier and safer. Well, suppose that this was actually accomplished: the FBI and other scary Big Brother institutions have this kind of power and all the criminals are in jail or executed (if you live in texas). Do you think they will all just quit and say, "ok, guys our work is done. everyone is safe." No, they will continue to wield this power and they will wield it against you. Ridiculous government power should be checked (and, in my opinion, taken away from them). The government should be here to provide some services for us (like universal health care, roads, clean public transportation, bridges, basic law enforcement, encouraging science and the arts, protecting us from corporate crime, etc.) not for scaring the hell out of us and taking away all our privacy.

I am also very opposed to government secrets. Secrecy in laboratories, so-called "intelligence" organizations, and military operations all scare me greatly. If ours truly is a government "of the people, by the people, and for the people," then why is it that certain government officials can see things i can't? What is the government without the people? Nothing. This country is a mess. I have more to say, but no more to type. some other time, maybe :-).

-----
# cd /

Re:Get worked up!

[msodfjsalfhlskdhf]

The FBI has proven that it is not above using its power for political purposes.

Details instead of vague accusations, please?

How about the persecution that the leaders of the civil rights movement suffered at the hands of the FBI and J. Edgar? Agents were planted to incite escalation of violence and keep tabs on the movements led by MLK,Jr, etc. Now you can't tell me that the reasons behind this weren't political and/or racist. Look in the history book once and a while and you'll find that governments around the world don't behave all that well when allowed to do whatever they want, and begin to encroach on the rights of all their citizens if allowed to do so to a relatively small group (Nazis).

====
All things in life are subjective. At least that's what I think.

Re:Calm Down!

[jfk3]

Yes, I see... I must have had my sarcasm detector turned off and I hit the reply button too quickly.

Re:Calm Down!

[jfk3]

So you believe we should have a benevolent dictator. Perhaps Cuba will take you in. History does not support your simplistic view that the guvment should have unrestricted powers.

Re:Keyboards with Smartcard slots?

[Technician]

And what is your keyboard going to output on the connector that has the recording box?(firmware) Later, they just push "play" and the computer does not know there is no care in the keyboard slot. They have a record of the whole thing. I would not use an external attached reader except in a location where the computer had physical security and limited access for any secure stuff.

Re:What will your defense be...

[Technician]

What will your defense be when your captured keystroke password opens the previously captured encrypted file? They were specificaly looking for a password to a file they already captured.

OS independent

[Technician]

wow! That is not good. Even your boot up root password is not safe from this. Dual boot isn't safe.

Re:OS independent

[jafac]

even a BIOS password would not be safe.

Re:Plug and play keyboard sniffer

[Technician]

Change keys often! Emulate a code hopping device. Anything new captured would be useless on an old file they already have.

Re:Change them locks

[Technician]

Change locks/passwords/combinations/passphrases often

Destroy old records and old passwords. This weeks captured key should not open last weeks mail. A place I used to work sent keys in the public mail. If it arrived OK it was used the next week. It was mailed from random locations to random trusted employees. If it showed signs of tampering or did not arrive, it was rejected an not used. Enough said.

Re:How do you stop this?

[Technician]

Yes,

1 Good monitored alarm on the house

2 Locked desk

3 Handheld PC for other e-mail account.

4 Hidden datalogger on phone line and alarm sensors. Outgoing call from alarm (before reset) can be logged. A furnace "energy usage" meter is a good cover for a datalogger. The alarm company does not know your PIN after you change it. The alarm should trip before they can enter service mode. Wireless sensor in desk trips "other" silent local alarm and datalogger. Datalogger should display "number of cycles" and "time of last cycle". This will alert you if you were visisted since you left for work in the morning. Check and set both alarms everytime you go out and check the datalogger everytime you return. Monitoring companies are useless in the visited by FBI department.

Re:How do you stop this?

[Technician]

I prefer "warrenty void if removed stickers". Not the generic kind, but ones that tear apart and have a computer shop name on them. They can not be replaced by a generic as it would not be the same. One over a screw hole does the trick.

Re:Get worked up!

[SecurityGuy]

It's a flipping shopping list. Who cares?

I do. I think we have opposite perspectives. I operate under the belief that I have a right to privacy. Neither you nor the FBI has a reason to surreptitiously read my shopping list, my recipe collection, or any other of my legal communications. You specifically don't have the right to read them just to make sure they're legal.

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Privacy isn't about hiding. Privacy is the right to make your own determination about who receives information from or about you. Maybe I rented a PG rated movie last night. Maybe I didn't. There's certainly nothing wrong with renting PG movies, so you're right, I have nothing to hide in disclosing the information. That aside, you have no right to demand disclosure.

This is America! You aren't going to be persecuted for harboring seditious ideas.

Tell it to Martin Luther King, who was under surveillance. You might consult as well with Senator McCarthy. If being hauled before a Congressional committee for your alleged beliefs isn't persecuted, I'd like to know what is. Free speech is a wonderful idea with a less than perfect implementation in the US.

Details instead of vague accusations, please?

Some 900 FBI files ended up at the White House under suspicious circumstances, also known as "Filegate". I'm not aware that this has ever been resolved.

Another great reason to use.... Dvorak

[rlwhite]

(Or any other non-qwerty keyboard software).
I use a Microsoft Natural Keyboard with Dvorak set in Windows. Since my keyboard sends out signals in Qwerty to be interpreted into Dvorak in software, 2 out of the 3 possible technologies (including the most likely, a hardware bug) the FBI might have used would have confused them. (evil laughter)
Unless, of course, they intercepted a message like this one....

Re:but...

[radiashun]

Could it possibly be something like this?

Now I realize that this is a complete keyboard, but surely the FBI can reproduce the same type of hardware-based logging mechanism that this thing uses.

I've seen these bugs before..

[VudooCrush]

Down at my local "Spy Headquarters" shop in Phoenix, AZ. they sell a very similar device. It's $40, and it's an extremely small piece that connects inbetween your keyboard cable, and the back of your computer. Not very noticeable at all. It looks like an adaptor. I just read what it said through the glass case and it read "Keystroke logger"..So I'm assuming this is the same thing. I didn't see any software with it, but I'm assuming the owner had it somewhere. Just thought I'd add that in...

Re:You missed the lesson on protection

[lrichardson]

Real lesson: if you want your data protected, don't put it in a computer

Of course, you could always go the laptop/plamtop route. I'd like to see the FBI break in and bug something almost grafted to your body. Heck, the Xybernaut models _are_ grafted to your body ;)

Re:Get worked up!

[TheAncientHacker]

This is America! You aren't going to be persecuted for harboring seditious ideas.

The scary thing is you might actually be serious. If so, I'm dumbfounded at that level of total ignorance of history. Please say you were just trolling!

The one problem with this.

[bobwhitethegreat]

I do not see a problem with using this as a form of wiretap for criminals. Where I do see a problem is the fact that PGP has uses for digital signatures, etc. With something that could be potentially legally binding, etc (which talking on the phone is not), having your secret key/encrypted secret key coupled with passphrase allows someone to completely impersonate another. Messages could be posted from the other person, and everyone would see a valid digital signature. The FBI are known to make mistakes occasionally, they certainly need to aprehend the criminals. However, some things need to be placed in the way so that if there is a mistake made, they will continue to protect the citizens. The _possibility_ of a secret key being released can actually be quite devastating.

Re:The one problem with this.

[Barbarian]

Perhaps PGP should be modified. You should have two pub/private key pairs, one for sending and signing, and the other for sending stuff to you (i.e. you'd only read with it). You could then sign your "reading" key's pub pair with your "signing and sending" key to show it's really you. Then, they could get a court order to only retrieve your read key.

Re:The one problem with this.

[-Harlequin-]

The _possibility_ of a secret key being released can actually be quite devastating.

"And finally Your Honour, we present as evidence the defendant's key, obtained from his home by the FBI" and now on public record.

If the MPAA's elite pack of lawyers can f*ck this one up (deCSS), I'm sure the FBI can manage it routinely :-)

An Easier Way

[wwphx]

Use a laptop. How are you going to fit a sugar cube into a laptop case? The space just isn't there. Not to mention the difficulty in quickly disassembling/reassembling a laptop.

--

Re:Keystroke taps get EVERY keystroke, even pre-^H

[imadork]

Remember kids, your keystroke logger records EVERY keystroke. Typed out a phrase that might be a little too strong, but then thought better and erased it? Logged. No opportunity for revision, as soon as you press the key the FIRST time, the event is recorded, even if it was never saved to a file/sent in email/sent in chat.
You could type "I accept suitcases full of cash in exchange for contraband" at a random and inappropriate time, and it would be logged, even though your sentiment was not reflected in any saved file or communication.

This is why we have courts in the U.S. Any good defense attorney (and even a few of the bad ones) can make the right case to the jury in the above situation. Remember, Juries are composed of a dozen people who couldn't get out of Jury Duty...
The situation referenced in the article, where passwords were stolen, lead to files and records that did NOT suffer from this preservation of thoughts that you thought better about saving. (Unless you're using Fast Save in Word...)

So, the power of the Government is somewhat limited by this whole Fair Trial thing. As for your Employer? They have more of an opportunity to abuse things, I suppose. It's their computer, after all, and you should have no expectation of privacy on it. Just make sure that you do your job so well that no one will be out to get you!

Not a BUG

[unicaller]

The keyboard snifters have been around almost as long as keyboards have been. We played with one. Keyboards have microcontrolers like ALL electronic equipment they create 'noise' that can be picked up from a good distance. To the laptop guy laptops are much less shielded then desktops! Nothing would have to be done to the computer! A recorder with a small HD could store hours of key strokes, or you could transmit them to a remote station.

Re:How do you stop this?

[RandomPeon]

For the very paranoid, mark lines would also be helpful. Take a marker/pen and make a little mark where the parts of the case and keyboard meet up. You'll know if anyone opened it because the line won't match up anymore.

Read this in a book once, don't actually do it.

The bright side

[Elby+23]

I think the bright side of this is that it shows that the FBI does not have the ability to break strong encryption.

Unless this is a massive FBI troll to make people BELIEVE that they don't have this ability, of course.

Or, maybe this is a conspiracy by the FBI to make people THINK they have the ability to crack encryption by making what appears to be an obvious move to convince everyone they DONT have the ability.

Yeah.

Re:Journal Files in VAX/VMS Editor; Word Fast Save

[KagakuNinja]

The VAX/VMS screen editor (what was it called?)

VAXTPU comes to mind

The did capture communications

[gte910h]

If they caught him writing an email that he sends, doesn't that count as communications?

Re:High tech?

[ideut]

A _sure_ way to not have your keystrokes logged

Ideut, your keystrokes are logged on a typewriter by the ribbon.

Re:Calm Down!

[gdiersing]

Fruit of the poisoned tree , if you can PROVE, a law enforcement agent lied to get the warrant, any evidence found as a result of that search can NOT be used against you in court.

Re:How incriminating can my keystrokes really be?

[zedaar]

Probably not, as he'd have them all bookmarked...

Re:There Has To Be A Way

[zedaar]

Encryption between the keyboard and the OS would be OK, I guess, but it depends how "close" to the keyboard the bug is.. If it's at the computer end, fine, but if the bug is in the keyboard itself... The keyboard has to recieve the keys you type in clear at some point before it could encrypt them and send them to the computer. You'd just have to learn to type in 1024 bit RSA to get around that one.

Re:Calm Down!

[dasunt]

tewwetruggur writes: So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

Its a fine line we tread these days between our rights, and the powers we give the government. I'm not sure about you, but I wouldn't want my privacy invaded just because I *might* be involved with the mob, terrorists, or child pornographers. To get a search warrent and/or a wiretap, the police have to go through a judge, which (theoretically) provides a check against abuse. Otherwise, what prevents law enforcement from monitoring everyone to prevent crime? Human beings need their privacy, I wouldn't like my entire life to be examined by another human being, and I'm pretty sure you don't either. Sure, stricter laws will catch more criminals, but the same laws will infringe on the rights of non-criminals.

I believe there is something seriously flawed about a system of law and order that assumes everyone is a criminal. The default assumption of law enforcement should be that everyone is a law-abiding citizen, and they should have to show evidence to the contrary before they can invade an individual's right to privacy.

Just my $.02

Okay-

[perdida]

For starters, IANAL. All paragraphs in quotes are taken from the Inquirer piece

"A wiretap or room bug also would have required authorization from the Attorney General's Office as well as court approval, defense lawyers say. And it would have required investigators to "minimize" - not record or listen to - conversations unrelated to the focus of the investigation."

The FBI, as discussed in Carnivore controversy, often ignores possible precedent laws (in this case woretap) when there is a new technology. If the previous law's spirit remains true, the FBI violates the law by having a record of all conversations. Depending on what the computer is used for, they may be violating the privacy of customers and family members, so the good evidence they gather may be inadmissible in court if the previous laws are proven to hold even partially true.

"The application for the authorization, submitted by Wigler, contended that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply."

Bullshit. The keystroke capturer is in the computer and the stuff is remotely downloaded to an FBI computer at a later time. Of course the original record lies in the keystroke capturer, but the copy or mirror is just as implicating.

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered."

If THIS decision is held up, it will place different freedom levels on "speech" and "data," in which data will be considered open and available to any search and unprotected by freedom of speech or privacy laws.

"Typically, information from the device would be downloaded from a remote location, he said, and the downloading process could take seconds to minutes. The result would be a "mirror" of whatever was tapped into the keyboard."

Let's say the mobster discovers the downloading process and shuts off his machine. Do a team of FBI agents pound his door open at that point?

CORRECTION: IL-legal

[perdida]

"FBI attorney: The suspect uses something called PGP, which prevents us from viewing his email and, combined with other evidence we have gathered while surveiling him, constitutes probable cause that he is using his computer for legal activity."

should read IL-legal activity, of course. :)

Re:A real judge would ask

[Dr.NickRiviera]

>Planning to comit a crime is not a crime,

Actually, it's called consipracy, and is illegal. Were you surpised?

Re:A real judge would ask

[Dr.NickRiviera]

Not sure about UK laws, but here in the states there have been cases where people hire hitmen to kill people, and those hitmen happen to be undercover police officers. Crime? conspiracy to commit murder.

Is this ignorance, and on whose behalf??

[noz]

> "Tommy, I want you to go down to the store..." > "And rob out the shopkeeper, Godfather?" > "No you stupid idiot! I want you to close down our network and check for check for holes!" > "But Godfather, we're encrypting all of our traffic...??" And who's breaking the law here? The Mafioso, or the Feds??

mixed feelings...

[tewwetruggur]

Yes, the whole Big Brother stuff is pretty damn creepy...

On the other hand, we're talking about a mafia bookie... like I should feel sorry for 'em?

Not.

Just keep the damn horse heads out of my bed, thank-you.

Re:Calm Down!

[tewwetruggur]

Man... you almost seem too level headed...

What I think too many of the rights-violation-screamers seem to forget is context... strip away the technology issues and just look at the FBI fighting crime... compare this case to what the Hoover administration was know for... hell, this FBI is all warm and fuzzy compared to the "good old days"... you want your righs violated - I can think of a lot of ways we could all be a LOT worse off...

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

'nuff said

Re: Your Sig

[Petrophile]

It's a real good ol'fashioned pants-shitting laugh riot. Oh god, my side hurts from rolling on the floor laughing my big fat uncle-fucking ass off.

Related case

[jsse]

Back in time when I were working for IBM. All 3270 terminal keyboards has a 'Record' key. When pressing it all keystrokes are logged and can be replayed.

Very few people were aware of it as the 3270 keyboard is freaking complicated.

Wake up call?

[os2fan]

The wake-up call is not that the spooks are trying it, but that it can be done. Since the law enforcement officers has to convince the judge that what they did is right, there is this protection from then.

But that does not stop others ....

Re:Wake up call?

[os2fan]

The point is that the technology exists, and that ASIO (or FBI or whatever) are not the only ones who may want to snoop.

We are seeing the leading edge of what is now large scale computer snooping, eg Carnivore.

Eventually, a lot of crunching external data may become legit, like SETI@home is. It's not that far off that we'll start seeing `commercial in confidence' snooping.

Also, you don't need to nail the person on the collected data, all you need to do is alert that this person is worth watching, and nail on some legal-to-collect thing.

And being companies, there is little around the commercial in confidence stuff, and even less if there is a one-way ID system. [eg file `os2fan' contains no references to file `votegeek', but file `votegeek' contains commentry on `os2fan'.

Scary, hey.

Sucks, but it's better...

[cmowire]

Getting your keyboard tapped sucks, but it's better than the alternative.

Now, granted, tapping a keyboard should be equivelent to wiretapping and require the usual warant.

But I'd much rather have the FBI tapping my keyboard with a warant than needing to use whimpy encryption with a backdoor.

Besides, a smart political will sweap their gear for bugs on a regular basis. I'm sure that most people don't crack their keyboards open to look for bugs, but it might be the 3l33t habit of the new millenium, when it starts in less than a month... ;)

Re:(Not So) Easy Answer

[Timmaay!]

BUT... Would that not give the authorities more reason to use keystroke-loggers and other such technology?? If they have to wade through a (possibly) nightmarish brute-force attack just to get the grocery list you sent to your spouse, they'll end up doing one of two things if they want to find out what you're sending:

• Get better hardware to do the brute-forcing in a more timely fashion.
• Fight for judicial, congressional, and executive approval to the use of keystroke-loggers, etc. because they need access to the encrypted data.

While I don't believe that we should all completely switch to encrypted communication, I do believe that there is a need for it. As such, the only way to avoid having every encrypted message decrypted by "big brother" is to provide enough other encrypted traffic (jokes, random chatter, etc.) along with it to make their jobs more difficult, but yet still feasible under the current laws we have.

Re:There Has To Be A Way

[spood]

There has to be a way to implement some manner of encryption between my brain and the keyboard in which the neuron pulses are jumbled and re-constructed via a random mapping once it reaches the keyboard. I'm no neurosurgeon but I think some sort of device could act as a scrambler for my brain. Add some {Beer, Chronic, Quantum Leap Reruns} and there you go.

Sheesh. I hope I never have cause to be this paranoid.

Validity?

[suwain_2]

I would just love to contest evidence gathered from a keyboard monitoring device. If I bring up a text editor and type "telnet www.fbi.gov", and, after a small delay "root", and then after another small pause, begin entering random commands, they have no way of knowing where my text is going. Maybe I'm actually doing it at the command line, maybe I'm in Microsoft Word.

Now, if they also tapped your monitor, that would be a different story. But still, can they *prove* that I actually did something illegal? They would really have to have a copy of my hard drive to *prove* that when I ran "telnet", the normal telnet program was executed, not a little script that prints various information. (The type of thing they do in the movies.)

I really don't know why they do this; I think I can contest almost all their moves. ("We have proof that he typed 'I hacked the FBI's servers!" Yes, but suppose I say that I typed "What if I were to type" before it? What if I was writing a novel?) Pretending the courts still operate on the "innocent until proven guilty" strategy, all of their evidence is useless - the burden of proof is on the FBI, to *prove* that whatever I do actually happens as my screen shows it - I could setup a nameserver to route traffic for .com domains to an internal server.

Re:How to defeat...

[suwain_2]

While this is a great idea, who is so paranoid?! If you're going to go as far as to rip apart your motherboard and build it completely custom, what have you done? How many warrants are out for your execution?!

I personally would laugh if the FBI tapped my keyboard - they'd probably want to come in and shoot me for boring them to death.

BTW, here's another idea for how to confuse them... If you suspect you're being monitored, bang on the keyboard for half an hour straight. Perhaps they will suspect that you're using a non-standard keyboard and give up... At the very least, it would tick them off. Or type an e-mail to someone about some gross topic. ("I dropped a razor blade onto my crotch! It is all bloody now!") Or, my personal favorite - write utter nonsense. (ie - random words) Another fun idea - make it look like you're completely computer illiterate. ("hppt:||ww.micro soft.comm")

No Sweat! - Encryption Fixes Everything!

[Wussmaster-$scosol$]

By "encryption" I mean from brain-to-brain. Criminals have been doing it for years... this guy just isn't one of the brighter criminals. "The sleepy weasel wakes at midnight" "The 4 jacks meet on Tuesdays" "The hot poker is ready to be shoved up the ass" (thx George C) etc, etc, etc The only truly safe way to communicate is to remove the context of the spoken/typed/otherwise-transmitted message. All the PGP in the world isn't going to save you if there's a video camera behind your back watching your every move...

Hard to decipher keystrokes

[Judge] And what are these pages of mysterious keystrokes I see on the transcript?

[FBI] Your honor, our best cryptographers have struggled with this for 5 months, using elaborate supercomputer analysis, and couldn't crack the code. It must be an incredibly well-crafted keystroke encoding, requiring extreme training to use at the speed it was typed.

[Judge] Defendant, can you tell us what it is?

[Hacker] Yeah sure, I was playing Quake for 3 hours.

Re:You are naive.

[mosch]

Nope, according to Title 18, Section 333 of United States code, if you render currency unfit to be reissued, you can be fined up to $100, and sent to jail for up to 6 months. Title 18, Section 331 specifies harsher penalties, if the act is done with intent to defraud.

--
"Don't trolls get tired?"

A real judge would ask

[bluGill]

And how do you know the suspect is using PGP since you do not have a warrent for wiretapping. If they have a warrent to do wire tapper, lawfully and correctly obtained (even if it turns out to be based on what turns out to be a false lead), then they should be able to bug the keyboard. Otherwise they do not have that right.

Suspicious activity is not reason for a warrent, unless a crime has been comitted. Planning to comit a crime is not a crime, but commiting the crime is. (And when a plan can be shown then the crime is generaly greater)

Re:A real judge would ask

[billh]

I'm suprised that 'conspiracy' charges can be used not just for prosecuting criminals, but for extending sentences, pressuring people into testifying, and sometimes as a form of prior restraint.

Think about it this way - if we have a conversation about poisons, and you know I am trying to get back at someone, you might assume that I intend on poisoning this person. But what if I am an author, and I need information about poison to make my book realistic? Or if I am researching for a thesis on the subject? Or if I am just interested in the subject?

Conspiracy should never be a charge without a hell of a lot of evidence that the crime was, indeed, about to take place. And if a crime takes place, that should be what is prosecuted. Conspiracy charges are another way to suspend liberties.

Conspiracy theory

[Dr.+Evil]

Interesting... but then they would only have to say that they've tapped the keyboard, present the decrypted data, confiscate the system for evidence, and then, maybe, install the keyboard monitor.

Re:Get worked up!

[Malor]

It's expensive now, but it won't always be. Technology gets cheaper all the time. They can do it to 1 person in 10,000 now -- in ten years it might be 1 in 5. They might be able to lean on keyboard manufacturers to install keystroke monitors on ALL computers.

Think about it.

Re:Calm Down!

[FiNaLe]

Who types their shopping list anyway?

Perhaps into the palm desktop to sync, but just to print out, I mean, come on... And if you can sit down and type it in one sitting do you really need the list?

Re:Please Read "Why You Should Use Encryption"

[Wiktor+Kochanowski]

> do you keep your laptop in a safe at night?

I guess it's enough to just never turn it off, and when you're not physically close, run a screensaver lock. While not guaranteed to work against everything (but what is?) it's rather doubtful that trying to patch such a device on wires of a running computer wouldn't create a system lockup, at the very least. In such event, when you come back and see your system rebooted or locked up, you know something has been wrong and you can examine your drivers, weigh your computer and so on (in the order of increasing paranoia)

> Why You Should Use Encryption

On the other hand, you might read the Brin's book, "Transparent Society", on why everybody should have a right to spy on everybody else. Or read his essays on this topic at www.kithrup.com

Plug and play keyboard sniffer

[hrath]

In case you ever have the legitimate need for logging keystrokes you can purchase a plug and play device at www.keyghost.com . This device connects between the keyboard and computer and looks like a small keyboard adapter. They also sell versions where the device is integrated inside a keyboard. It can later be unplugged, activated via a password and then replay the keystrokes.

I don't condone the use of such a tool, but people should be aware that this stuff is readily available.

regards,

Heiko

Re:There Has To Be A Way

[Seumas]

Actually, I work from home so neither my laptop nor any of my computers are ever out of my site other than the few hours per week that I'm out of the house.

Of course, another cool tool would be something that would generate random crap when your computer is idle so that when the little bug tries to upload data to its home -- all they get is about 80 words and 1,999,980 random keystrokes.
---
seumas.com

Re:Get worked up!

[AftanGustur]

If I haven't done anything illegal, I have nothing to hide.

Pardon me, but please let *me* decide if I want to hide my personal life from the state or not. Or better yet, please respect others right to keep their personal life to themselves.

There is no law that protects my right to a private conversation to my brother, but it is a right I'm not ready to give up. I'd rather see 100 criminals walking free than my rights to private life taken away.

--
Why pay for drugs when you can get Linux for free ?

Re:There Has To Be A Way

[Barbarian]

A keyboard cipher would be subject to attack by pattern matching...

Spies in sandcastles shouldn't throw waterballoons

[Graymalkin]

Here's a tip for those interested in really keeping your shit secret. Secure communications are a start but don't counteract things that are purely physics problems. Computers are noisy little RF emitters and with the right equipment you can pick up these RF emanations and translate them into data. To keep the FBI and others away from your computer use a laptop and keep the fucking thing with you all the fucking time. Encrypt all the data on it and keep the keys with your lawyer (have him keep them as part of attourney-client privilages). Besides keeping everything encrypted, keep everything encoded. Speak in code and write in code, codes that are indistinguishible from noise. Once you turn your computer on, do so inside of a shielded room and connect things together with shielded cabling. Monitor all lines coming into your house and keep records of attenuation. A quick search of google about TEMPEST, Van Eck phreaking, or electronic surveilance can provide you with lots of info to defeat eavsdropping. Tell the J. Edgar's to go fuck themselves.

Re:There Has To Be A Way

[Sloppy]

So you'd need a "smart" keyboard to do that -- and even that won't work, if the put the tap between the smart part and the keys.

Even so, opening up a nonstandard keyboard and putting in a bug that somehow integrates with it, takes a hell of a lot more effort/time/risk than sticking a ready-made inline PS/2 adapter. One can be done with a quick breakin and 20 seconds of work, the other takes a recon pass breakin to see what kind of keyboard it is, research on how to bug it, and then a good amount of time onsite to install the mod. A lot more work for your FBI / Industrial Spies / Blackmailer to do.

A crypto keyboard is a good idea.

---

Thoughts...

[KFury]

• Use keycaps to mouse out all your ilicit messages
  
• If they intercept your PGP passphrase, all the encrypted communications they've intercepted already can now be decoded.
  
• I bet you could rig up a pgp keyboard, but then they'd just put actuators under the keys themselves.
  
• Use a Bluetooth keyboard with encryption, and keep the keyboard under your control at all times.
  
• Use a laptop (see above)
  

Kevin Fox

True.

[mindstrm]

But why does everyone keep saying that? THe article *very clearly* states that the feds did this WITH A COURT ORDER.

They can no more tap your phone without an order than hack your box without an order.... I don't see what the big deal is here.

And...

[mindstrm]

This is fundamentally different than planting a bug or hidden camera? How's that work?

No. The fibbies do NOT have to leave a copy of the warrant on the scene; this wasn't a search warrant, this was an order to do surveilance.

Re:How this seems to read to me....

[mindstrm]

Dude, if I were to sneak into your house undetected, and open your keyboard, and actually add in some small electronics to capture keystrokes for later retrieval, how exactly would you 'know' it was there without actually taking your keyboard apart? Are you some kind of psychic?

Also, if you are not at all expecting someone to have planted a keystroke monitor on your computer, how would you detect it even if it was software? I mean, you might not even LOOK. And to boot, especially if it's windows, it may be far from obvious.

*combined*.

[mindstrm]

He says 'combined with other evidence gathered, this gives probable cause that his computer is being used as part of illegal activity'.

They did not say 'pgp makes him guilty'. They said that, in addition to everything else he does, it's probably cause.

Having a crowbar does not make you a thief. Being viewed purchasing tools that are also associated with break&enter crimes, as well as having other evidence that seems to point to a life of crime WOULD be probable cause to think you are committing a crime.

Get off the high horse.

Software + OTHER STUFF = probable cause is NOT the same thing as
SOFTWARE = INTENT.

Typewriter Ribbons

[SEWilco]

And how is a keystroke logger different from stealing and replacing a typewriter ribbon?

Typewriter ribbons and carbon paper have been used as a source of text during investigations for decades (plastic or film ribbons since 1959). The FBI teaches ribbon examination. There are cases with ribbons as evidence.

Re:Why they need your keystokes

[Billy+Donahue]

gnupg wouldn't page the memory to disk.
It uses mlock

Re:Please Read "Why You Should Use Encryption"

[segmond]

Encryption will not save you, when a keyboard logger is used, it logs what you type in at the keyboard, thus they can capture your password and passphrase, this is a very old thing, I wrote one in 1994 for MSDOS, There is one for sun, and I am sure there are many out there. I came across a site, where some guy built a very small matchbox sized hardware that does this, and stores around 1000 keystrokes. There are many weak link in a computer, if the OS is 100% secure, is the keyboard and monitor and all external hardware devices that the OS cannot control?

Re:You are naive.

[mpe]

Perhaps you hold political opinions that are unpopular with the current administration. Maybe you have your local mayor upset at you for campaigning against him last election. Maybe you are a journalist who has published stories that upset the FBI. Perhaps your ex-girlfriend has taken a job in the local field office.

Prehaps you happen to know about questional activities by people in "authority".

Re:You are sick

[mpe]

People involved in even the most peripheral way in committing drive by shootings should be tortured in the most heinous way possible on live tv before being cut up into little pieces and blasted into the sun.

How is this going to happen, at least one of the companies concerned survived having an atomic bomb dropped on one of their facilities.

Re:Get worked up!

[mpe]

Witness the most recent example, internment camps for the Japanese and Italians during world war 2. This was the cause of a direct exectuive order! Or how about all the people arrested during WWI and the period right after for being communist. There was even a law passed by Congress saying they could! Look up the Alien and Sedition Acts.

So much for the much trumpeted written constitution.

Re:Get worked up!

[mpe]

In that case, you will support open ballots for all future elections? We can have everybody sign, date and address their ballot, then, if there is any question as to their intent, we can just call them up and ask them how they voted.

There must be easier ways to test if the telephone system in Florida needs upgrading :)

And yet more reason ---

[HerrNewton]

To use a laptop which can be kept in your physical presence at all time. If one was going to do something illegal and needed to keep records which would clearly attest to the illegal thing, wouldn't you want to keep a close eye on those records? ie, a laptop or a palmtop? If it's on your person, the FBI would have a very difficult time getting to it without your knowledge.

----

Re:This is GOOD news for crypto enthusiasts

[Steve+B]

This is precisely why any attempt to build surveillance capability "into the infrastructure" should be firmly rejected. The cops can do surveillance on a case-by-case basis -- but it requires them to do actual work and puts them at some risk of being caught if they do it illegally, both of which serve as checks against fishing expeditions.

If the DNC offices at the Watergate could have been bugged by pushing a button in the White House while G. Gordon Liddy took a nap at home, we probably would not know about it to this day....
/.

How to defeat...

[cr0sh]

Want to know how to defeat this "logging" for your "surepticious" behavior? Simple - don't use a keyboard.

At least not in the normal sense...

First off, since they are doing a B&E to set it all up (heck, even with a warrant you should do this), first make sure you set up some kind of ultra-secret hidden cam recording movement (hide it in the ceiling or wall - use a pinhole type camera, mount it to NEW wallboard right over a pinhole, then mount the new wallboard. Break up the wall with pictures, wall hangings, carpet). Don't tell anyone about it. This will let you know if something hinky is going on.

Next, since they are likely tapping one or more of four spots (the keyboard, the interconnecting cable, the motherboard connection, or OS hooks with a software logger), you need a way to bypass these. A good way would be to build a simple encrypting keyboard (or even a complex one), and a special card for the PC, and drivers to read it.

Another way would be to set up a serial console to do everything from - use a funky terminal not in great production anymore (a real VT100 or ADDS, or something similar - Olliveti?). Perhaps you can encrypt the serial comms as well. Maybe set up UltraTerm on a CoCo 3, serialized over the RS-232 pack to the console serial port on the box (that should confound them!).

Use an optical keyboard, with custom "encryption", perhaps. Mark your keyboard with an identifying mark. Put a seal on the keyboard, or over screw holes to detect "modification". Same with the case. Add locks to the case. Add an alarm.

Here is a funky idea - set up the "computer" to be a dummy with an alarm (or other nastiness), into which the keyboard is plugged into. Using cat-5 and a "dummy" network card, route that out to another "dummy" network card in the real computer, with that dummy card hooked up to the keyboard header of the real machine (thus the actual machine looks like it hasn't got a keyboard attached). Set up a current monitor to notice drops in current on the keyboard "port", with alarms and such to notify you.

Here is one - rewire the keyboard port and keyboard (and any interconnecting devices - keyboard switchers/extenders might need to be taken into account). Swap the wires and connections around (might be a pain at the motherboard end). Done clean and right, it would be a mess for them to sort out *on site* - heck, they might not even notice it (think they do wire tracing to make sure the keyboard is standard - perhaps, perhaps not). Maybe even use completely non-standard connectors. Maybe go so far as installing a non-standard (keyboard wise) microcontroller in the keyboard, with custom coding (combine this with the other tips, like "encryption" and such - one hell of a hack).

Do I really think any of these would stop the FBI? Naw - but it would make their lives at least a bit more miserable. Perhaps it would confound them enough to make them come back later - given enough covert surveillance on your part, you could destroy the machine (or change it!) in the meantime...

Worldcom - Generation Duh!

What have I done? Nothing...

[cr0sh]

But considering that affronts to our (American - but hey, all this can apply to other countries as well) Constitutionally protected rights - rights that the authorities and legislators seem willing to dismiss - rights that most people have forgotten they even have...

Considering all this - we should be more paranoid - not less. It seems every day I hear or read about something that convinces me further that we are falling into a police state form of government. Something has to be done. Today it wasn't me, tommorow it probably won't be either.

Someday it might be - better to be prepared now than wait until it is too late...

Worldcom - Generation Duh!

Re:What's wrong with pictures of children???

[radja]

>Why is it illegal to possess a photograph of an illegal event?

the reasoning is probably something like this:

we don't want to create a market for child-pornography, since this would partially legitimise the making of child-pornography. by allowing the product, you encourage the producer. making a CGI of child pornography is probably to make it easier to apprehend the real sick bastards. a picture of a kid in the nude isn't child-pornography, btw. there must be a 'sexual act'. Otherwise, your mom would be a criminal for keeping all those baby-pics around (and showing them to your gf)

//rdj

Not according to legal definition.

[Ungrounded+Lightning]

The article missed one important point -- they were intercepting communications!

Sorry. The only "communications" protected by the wiretap law is voice telephone conversations. "Commnuncations" between the keyboard and the computer are not included in that definition - nor are e-mail with other people, nor conversations with other machines.

The way the law currently works is that it is extended to protect new technologies - either by explicit legislation or by court precedent. So new forms of communication are UNprotected by default. Maybe you'd LIKE the default to be the other way, but in practice this is how it is.

By tapping communications on the the cutting edge tech, where no law has gone before, the FBI gets to spy until a court or the congress makes them stop.

World War 2 was not the most recent incident

[Doubting+Thomas]

Remember when McCarthy made Communist mean "daughter-raping baby killer"?

Charlie Chaplin lived out his golden years in the south of France because of Mister McCarthy and his little campaign.

Not that this refutes your core argument in any fashion. But the old joke about the difference between being British and American is that the British think a hundred miles is a long way, and the Americans think a hundred years is a long time, is fitting here.

Some will see an example from the fifties as more compelling than one from the early forties, less able to shrug it off.

-

Re:What's wrong with pictures of children???

[DreamerFi]

Hetro/Homo/Bi-sexuals have sex with other adults

Nope. Write consenting adults in there, and I'd agree. I'd also agree that there's no such thing as a consenting child, so having sex is impossible for a pedophile, but other than that, there really is no difference between hetro/homo/bi and pedo. That fact that some pedo's still have sex with kids is simply a legal matter, send them to jail, just like hetro/homo/bi who have non-consenting sex (or let's call it what it is, rape) with others.

Re:Could be much worse

[CaptainCarrot]

Perhaps, although if you want to get really technical, an email isn't communication until it's sent. The FBI is doing the interception before that happens, and they see no incoming emails with this scheme. It's rather akin to bugging a room where someone's talking on the telephone.

You need to see drivers too

[goingware]

In the case of my keystroke recorder Last Resort it was an operating system patch that ran as a bit of boot-time software that loaded some code into memory, patched an OS trap and then exited with the patch still resident.

With NT, you can hit ctrl-alt-delete and look at the processes. With *nix, you can do "ps".

But really you need a list of all the drivers that are active on the system, and on a modern OS there will be lots of them.

This is particularly pertinent to something like Linux because anything that's installed as a driver runs in the kernel and can basically do anything it wants. Is there even any user id boundaries for a driver, or does a driver effectively have root priveliges?

Really what you'd have to do is make a list of what is there when you get the system configured the way you like and then monitor for changes to this list.

BTW - a common security hole in a lot of Linux installations is that you should have all the kernel source owned by root and do the compile while logged in as root (don't run X as root - su in a shell window). That way no one can tamper with your modules.

If you build your modules as an ordinary user and install them, there's more of a possibility someone could overwrite them with a crack.

Michael D. Crawford
GoingWare Inc

Re:Get worked up!

[rakslice]

"odds are you are a criminal and OUGHT TO FACE THE DUE PROCESS OF LAW. This is not a game where the cops have to guess that you are a criminal, and somehow charge and prosecute you without touching you or your property"

No, this is a game where the federal authorities get annoyed that you aren't doing anything wrong, so they find something unrelated to charge you with to justify their effort. Read the Hacker Crackdown (e-text is available online for free, and dead-tree-text is still in print AFAIK) if you want an extensive brief summary.

Why they need your keystokes

[Nonesuch]

The suspect uses PGP. Like many other cryptographic systems, his email, stored messages, and other information the FBI would like to use for evidence are stored encrypted.

The FBI could obtain a search warrant for his computer and email messages, but this would only get them the encrypted messages, and the encrypted version of his decryption key.

The ability to "wiretap" his keyboard is the only way (short of torture, or taking several years to brute force the key) to obtain the "passphrase" that unlocks his encryption key, turning all of that meaningless random data into human-readable incriminating evidence.

Personally, I tear apart my PC every week or so (not solely from paranoia), and I think I'd notice any extra little boxes on the keyboard port.

Between that and keeping the machine in my hidden copper mesh closet with filtered DC-power and fiber-optic ethernet under 24-hour gaurd by a specially bred pack of mute doberman attack dogs, I'd say I'm fairly safe.

Just remember- always ground your faraday cage to a cold water pipe!4

Re:Why they need your keystokes

[aozilla]

Unless he was smart, and stored his encrypted key on a disk or (probably credit card sized) cd. Then the passphrase won't do them any good, will it?

Nah

[TheCarp]

While that sounds nice, I somehow doubt the FBI is going to resort to a remote compromise to break into a system, just to place a wiretap program.

Chances are they will enter the premises when you
arn't looking and either add some sort of transmitting dongle, or put the program on that way.

Another reason to use linux really... it would require them to actually break in. They would have to break into root to actually hide anything. (of course if they bring it up off a floppy - how will you know that it wasn't a power failure or failing power supply that brought it down and ruined the uptime?)

Of course, noone bothers to look but - you would be able to see a dongle. (Unless it was internal - which might require shutting the machine down anyway (my case can't be opened without unplugging it - due to power cord/desk arrangement)

-Steve

Re:Keystroke taps get EVERY keystroke, even pre-^H

[guran]

Hey, why not skip regular typing and only do copy-paste instead? At least for the sensitive pieces...

Re:Calm Down!

[acecccp]

The fact that the only thing of value to the FBI from my keystrokes might be my shopping list is irrelevant. The same argument can be used in stating that people should have no problem with government agencies monitoring everything they do for no reason at all.

I'm not trying to say that FBI having the ability to monitor people's keystrokes is a bad thing though. It is only a minor expansion to its already existing powers, most of which are in my opinion, necessary.

It is however, dangerous to use this type of thinking when deciding on an issue like letting someone take away people's rights.

How incriminating can my keystrokes really be?

[mr_gerbik]

One problem that arises here, for the FBI at least, is that most of the time they will only get half of the story. Sure, they can read my keystrokes.. but what good is that when my keystrokes are "p i n e" to check my mail from my mob boss. As long as I reply with "yes, I will deliver the goods" rather than "yes, I will kill your wife" I'll be in good shape. For any smart criminal, I would think it would be standard practice to speak with in a non incriminating manner. Besides, I wouldn't expect my computer to be any safer than my phone, especially if I was a novice who doesn't know how to cover my "digital ass".

-gerbik

What else is running?

[pallex]

Is there a way in (insert os of choice) to see *all* the apps which are running? Processes,threads,tasks,interrupts,tsr`s etc. If you could see them all, wouldnt that reduce the risk of keystroke loggers?

Re:Get worked up!

[aozilla]

Interestingly, the supreme court just ruled a few days ago that traffic checkpoints to search for drugs are illegal. Dissenting were Chief Justice William Rehnquist and Justices Clarence Thomas and Antonin Scalia, George W. Bush's favorite supreme court justices. Rehnquist said the checkpoints only involved a "minimal intrusion on the privacy" of the occupants of the vehicles. If you think your privacy rights are bad now, just wait until Bush stacks the supreme court with "strict constructionism."

Re:Get worked up!

[aozilla]

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Are you saying you've never done anything illegal?

Re:Calm Down (no, I WILL NOT sign my rights away)

[TheGratefulNet]

trading constitutional rights away is NOT something that should be taken lightly.

the old exuse of 'its for the good of all that we sacrifice some personal rights' just doesn't cut it. its the lamest one out there. don't accept it.

and besides, what have {mob bosses, terrorists, and child pornographers} ever done to YOU? personally, I'd trust these guys over the FBI any day.. at least they're up front and will tell you exactly what they want and how they're gonna get it. not quite so with the ultra-squirmy and above-the-law MenInBlack..

--

Re:Get worked up!

[TheGratefulNet]

even people with backgrounds that might lead to anti-government sentiment have been rounded up and put into prison, internment camps, etc.

whew - I think I need to stop reading slashdot in the early AM hours. I could have sweared that you said:

put into prison, INTERNET camps...

actually, an INTERNET CAMP sounds kinda fun. maybe I'm just a no-life geek. yeah, that's it.

--

Re:Calm Down!

[shepd]

>Calm Down!

Totally agreed. The FBI clearly explains they want the warrant to get the guy's password, not so they can read his love notes. This is no different than the FBI drilling the lock to a safety deposit box with a search warrant, if you ask me.

Which brings me to my next point:

>Which is more important.. ...or protecting yourself from having some FBI bureaucrat reading over your shopping list?

That is wrong, IMHO. For the same reasons it is wrong for an FBI agent to abuse his power to check out the family jewels in my safety deposit box for his amusement. Search warrants aren't to spy on items that make no litigious sense (and a shopping list is not good evidence unless it includes copious amounts of fertilizer and gasoline). They are to gather evidence against serious criminals.

I think there's a fine [undefined] line between protection and spying. Breaking the law defines that line.

Just my 2 cents.

Re:Get worked up!

[Suidae]

you're being paranoid. If you haven't done anything illegal, you have nothing to hide

In that case, you will support open ballots for all future elections? We can have everybody sign, date and address their ballot, then, if there is any question as to their intent, we can just call them up and ask them how they voted. And anyone who wants to know how anyone else voted can just request copies of the ballots through the freedom of information act.

Re:Get worked up!

[-Harlequin-]

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Unfortunately, the real world doesn't work like that. It took the WTO protests to make it clear that vocal oppostion to globalisation was not sufficent grounds to label you a probable terrorist and have your home invaded.

Protesters aren't a good example in that a lot of people hate them with a vengence and think they deserve to have their rights violated, but protesters are good example in that they so clearly do have something to fear while often clearly having nothing to hide.

Re:Calm Down!

[Fat+Rat+Bastard]

So, it's pretty clear that in the end, government nosiness is a good thing. Think about it.

Of course it is. Look at the old Soviet Union. The Soviets prided themselves on having cities that were safe enough for women to walk around alone at night.

I think the police should have the right to enter your property at any time they see fit without a court order. That way we can rid this country of drugs, child pornography, weapons, "subversive" materials. After all, you shouldn't have anything to worry about if you haven't committed a crime.

Re:Calm Down!

[Erasmus+Darwin]

but the fact of the matter is that the FBI had a court order here! They had every right to tap this guy's computer.

Had you bothered to read the article, you would have noticed that it spent several paragraphs explaining that the FBI only had a search warrant. Furthermore, it explains that a traditional wiretap order requires a higher degree of approval (both the attorney general and the court) than a search warrant. In short, they bugged his computer when they would've been overstepping their legal authority to bug his phone.

Hold on- I've cracked it!

[perlyking]

You could make it more difficult by using a pass phrase that you commonly use in normal computing.
"killall netscape" perhaps :-)

How this seems to read to me....

[AudioPunk]

Correct me if I'm wrong here, but here's how this reads to me.

FBI request : There's this bad mafia guy. We've got reasonable proof that he's doing Bad Things (tm). Instead of a phone tap, we'd like to do a computer tap to collect enough information to get him.
Court order : Yup, he's bad. Go get 'em.

That doesn't seem too crazy. What seems almost silly is that they ask for permission to install software, HARDWARE, and FIRMWARE?!?! Ok, anyone who can't tell well enough that someone has been messsing around with their boxen physically and put in new hardware shouldn't consider themselves very sneaky and need to get out of the Bad Things (tm) business. I mean it's like coming home and having a new random ceiling fan appear in your living room with a silver orb in the middle instead of a light globe(think mall security) and a mic for a pull cord. Duh!

As long as the FBI still have to get court orders that need to show reasonable proof you're doing something bad, I don't see privacy issues getting too bad. It's just when they're allowed to have manufacturers install hardware to transmit everything you do to a data base to try an filter out what illegal activity might be going on (be wary those adopting wireless LANs)that I'll get somewhat worried.

Wire Tapping vs. Key Stroke Monitoring

[BobTheWonderchicken]

I consider often the stuff on my computer more precious than what I would say in a phone call. The work on my computer is much better thought out than a phone call and therefore could be much more incriminating.
I think that key-stoke monitoring needs to be at least as protected as wire-tapping by laws.

Well now, this is interesting...

[bhalvors]

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered." So, they agents had a valid order from a judge of competent jurisdiction, so in their minds, what they were doing was legal. OK. Fine. The interesting bit, as I see it, is that in essence what they acquired was a non-expiring search warrant on a persons computer. That is a really neat trick. And you all thought that hacking *nix was cool, hacking the law, now thats a feat! Seriously though, as I understand it, don't the fibbies have to leave a copy of the warrant at the scene? If so, wouldn't it have been wise to read it? If so, then would'nt it have been even wiser to hire a geek to check out your system, and "flush" everything (except your bookmaking files of course!). Just a thought.

Re:Calm Down!

[Lazarus+Short]

Actually, the Hoover administration got something of a bad rap. Admittedly, it's somewhat arguable that they did get a bit overzealous at times, but those were generally isolated incidents, blown way out of proportion by the "yellow journalism" that was so prevalent at the time.

What's more, I saw some very interesting statistics just the other day (Of course, I can't find the link now!), that showed a very dramatic reduction in certain types of violent crimes that began shortly after Hoover took charge, and ended again just as he left. So, it's pretty clear that in the end, government nosiness is a good thing. Think about it.

--

Re:Get worked up!

[Lazarus+Short]

I think you're serious, so here's my answer: It is more important to me to protect myself from having FBI agents (not bureaucrats, agents)

They may be "agents" in name, but that doesn't mean they're not bureaucrats in reality. Honestly, you think the guys that took down the Montana Freemen or those cult memebers in Waco are the same guys who sit in a lab deciphering the output of little elecronic devices? Really.

reading my shopping list,

It's a flipping shopping list. Who cares?

my political manifestos,

This is America! You aren't going to be persecuted for harboring seditious ideas.

my notes on how to protect myself from script kiddies (proof positive that I'm a hacker, after all),

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

and my (probably) fictional account of Dubya and Jim Baker exchanging bodily fluids (not intended for publication).

Well, now, that could be libelous... but again, if you don't acutally publish it, you're perfectly safe.

The FBI has proven that it is not above using its power for political purposes.

Details instead of vague accusations, please?

If the FBI were not free to violate the 4th amendment, we wouldn't have anarchy -- we'd simply have a tolerable FBI. Do you really believe they'd have (your words) no power if they had to respect the 4th amendment?

Read the Fscking article, man! They did respect the 4th amendment. They had a court order!

--

Re:Calm Down! -- Carnivore & Other FBI Stories

I don't think you are aware of the FBI's history with repect to monitoring its citizens. An example of recent events was shown on Monday night's 60 Minutes. Two citizen's are in jail right now because of 24 hour FBI monitoring allowed by the law (when the law is misapplied). The FBI went to great lengths to misapply the law.

"notable for its lack of evidence"

"a secret court made up of anonymous judges"

"secret permission can be obtained to break in and tape conversations without Fourth Amendment guarantees"

In this example, the FBI had a court order -- a secret court order -- giving them every right to tap these guys' lives.

Your slippery slope argument of total anarchy resulting from the FBI not being allowed to invade the privacy of U.S. citiznes is ridiculous.

I am a lot more concerned about the FBI reading my personal files and deciding I'm a criminal and the consequences of that than any "mafioso", child pornographer, or terrorist. Unlike the latter group of "criminal" elements, the FBI is actually in a position of power such that it can destroy my life if the FBI so chooses.

Yes there is a law about your prive conversation

[bluGill]

Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

I can secure my papers against unreasonable searches and seizures. Email is just modern paper. If I send it to my brother I can secure it.

Not all rights are mentioned in the bill of rights, as the document specificly allows, which are despite not the lack of mention still retained by the people. Thus the right to private converstation, or for that matter privacy itself is still a right even if not mentioned.

The US goverment is not given right to take away those rights.

Hey...

[Millennium]

If the FBI can get a warrant to bug a specific person's keyboard, I've got no problem. It's no different from any other kind of search.

What bothers me is that the FBI doesn't seem to want to have to bother with warrants. They want to be able to just tap at will (as evidenced by previous attempts at laws to get the ability to search without a warrant), and that's just plain wrong. They've forgotten that there are more important aspects to the law than enforcing it; the law is there to protect the people from others... including law enforcement.
----------

There Has To Be A Way

[Seumas]

There has to be a way to implement some manner of encryption between the keyboard and the OS, in which the keyboard mapping is jumbled and re-constructed via a random mapping once it reaches the OS. I'm no hardware expert but I would think some sort of device could act as an interface which the keyboard plugs into. Add some software to the PC and there you go.

Just a thought. Maybe it's a dumb one.
---
seumas.com

High tech?

[Goonie]

Anybody who knows *anything* about computer security (including reading the PGP documentation) should know this is possible.

If this guy really was a Mafioso and didn't realize this kind of thing was possible the Mafia really need to hire somebody who knows the fundamentals of information security. My hourly rates are reasonable, and I'll take payment in the Cayman Islands if it suits :)

Re:Get worked up!

[mpe]

If you haven't done anything illegal, you have nothing to hide.

Wrong way around, if you havn't done anything illegal then the state has no business snooping in the first place.
The idea that given the power the state will only herass criminals has been proven time and time again to be nonsense. Indeed criminals are typically way down the list...

You missed the lesson on protection

[Tau+Zero]

Meanwhile, protecting yourself from the keyboard monitor is trivial. Never type anything critical on a computer electrically connected to anything else. Need to communicate? Use sneakernet to carry a disk with the encrypted message to a computer that is connected.

I don't think you read the articles. The FBI put a keystroke monitor (which can potentially record 32M keystrokes) onto the subject's computer. The data were being tapped directly at his keyboard; avoiding any transmission outside the computer would have done nothing to prevent its interception.

Real lesson: if you want your data protected, don't put it in a computer.

Putting a flash-based keystroke recorder into any detached keyboard would be a relatively simple matter; you get power and data directly from the cable and stash the data on the card. You could send the data to an external device using something like Bluetooth. If it was done to your keyboard, how would you detect it? Do you have seals on the case and examine them every day? I sure don't.

I think the lesson here is actually one of guarded optimism: breaking PGP is still beyond the FBI, so they have to use physical intrusion to get access to the keys. This burden makes it utterly impossible to perform fishing expeditions on encrypted e-mail or computers in general (Van Eck/Tempest monitoring notwithstanding). I feel a whole lot better about this than I do about things such as Carnivore.
"
/ \ ASCII ribbon against e-mail
\ / in HTML and M$ proprietary formats.
X
/ \

Journal Files in VAX/VMS Editor; Word Fast Save

[goingware]

The VAX/VMS screen editor (what was it called?) would save a journal file that was a literal transcription of all your keystrokes, and a copy of the original file.

If the machine went down or you got disconnected without saving, you could replay the journal file to recover your edits.

The cool thing was that this worked by literally replaying your keystrokes back into the editor, so you got to see your edit session happen over again at high speed.

So I quickly found I could make zippy little ASCII animations by laboriously editing out frame after frame of the pictures in an animation and then turning the terminal off when I was done. Turn the terminal on, log in, and replay the journal! Better than animated GIFs! Kids these days... Much to the chagrin of many people who thought they had kept something a secret, Microsoft Word does this too, with its "Fast Save" - it just saves deltas of each edit, rather than the whole file each time you save. It just does the replay in memory when it opens the file, but it is possible to see the changes, not just with a low-level editor but with Word itself. From The Forum on Risks to the Public in Computers and Related Systems:

The scary MSWord residue feature

I recently received a legal document as part of a personal negotiation that I am doing. The document was e-mailed to me in MSWord format. As I was showing it to my lawyer (who happens to be my wife), we decided to put our thoughts inline using the track changes feature of word. After selecting Tools, and Track Changes, we clicked on "Highlight changes in document" and voila, suddenly a whole bunch of red appeared on the screen. We looked at it closely and realized that everything in red represented changes in the document that my counterpart's lawyer had written. We got a good look at the previous version of the contract, as well as a bunch of comments and justifications that the lawyer wrote to his client. It was an eye opening experience.

It appears that instead of selecting "Accept all changes" before sending it to me, the other party to the contract simply turned off the highlighting to the track changes feature.

This is obviously a case of an unsophisticated person misusing a feature. However, it is very dangerous. Lawyers send word documents around all the time, and many of them do not really understand all the features that they use, nor should they have to. I imagine that I was not the first person to see some behind the scenes conversation in an important word document, that I was never intended to see.

Michael D. Crawford
GoingWare Inc

Yes...

[Greyfox]

They're already working on this technology... to allow the signal between your computer and your monitor and speakers to be encrypted. This is being done to protect media from pirating by you. It should be easy enough to adapt the same technology to work between your keyboard and your computer.

That, plus a Linux box that can only be booted from a floppy that you have on you at all times, plus some encrypted file systems that you unmount religiously when you're not using them would be a pretty tough nut to crack.

Re:Calm Down! (My Shopping List)

[Mick+D.]

eggs

kitchen timer

matches

flashbulbs

batteries

kerosene

glass bottles(emptied milk or juice bottles will due)

tubing

several feet of wiring

anarchist's cookbook

(Begin Rant)Whether these things are for a science project or some nut with half a brain it is their right to WRITE IT in private without some other nut with the other half of the brain breaking the door down when a VegiOmniCarniWhateverBot starts blaring "Danger Will Robinson, Danger Will Robinson!"(End Rant)

The Public Key Keyboard

[Nonesuch]

I'm not sure if it's a solution, but it certainly is possible to implement a cryptographic keyboard.

When I read stories such as this one, a saying common in the security industry immediately comes to mind:

Physical access trumps all.

If the "attacker" (in this case, the FBI) can obtain physical access to your system, just about any protection can be broken. Perhaps with a laptop that you keep on your person at all times, you might be able to feel secure, assuming you can trust the operating system, the laptop manufacturer, the CPU and auxillary chip production plants, and the original chip designers.

Stare too long into the abyss of paranoia, and the abyss starts to stare back...

Re:Calm Down!

[Nonesuch]

If you use computer software with predominantly benign uses (i.e. PGP) to hide evidence of criminal activity, you run the risk of losing that sheild to whatever means the law enforcement community can leverage without crossing the line of legality.

Realize that law enforcement has always had rights to mitigate a citizen's privacy AS LONG AS DUE PROCESS HAS BEEN FOLLOWED. This is an inherent requirement to do their job, and, knowing the restrictions placed on them, I think that almost all of the time that ethic is upheld. (There will always be screw-ups, but those responsible are held to their actions.)

One interesting question is, how far can they go to "mitigate a citizen's privacy"? This case shows that they can go so far as to "bug" my keyboard to obtain my PGP passphrase.

How much longer before they follow the lead of the U.K. and have the ability to imprision me for refusing to provide my cryptographic key.

Where does the 4th amendment end and the 5th amendment begin?

Bug detector, court misinterpretation

[Gregoyle]

First of all; some people on slashdot are saying that bugging the keyboard buffer constitutes a wiretap. After looking into it, I find that I agree. The only possible way of getting the information to the bug device is by tapping electronic wires, even though they are between the keyboard port and the motherboard rather than between houses. However, the court order spcifically allowed for using hardware and/or software means to surveil the computer. I think the only way to figh this would be to fight the court order, because a simple search warrant should not legally cover such surveillance. Let me restate that I think the FBI did act within the bounds of the law, just that I think the law as defined by the courts, but also that the law was misinterpretted by the courts.

On to my second, completely different point. There are three ways for the government to retrieve the information stored in the bug.

1. Leave it in the computer and retrieve it later with a search warrant. They did not seem to do this, although it may have been the best idea for them. One problem with this method would be if the bug detector was discovered in any way, they would have no data at all, rather than just a halt in the stream. Also, he may destroy the computer upon getting searched (a mor likely problem).

2. Broadcast it over the Internet. Not likely at all. If this guy was "computer literate" as the article says, he would be monitoring all ports into and out of his system, and would almost have to be using NT, Linux or a BSD (to support encrypted filesystems, unless he went with the whole route of no-swap (info is never stored on disk), which I'm not sure can be impleneted in windows 9x). So this would be a dumb methd, too. 3. Radio. They can send the information out over radio waves. This would allow for a stream of information that would still be evidence even if it were interrupted. The thing with this is that what kind of organized crime don does not use a bug detector?!? They are not expensive, and monitor almost all frequencies commonly used by bugs. The only way around this would be burts transmission, which the article does hint at.

To top it off, you can't think a computer is unbugged unless it never leaves your side (or the side of someone you trust; trust is as necessary in this kind of security as in encryption). Oh well, this post will never get read because it is now at the bottom of a heap of posts, and moderators never browse newest first. Blah.

Re:You are naive.

[aozilla]

Besides, I bet there's not one person reading this who hasn't done anything illegal. Let's forget for a moment traffic offenses and focuse on criminal ones. Did you ever smoke before you were 18? Drink before you were 21? Use an illegal drug? Sneak into a movie theatre without paying? Eat a grape in the supermarket? Commit a drive-by shooting? Did you pay for Netscape after the trial period? How about Winzip? How about winamp, before AOL made it free? Do you own any mp3s that you haven't gotten permission from the copyright owner for? Ever make a copy of a videotape without permission from the copyright owner? Did you ever use RSA for commercial purposes (such as at work) before the patent expired without paying? Did you put in your real information when you obtained a licence to use Real Player? Ever participate in a super bowl pool? Ever install a copy of software you weren't legally licensed to install (including shareware after the trial period had expired)? Have you ever mutilated a U.S. coin? Do you report all items that you've bought over the internet or in another state but not paid sales tax on your state income tax? Have you ever fudged a number on any of your income taxes?

Have you ever knowingly allowed someone to do any of these things, and therefore been guilty as a co-conspiritor?

Now, assuming that you have done at least one of these things, should you have gone to jail? On the other hand, if you haven't done any of these things, and think you've never done anything illegal in your life (including knowingly allowing others to do illegal things), I'd like to hear from you.

Re:You are naive.

[TheGratefulNet]

Get the wrong people mad at you, and you too may find out that government agents have added some tiny components to your computer...

lessee...

# depmod -a

# modprobe \*

[dmesg] "unknown keyboard device found - driver not loaded. continuing."

aah - thanks linux! I knew you'd save my butt someday.

--

Re:Calm Down!

[-Harlequin-]

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt
anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

I think that's kind of naive. Have you ever actually spoken to an innocent person who got f*cked over by people abusing their powers? A lot of the people doing this surveillence live in a twisted little paranoid world where they see guns in every shadow of innocent activity, and they sometimes act on these innocent things in ways that level headed people wouldn't. And if the law doesn't protect you from such violation of rights, (which it often doesn't) you can kiss your way of life goodbye.

Sure, there are more criminals having their rights abused than there are innocent parties, and we all know that criminals are, like terrorists, 2d cardboard cutouts whose sole motivation in life is to hurt us and so we should hurt them back, but every erosion of privacy is individually justifiable. The problem is that the next thing you know, you'll have bad cops raking in the $$$ selling your business secrets to your competitors, your unlisted phone number to tele-marketers, your spending details to advertising consultants, and if you try to raise a fuss, they'll deny everything, stop you dead in your tracks with National Security, and you'll be a laughing stock in your community forever for making such paranoid wacko claims.

It's an exotic threat next to having a car drive into you on your way home from work tommorow, and perhaps not as deserving of as much worry, but that doesn't mean we should just lie back and let it happen.

Abuse of power is real. Just because it hasn't happened to you doesn't mean it doesn't happen.

Re:(Not So) Easy Answer

[-Harlequin-]

Of course, it's more difficult when 99 percent of the people you communicate with do not

I had that problem. And even bigger problem though was that all the cryptography programs and sites I found were aimed at advanced users who were already familiar with crypto. It was an inpenetrable wall.

Perhaps I was looking in the wrong places, but someone needs to make an ultra-dumbed down installer that could let your grandmother start using crypto. Then we'll be getting somewhere.

Dedicated encryption unit

[blameless]

Why not have a PDA-sized unit with PGP installed as firmware. You could keep your key on a flash-memory card in your wallet. The unit would never need to leave your person. Enter the plaintext, the unit encrypts it, upload the encrypted message your computer.

Cutting edge?

[baldeep]

Since when is a microcontroller and a battery cutting edge? I want to know what about this keystroke recorder is so freakin' high tech that they can't even talk about it.

Calm Down!

[Lazarus+Short]

Now, I know that a lot of people around here are going to go off and start screaming about having your rights violated, but the fact of the matter is that the FBI had a court order here! They had every right to tap this guy's computer.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

--

Re:Calm Down!

[slashfucker]

i hope you're not serious, because you mangled the FUCK out of that quote. There is a great deal of confusion about who said that quotation, and how. The main consensus is that it was either Ben Franklin or Thomas Jefferson. Here are a few examples from around the net of how people attribute that quote:

Benjamin Franklin
"Those who would sacrifice liberty for safety deserve neither"
"Those who would sacrifice essential liberty for temporary safety deserve neither."
"Those that would sacrifice liberty to obtain a little temporary safety deserve neither liberty nor safety"
"Those who will sacrifice vigilance for liberty deserve neither."
"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety."
"Those who would sacrifice liberty for security deserve neither liberty nor security."

Thomas Jefferson
"Those who would sacrifice Freedom to gain Security, will not have, nor do they deserve, either."
"Those who are willing to sacrifice freedom for safety, deserve neither."
"A man that would sacrifice his freedom for security deserves neither."
"Those who would sacrifice a little freedom in exchange for security will have neither."

So who actually said it? Drum Roll please...

Charles Louis de Secundat, the Baron of Montesquieu, or Montesquieu for short. In 1774, the ideological father of the Constitution wrote:

"A man that would sacrifice his freedom for security deserves neither.
The God who gave us life gave us liberty at the same time." -Montesquieu, The Rights of British America

So you are all obviously a bunch of cunts.

Love,Slashfucker

Keystroke taps get EVERY keystroke, even pre-^H

[isaac]

Remember kids, your keystroke logger records EVERY keystroke. Typed out a phrase that might be a little too strong, but then thought better and erased it? Logged. No opportunity for revision, as soon as you press the key the FIRST time, the event is recorded, even if it was never saved to a file/sent in email/sent in chat.

You could type "I accept suitcases full of cash in exchange for contraband" at a random and inappropriate time, and it would be logged, even though your sentiment was not reflected in any saved file or communication.

Creepy, when you think about it. How many times have I thought better of saying something in chat or email, for fear of it being interpreted the wrong way, and erased it before sending? More than a few times, anyways. If my employer or my gov't had tapped those messages at the keystroke level, I might as well have sent them the moment I typed them. Ugh.

-Isaac

This is GOOD news for crypto enthusiasts

[Daffy+Duck]

It seems to me that this tale shoots down the government's primary argument for trying to restrict the public's use of cryptography. Their battle cry has been "we must be given the crypto keys, otherwise we won't be able to conduct the sort of wiretaps we've gotten used to". But as this story demonstrates, they can still conduct wiretaps the same way they always have - by physically going out and tapping some wires. Bravo, FBI boys!

Keep Your Laptop in a Safe, install tripwire

[goingware]

Well here's some security tips for you.

Research what laptop will run Linux real well.

Get some cash together and drive to a distant city and buy a laptop right off the store shelves. There won't be a chance for anyone to plant a bug in it.

Wipe the hard drive and install Linux on it. Install the Linux encrypting kernel and keep all your real files on an encrypted volume.

Install Tripwire on the machine - it verifies the integrity of important files to be sure they aren't patched.

Learn how to administrate your machine effectively. Always log in as a non-priveliged user and never become root unless you really need to.

Learn about security and tighten down your machine. If you care about security on your laptop you're not going to be running a webserver but I bet a lot of you are running both Apache and SAMBA on a standalone user machine without even knowing it. The more services that are disabled the less anyone can screw with it, even on a non-networked machine.

Don't ever let the machine leave your sight. If you have to put it away, lock it in a safe. Do something to the safe that will enable you to tell if someone's blackbagged you - something like the trick of wedging a matchstick in your door when you leave, but something more concealed. If you find the matchstick on the ground when you return, someone's opened your door.

Best of all don't use a computer for anything of real importance. You can find out why you shouldn't by reading The Forum on Risks to the Public in Computers and Related Systems for a while.

Michael D. Crawford
GoingWare Inc

You are naive.

[Nonesuch]

It's not just a question of whether you have done anything illegal.

Perhaps you hold political opinions that are unpopular with the current administration. Maybe you have your local mayor upset at you for campaigning against him last election. Maybe you are a journalist who has published stories that upset the FBI. Perhaps your ex-girlfriend has taken a job in the local field office.

Get the wrong people mad at you, and you too may find out that government agents have added some tiny components to your computer...

When the sources for your news stories are found dead from a "self inflicted" park in Washington

When you lose every project you bid on to competitors who underbid you by exactly 3%

When the conservative christian boss of your same-sex lover "somehow" gets a copy of your last mash note.

When somebody says "If you aren't guilty of any crimes, you have nothing to fear", remember it's not question of whether you are guilty of crimes against the law, it's not a question of paranoia. The question is, have you committed a crime against somebody else's god, have you done anything that somebody else wishes was against the law, is there anybody who would benefit from hrting you?

If the answer is "yes" to any of the above, then you do have something to fear from this sort of "wiretap" activity.

So, whatsamatter with you?

[www.sorehands.com]

As one person mentioned, a court order was done to permit this.

The article missed one important point -- they were intercepting communications!. Even though it's from keyboard to computer, it's still communications over a wire (unless via a IR port). If it's software instead of a hardware unit, it is still intercepting the keyboard messages as it gets passed through the message queue (and windows). And if it was not authorized, it would be a federal crime of unathorized access to a computer.

(Not So) Easy Answer

[Seumas]

Everyone should be using encryption for as much as they possibly can. When it is realized that 99.999 percent of decrypted information is fluff and noise, it'll be too much of an effort to process every bit of encrypted data. Otherwise, encrypting selectively is just like holding up a giant flag saying "read this!".

Of course, it's more difficult when 99 percent of the people you communicate with do not -- either because of lack of initiative, understanding or capability, use encryption and wouldn't know or care what to do with the encrypted information you send them.
---
seumas.com

Get worked up!

[geophile]

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

I think you're serious, so here's my answer: It is more important to me to protect myself from having FBI agents (not bureaucrats, agents) reading my shopping list, my political manifestos, my notes on how to protect myself from script kiddies (proof positive that I'm a hacker, after all), and my (probably) fictional account of Dubya and Jim Baker exchanging bodily fluids (not intended for publication).

The FBI has proven that it is not above using its power for political purposes.

If the FBI were not free to violate the 4th amendment, we wouldn't have anarchy -- we'd simply have a tolerable FBI. Do you really believe they'd have (your words) no power if they had to respect the 4th amendment?

Re:Get worked up!

[GMontag451]

This is America! You aren't going to be persecuted for harboring seditious ideas.

Someone doesn't know his history very well. Every time this country has been in conflict with another country in the past 100 years or so, people with anti-government sentiments, or even people with backgrounds that might lead to anti-government sentiment have been rounded up and put into prison, internment camps, etc.

Witness the most recent example, internment camps for the Japanese and Italians during world war 2. This was the cause of a direct exectuive order! Or how about all the people arrested during WWI and the period right after for being communist. There was even a law passed by Congress saying they could! Look up the Alien and Sedition Acts.

So next time you just blindly assume that because we are in America, we actually have rights and crap, think a little harder.

Could be much worse

[CaptainCarrot]

I'm far more comfortable with this sort of approach, where a single individual is monitored after law enforcement officials go through appropriate due process, than I could ever be with something like Carnivore which, with a slip of the configuration file, can indiscriminately intercept communications from anyone on the network.

This isn't really any different than what the FBI goes through to put a tap on the telephone line. When they're going after organized crime, this sort of thing is both necessary and proper -- as long as it is governed by due process of law and nobody's privacy is needlessly invaded.

Please Read "Why You Should Use Encryption"

[goingware]

While I guess this goes to show that it's not unbreakable (do you keep your laptop in a safe at night?) I think in general it gives good motivation for why you should read my page:

Why You Should Use Encryption

In the article, I try to discuss in as approachable and as convincing a way as I can why everyone, even your mom, even your kids should use cryptography.

Michael D. Crawford
GoingWare Inc

I wrote Last Resort - keystroke monitor

[goingware]

By the way, my very first commercial product was Last Resort, a keystroke recorder from Working Software.

It ran in only 8 kb of memory and we specifically advertised that it would capture:

• Text that was backspaced over
• Text that was typed and then highlighted and deleted
• Text that was typed and never saved
• Text that was saved but lost due to file corruption or accidental file deletion

It would save everything, even your backspace characters. You could use those to help you reconstruct your file.

Last Resort Programmer's edition will save menu key equivalents to aid testing and debugging and tech support. It helps you reconstruct the sequence of events before a crash.

And yes it would capture passwords but we had the option to pause it or disable it entirely.

I wrote the Mac version but it's available also for DOS and Windows (written by other guys).

Although we tried to make it very obvious when Last Resort was installed on a machine, we get occasional email from people asking how they can make it invisible. We don't tell them, but really if you want to make a hidden keystroke recorder it's pretty trivial.

Don't just worry about the FBI doing this to you - worry about your employer or loved ones. Not long after I shipped Last Resort, one of the editors of MacUser Magazine thanked me personally for it because he'd caught his girlfriend having an online affair - her hot and heavy emails were in his keystroke file.

He later wrote a novel that talked about a lot of software products with fictional names but that were obviously taken from real products. I'm proud to say that the faux-Last Resort saved the world in his novel.

Also I get occassional spam from companies selling keystroke recorders that aren't just invisible, but they encrypt the keystroke files and upload them to a location of your choice. They say this is meant for employee monitoring...

Such monitoring, by the way, has been held to be legal by the courts.

Michael D. Crawford
GoingWare Inc

PGP = probable cause?

[perdida]

The SCARIEST part of the whole thing is:

FBI attorney: The suspect uses something called PGP, which prevents us from viewing his email and, combined with other evidence we have gathered while surveiling him, constitutes probable cause that he is using his computer for legal activity.

Judge: Okay, go get 'im.

Software does not equal intent. Not with PGP, not with Napster, etc.