Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Bugs Keyboard of PGP-Using Alleged Mafioso

Posted by michael on from the pretty-good-break-in dept.

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

7 of 301 comments (clear)

  1. (Not So) Easy Answer by Seumas · · Score: 5
    Everyone should be using encryption for as much as they possibly can. When it is realized that 99.999 percent of decrypted information is fluff and noise, it'll be too much of an effort to process every bit of encrypted data. Otherwise, encrypting selectively is just like holding up a giant flag saying "read this!".

    Of course, it's more difficult when 99 percent of the people you communicate with do not -- either because of lack of initiative, understanding or capability, use encryption and wouldn't know or care what to do with the encrypted information you send them.
    ---
    seumas.com

  2. Get worked up! by geophile · · Score: 5
    So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

    I think you're serious, so here's my answer: It is more important to me to protect myself from having FBI agents (not bureaucrats, agents) reading my shopping list, my political manifestos, my notes on how to protect myself from script kiddies (proof positive that I'm a hacker, after all), and my (probably) fictional account of Dubya and Jim Baker exchanging bodily fluids (not intended for publication).

    The FBI has proven that it is not above using its power for political purposes.

    If the FBI were not free to violate the 4th amendment, we wouldn't have anarchy -- we'd simply have a tolerable FBI. Do you really believe they'd have (your words) no power if they had to respect the 4th amendment?

    1. Re:Get worked up! by GMontag451 · · Score: 5
      This is America! You aren't going to be persecuted for harboring seditious ideas.

      Someone doesn't know his history very well. Every time this country has been in conflict with another country in the past 100 years or so, people with anti-government sentiments, or even people with backgrounds that might lead to anti-government sentiment have been rounded up and put into prison, internment camps, etc.

      Witness the most recent example, internment camps for the Japanese and Italians during world war 2. This was the cause of a direct exectuive order! Or how about all the people arrested during WWI and the period right after for being communist. There was even a law passed by Congress saying they could! Look up the Alien and Sedition Acts.

      So next time you just blindly assume that because we are in America, we actually have rights and crap, think a little harder.

  3. Could be much worse by CaptainCarrot · · Score: 5
    I'm far more comfortable with this sort of approach, where a single individual is monitored after law enforcement officials go through appropriate due process, than I could ever be with something like Carnivore which, with a slip of the configuration file, can indiscriminately intercept communications from anyone on the network.

    This isn't really any different than what the FBI goes through to put a tap on the telephone line. When they're going after organized crime, this sort of thing is both necessary and proper -- as long as it is governed by due process of law and nobody's privacy is needlessly invaded.

    --
    And the brethren went away edified.
  4. Please Read "Why You Should Use Encryption" by goingware · · Score: 5
    While I guess this goes to show that it's not unbreakable (do you keep your laptop in a safe at night?) I think in general it gives good motivation for why you should read my page:

    Why You Should Use Encryption

    In the article, I try to discuss in as approachable and as convincing a way as I can why everyone, even your mom, even your kids should use cryptography.


    Michael D. Crawford
    GoingWare Inc

    --
    -- Could you use my software consulting serv
  5. I wrote Last Resort - keystroke monitor by goingware · · Score: 5
    By the way, my very first commercial product was Last Resort, a keystroke recorder from Working Software.

    It ran in only 8 kb of memory and we specifically advertised that it would capture:

    • Text that was backspaced over
    • Text that was typed and then highlighted and deleted
    • Text that was typed and never saved
    • Text that was saved but lost due to file corruption or accidental file deletion
    It would save everything, even your backspace characters. You could use those to help you reconstruct your file.

    Last Resort Programmer's edition will save menu key equivalents to aid testing and debugging and tech support. It helps you reconstruct the sequence of events before a crash.

    And yes it would capture passwords but we had the option to pause it or disable it entirely.

    I wrote the Mac version but it's available also for DOS and Windows (written by other guys).

    Although we tried to make it very obvious when Last Resort was installed on a machine, we get occasional email from people asking how they can make it invisible. We don't tell them, but really if you want to make a hidden keystroke recorder it's pretty trivial.

    Don't just worry about the FBI doing this to you - worry about your employer or loved ones. Not long after I shipped Last Resort, one of the editors of MacUser Magazine thanked me personally for it because he'd caught his girlfriend having an online affair - her hot and heavy emails were in his keystroke file.

    He later wrote a novel that talked about a lot of software products with fictional names but that were obviously taken from real products. I'm proud to say that the faux-Last Resort saved the world in his novel.

    Also I get occassional spam from companies selling keystroke recorders that aren't just invisible, but they encrypt the keystroke files and upload them to a location of your choice. They say this is meant for employee monitoring...

    Such monitoring, by the way, has been held to be legal by the courts.


    Michael D. Crawford
    GoingWare Inc

    --
    -- Could you use my software consulting serv
  6. PGP = probable cause? by perdida · · Score: 5

    The SCARIEST part of the whole thing is:

    FBI attorney: The suspect uses something called PGP, which prevents us from viewing his email and, combined with other evidence we have gathered while surveiling him, constitutes probable cause that he is using his computer for legal activity.

    Judge: Okay, go get 'im.

    Software does not equal intent. Not with PGP, not with Napster, etc.

    --
    Goat sex free since 2001