Legal Challenge to FBI's Keystroke Sniffing

Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online." Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

Re:Two solutions

To combat hardware keyboard bugs for passwords.
Use an on-screen keyboard for entering passwords. But wait you can log mouse movements you say? Not if you randomise the layout of the keyboard so that it is different each time.

Pros: Defeats keyboard hardware tap
Cons:
* Annoying to use
* Doesn't protect against tempest.
* Can still do brute force monitoring on your keyboard, to attempt to read emails you have typed. (Hack solution, use on-screen keyboard for all confidential data, periodically change layout of keyboard, and/or size/shape of buttons to reduce usefullness of mouse logging.)

Solution to defeat Tempest and keyboard monitor.

Remove keyboard controller from your keyboard. Replace with customised version which sends different codes, and/or encrypts it. (Would probably be better suited as a "secure" USB keyboard, add on extension), use special keyboard drivers for your system to decrypt the stream within your OS only. Blank or mask passwords on screen as normal.

Pros:
* Defeats keyboard based monitoring
* Easier to use.
Cons:
* Difficult
* More Expensive
* More dependant on security of OS to reduce chance of OS logging keystrokes.
* Encryption seeds will be trickey (PIN? - how do you enter into OS?, token - how do you stop it being read?) Recommend public key cryptogrophy, based on a private key stored in a flash card attached to keyboard, to lock out data destroy card and hope key size was large enough.
* Need to change keys regularly.

And yes I have thought about this for a while, I have partial Java implementation of first for entering passwords on web pages. Was investigating second, but cost is a problem.

Re:Tapping LCDs?

I'd be more worried about the analog signal going up your VGA cable, cables being the nice antennas that they are. Things like graphics cards and transisters in LCDs are only likely to be readable for short distances, and much more likely to be drowned out by other sources of EMI.

I'm not sure how a Digital signal would go. Seeing as a digital signal of any significant bandwidth in this application can only be used over short distances before distortion.

Main legal question is the scope of the warrant

The main arguement is whether or not that the original warrant covered the 'wiretap'. The warrant did allow for seizing of passwords via a keystroke logger, but didn't deal with the transmission of the passwords back to the FBI, hence the problem. I suspect that this case will get appealed upstream perhaps to SCOTUS. But if it turns out that the transmission of the passwords required a wiretap order, then a lot of evidence gets thrown out (Fruit of the Poisonous Tree).

Re:The FBI will use this to fight encryption

> Why is it that more of us don't use PGP for all of our emails? I would happily use it if any of my friends actually had public keys. We can't fight these fights unless we all pull together.

I find this slightly ironic, as you have no PGP key in your user info. What are you waiting for ?

Re:they DIDN'T have a judge's approval!

So before people start flapping their mouths bout how this mafia probably got what he deserved, the agents didn't have a court order to do this.

They had a search warrant. The distinctin is a technical one, as they indicate that the "bug" did not transmit anything. It doesn't heed to usual wiretapping SOP, as it was placed on the PC in one warranted search, and the data was picked up at another. As such, the agents did not have the ability to choose not to intercept unrelated data, as they would in a standard wiretap (they have to cease listening after 1 minute if there is nothing relevant to the case said, and wait 1 hour before resuming listening, or something like that). Maybe it's easier to think about it like this: what if the FBI got a warrant, broke in while he wasn't there, stole the key to his safety deposit box, made a copy of it, and replaced it without him knowing. It's just different in that they had to come back later to pick up the copy of the key. They aren't relying on any communications intercepted by the key-capture to make their case, only his password, like his safety-deposit box key.

Re:Good

[Eccles]

This is a thing I've never understood in the US legislation. Here in Finland a court has to consider any evidence, even if obtained by illegal means. This just means that the person who used illegal means will also be prosecuted.

The Supreme Court in the U.S. (in Weeks vs. the United States in 1914, I think) observed that having law enforcement prosecute itself was ineffective, and the Exclusionary Rule was the only way to give the Fourth Amendment any real teeth.

How many cops are in Jail for gathering evidence illegally in Finland?

Re:Good

[Eccles]

Can you imagine the public outcry if McVeigh had been let free because of some minor mistake on the FBI's part? Would it have been right?

Is it right that Stalin and Mao died natural deaths? Tyrannical governments have killed far, far more than a few crazed bombers. And while no one has shot OJ (yet), I wouldn't have bet a plugged nickel on the Oklahoma City bomber surviving a year if he had been released on a technicality. There's a reason the cops put bulletproof jackets on some suspects when moving them.

And in the long run, the Exclusionary Rule has worked to help make police forces more rule-abiding, which I think is even more important than the possibility of a few criminals getting off. 50% of murders go unresolved, after all.

Re:they DIDN'T have a judge's approval!

[Justin+Cave]

While the case will probably turn on a technical distinction, it ought to turn on a much more philosophical one.

What is the primary difference between a search and a wiretap? Why do we more evidence before a judge can authorize a wiretap than before he/she can authorize a search?

1) A search is a one-time event, whereas a wiretap represents ongoing surveilence. As such, a search tends to capture a small amount of private, transitory data (i.e. conversations, web cache, etc) while a wiretap tends to capture and catalog a large amount of this sort of information. This is a much greater invasion of privacy.
2) A search captures narrowly tailored information, whereas a wiretap casts a very wide net. A search warrent that authorized the authorities to look for root kits on your machine ought not allow them to page through your Quicken data. (I realize that the standards for searching a hard drive haven't yet caught up to the standards that apply to the physical realm, but I'm making a philosophical argument.) A wiretap wouldn't permit that level of distinction.
3) A search does not require, or generally permit, surreptitious entry. Police officers come to your door, announce that they have a search warrent, and enter. When someone searches your home, they have to provide you with a receipt of the items taken. Everything is done very much out in the open. A wiretap, on the other hand, requires that the police don't alert anyone to their entry when they install the bug. The open nature of the search provides a suspect with context that may be useful should he have to exercise his Constitutional right to confront his accuser at trial. In addition, it provides a useful check on government power since it permits outsiders to analyze the pattern and practice of searches to determine whether there's an abuse of power. The FBI could get away with a lot of abuses by wiretapping civil rights organizers in the 60's than they could not have had they done repeated physical searches.

Using the "if it looks like a duck, walks like a duck, and quacks like a duck" rule, I would submit that the FBI make a wire tap in this case.

lawyer: doesn't even look like a close call to me

[hawk]

I am a lawyer, but this is not legal advice. If you need local advice, contact an attorney licensed in your juriscdiction.

This doesn't even seem like a close call to me. The Bill of Rights is about privacy and the individual in the face of the awesome power of the state. The protections aren't to protect criminals, but to protect us normal folks against intrusions from the state.

long ago, we decided that wiretaps warranted special procedures, rather than a regular simple warrant. It would be bizarre to keep this reasoning while allowing the more intrusive act of sniffing keystrokes . . .

hawk, esq.

Get a clue.

[David+Price]

You're spouting nonsense and you know it. Do you really think that broad overgeneralizations about the scope of the DMCA and faulty conclusions are the best way to fight it?

The DMCA has to go, but clueless, uninformed rambling only helps the other side.

(On that note: has anyone written an anti-DMCA advocacy FAQ? We need some guidelines in order to present a unified front to the politicians and media. The Linux Advocacy mini-HOWTO is a terrific example of the type of document meant to keep advocacy focused and rational, and has been quite successful.)

Re:Get a clue.

[Whyzzi]

Perhaps not. But if we are stuck sucking on butt of the DMCA - why shouldn't we use it to protect our own privacy??

Re:This is going to make me unpopular but...

[David+Price]

Agreed up to a point. Law enforcement has a legitimate interest in monitoring the communications of a very limited, very deserving subset of people. This type of activity - implantation of hardware bugs - is, in my opinion, an adequate balance between the individual right to privacy and the government's need to investigate crime. It permits law-abiding citizens and criminals alike to use crypto, and prohibits driftnet operations in which everyone's communications are sniffed; law enforcement must have a sufficiently compelling interest in someone's communications to enter their home or office and physically plant the bug.

The problem in this specific case is that the FBI had a search warrant, not a wiretap authorization. There's a distinct difference: the suspect knows that his home or office has been searched when a search warrant is acted upon. In the case of a wiretap, the suspect necessarily knows nothing.

What we have here is law enforcement gaining authorization for one type of activity - a search of a premises - and undertaking in another. I agree that keystroke logging is a valid investigative technique, but there needs to be a legal structure set up to make sure that it's not abused, as, I believe, it was in this case.

A real wiretap no less

[bill_mcgonigle]

Typically these days 'wiretaps' are done in software at telco switches. At least there are still some folks around who remember how to do hardware just in case we need them. (The guys who built this gizmo didn't authorize the illegal tap).
I suspect if you're a criminal you should be using a USB or ADB keyboard to up the ante.


-----
My God, it's full of source!

Re:A real wiretap no less

[don.g]

ADB... now there's an idea.

Actually I suspect if I persuaded PGP to run on an old Mac SE then whatever exciting technology the LEAs use to tap keystrokes might have "problems".

Taken a bit further, one could mystify those who might want to get at your data by storing it on cassettes and using ZX Spectrum encryption software (wonder how slow RSA/DES/etc would be on a 4MHz Z80).

--

Re:A real wiretap no less

[don.g]

Correction: the SE doesn't run *BSD as it has no MMU. The SE/30 has a 68030 and *does* run *BSD.

Guess which one I have :(

Anyway the point I was trying to make was that the FBI/SIS/GCSB/etc probably doesn't have a m68k MacOS keystroke grabber they can just pull off the shelf and use.

--

Re:A real wiretap no less

[itachi]

An SE is an old motorola 68k chipped macintosh. It does run NetBSD, as well as OpenBSD. Running PGP on it should be no problem. I suspect that either software or hardware, it shouldn't be that much of a challenge to port a keystroke recorder to a new architechture. It's just not that complicated.

itachi

Re:A real wiretap no less

[itachi]

Correction: the SE doesn't run *BSD as it has no MMU. The SE/30 has a 68030 and *does* run *BSD.
D'oh! My bad. Although the fact that you're stuck running MacOS on it might actually make the keyboard more sniffable. I recall a freeware/shareware keyboard sniffer for the mac, basically a hidden executable that gets left in the extensions folder and logs to a text file of your choosing. I know it ran on pretty much any mac with the right versions of MacOS. I don't think it ran on anything much older than system 7, though. Maybe 6.

itachi

Re:A real wiretap no less

[szomb]

Actually I suspect if I persuaded PGP to run on an old Mac SE then whatever exciting technology the LEAs use to tap keystrokes might have "problems".

I don't know what a Mac SE is, but if it needs to be "persuaded" to run Unix then a better choice might be to pick one of the 44 architecures supported by NetBSD. Do you think the technology is readily available to KeyGhost a VAX system, one of the many WinCE-based handhelds, or heck, even a good old Sun2/3?

--

Re:A real wiretap no less

[szomb]

> I suspect that either software or hardware, it shouldn't be that much of a challenge to port a keystroke recorder to a new architechture. It's just not that complicated.

Of course not, but if it's something arcane like a VAX, it might take them a while. If that time slice saves your ass, it'd be worth it. I'm sure them coming in and searching first would tip you off.

--

Re:they DIDN'T have a judge's approval!

[Glytch]

I'm not sure if there is a precedent judging whether keylogging is a wiretap or a search, but common sense says it is a wiretap.

True, therefore I predict that the legal system will decide that it is a search.

Re:they DIDN'T have a judge's approval!

[unitron]

Leaving aside the question of what if those conversations with the mistress are actually a secret code used for the discussion of the alleged crime, does this mean that wiretap orders are too difficult to get, or that search warrants are handed out on a whim instead of according to the rather strict parameters specified in the Constitution? Isn't a wiretap just a specialized type of search warrant?

Re:they DIDN'T have a judge's approval!

[unitron]

The really strange thing here is that they had enough to get a search warrant (during the execution of which they allegedly placed a hardware or software bug in the guy's computer) but either didn't have enough to obtain an authorization for a wiretap (in which case one wonders how they had enough for a search warrant) or they just decided not to bother.

You don't have to be in favor of the existance of the mafia to be bothered by this.

Tapping LCDs?

[hanwen]

The article also talks about techniques to
"tap" CRT screens by picking up the RF radiation that they emit.

I was wondering: are LCD screens safe from this kind of tapping?

Re:Tapping LCDs?

[Dr_Cheeks]

In short, no. Do a search on TEMPEST or Van Eck Phreaking for more info, but the pixels switching on and off in an LCD screen will generate EM radiation too. In fact, I've even heard of people picking up data straight from the printed circuits on graphic cards and turning it into a useable display, so you don't even need the target machine to have a screen. Creepy, eh?

Basically, there's 3 good ways to overcome this that I'm aware of:

1. Make sure your display is gibberish. Unfortunately this makes it kinda difficult to use : )
2. Set up something to broadcast a load of EM white noise to drown-out the signal from your machine.
3. Only use your machine from inside a big thick metal box (to block the signal), and make sure that you take a portable power supply in there with you (signals can even propagate down the power supply cable).

Yes, it's time to be paranoid.

Re:Tapping LCDs?

[blueg3]

Though I admittedly don't know much about this technology, flourescents emit EMR primarily at 60 Hz, the power cycle frequency, right? That's a far cry from the MHz range that CRTs use.

Additionally, you can often use filtering and directional recievers to clear up the signal.

Re:Tapping LCDs?

[eclectro]

I think "Vann Eck" phreaking is really overplayed big time. Sure it exists, but I'd be willing to bet that a light dimmer controlling some flourescents in the same room would wipe it out for all intents and purposes. They are quite broadband and would "swamp" any signals leaking from your computer. Likewise, I'd bet the HV circuitry for the LCD backlight "swamps" those LCD transistor switches.

Another thought - I bet it would be hard for the FBI to install a keyboard sniffer on a laptop. They would have to find a way to switch with an identical laptop.

Re:Tapping LCDs?

[anno1602]

I was wondering: are LCD screens safe from this kind of tapping?

AFAIK (CMIIW - correct me if I'm wrong) they are. "Tapping" CRTs is possible because of the high level of radiation they cause wehn displaying a picture - a cathode beam is directed across the inner surface of the screen, causing a material to light up, the stronger the beam, the brighter. The three basic colors RGB are realized by using differntly-colored materials that the beam touches with different intensity - mix them, and you get the color.

LCD, on the other hand, work differently: They have a backlight, and electrically activated liquid crystals (hence the name, d'uh!) that filter that light partly, let it through completely or not at all. By using differtly-colored filters, you again achieve color. However, the electric currents which is needed to toggle those LCs is comparativly low. So you might (and it might not be possible at all) be able to "tap" a LCD this way, but you have to be very close to it to be able to register the currents. If you _are_ that close, you can as well just read what's on the screen.

Greets

Anno.

Re:Tapping LCDs?

[Nihilanth]

Didn't they just pass a law making that illegal without a warrant?

That tempest stuff is crazy..how far away does it work? 100 feet or something like that? I'm gonna get me one of those.

Broadcasting a lot of EM noise would be a good way to defeat that, except i think to be strong enough, it would end up distorting your monitor's output, as well as running the risk of damaging your EM-sensitive computer innards. another thing to consider, if you were to just radiate tons of em interferance from your house, wouldnt that be some sort of FCC violation? i mean, your neighbor's TVs and radios would start flipping out..

Re:Good

[Maserati]

This is what happend in the OJ Simpson case. The LAPD got caught trying to frame a guilty man. The Juice walked because the police acted dirty. Note that he promptly lost the civil case.

Rick Brant

[cyberwench]

It's a great code... I found out about it through the "Rick Brant Science Adventures" series... I think it was the first book, but I'm not sure. As long as you have a book that everyone in on the secret has, then it works wonderfully. But you'd better keep your messages short... it takes a while to decode it. On a totally unrelated note, it's a great series of books, worth checking out. =)

There's a difference...

[cyberwench]

The difference is, they would have required a wiretap order to tap his phone line. A wiretap order also carries a fair amount of restrictions as to how it is applied and what information is usable. In this case, they're doing something that does exactly the same thing as a wiretap, they just don't _call_ it that.

The argument the lawyers are making is that recording his keystrokes is a wiretap, regardless of whether the information is recorded on a phone line or not. The reasons for this include the fact that they will be gaining personal non-crime related information as well as the fact that they're receiving a stream of information (not a snapshot like they would get in a normal search).

For example, if they went into this person's home and searched his computer, that would fall under the warrant that they had. That's legitimate, no argument here.

In a court case, the FBI can require that a defendant give up his password so that they can view the files. In order to do that, they need to have enough evidence to go to trial. Obviously in this case they didn't have enough evidence and they suspected they would if they were able to search the encrypted files. My point being that there were lots of ways that they could have gathered the same information without putting a tap on his machine. (Which is probably why they didn't get a wiretap order - the judge may have said "No, there's other ways you can get this info without doing a tap.")

If I'm not totally mistaken, the FBI would require some variant of a wiretap order to put a camera in the house and monitor his keystrokes. This shouldn't be any different. I'm not arguing that they shouldn't be able to wiretap/record/etc. However, if they're going to be able to do that, then they need to follow the rules. Get a wiretap order, it isn't that much of a pain in the ass and it means that any information you gather will be used in a trial without being thrown out on technicalities.

If a criminal goes free because these agents screwed up, then that's the way the system works. It's something that's designed to make sure that police and the FBI don't overstep their bounds... the knowledge that if they do, the case will be tossed out.

Disclosal of methods...

[cyberwench]

The reason the methods are important is that if the way this device works is similar enough to a wiretap, then it will be considered one. Without knowing anything about how the device works, the court can't make any kind of a ruling as to whether it's a tap or not. While I understand the FBI would prefer to keep the information hidden because it would make it harder to circumvent, it is necessary for and relevant to this case.

Re:they DIDN'T have a judge's approval!

[mitheral]

It is because a wiretap requires a high degree of probable cause and also restricts the enforcement ageny to not record communications not covered by the wiretap order. IE. the FBI could get a wiretap covering an alleged crime and record any conversations about that crime; however, if the target starts having phone sex with his mistress the FBI is not supposed to record the information.

Re:Who has the right to privacy?

[TrentC]

The FBI in this case sought legal rights to survey the activities of an alledged mobster. The FBI had reason to survey this person's activities and obtained the legal authroization plant a deveice of some kind.

Um, no they didn't; that's the whole point of this alleged mobster's suit.

They had a search warrant, which allowed the FBI to search for currently existing evidence. Scarfo's suit charges that in order to place whatever device they used, they needed a wiretap order, which has a stronger standard to meet.

Jay (=

What are the rules for audio bugs?

[FreeUser]

They had a search warrant. The distinctin is a technical one, as they indicate that the "bug" did not transmit anything.

So what are the rules for "bugging" a person's home with an audio tap? Their home, not their telephone. Is a search warrant sufficient, or is a court ordered wiretap required? If the former, this may well stand. If the latter, then the FBI were clearly out of bounds and should have known better.

Invading one's private communications a la a keyboard wiretap is IMHO more akin to opening someone's mail or tapping their telephone, so whatever standards apply to those sorts of actions should apply to this as well. Guess we'll find out soon enough ...
--

Re:So simple its scary

[ethereal]

Or they just don't want to show their hand for a case of this magnitude :) I bet the NSA and the U.S. Military do have hardware that can crack common commercial-grade encryption pretty quickly, even if they don't have any special mathematical tricks or back doors to use.

Remember: it's a "Microsoft virus", not an "email virus",

Re:methods for keystroke logging?

[ethereal]

On the plus side, mobsters that pass on email viruses end up with a much sterner punishment than just a talking-to by the sysadmin :)

"Well, maybe if Julio here was to break your 'Send' finger..."

Remember: it's a "Microsoft virus", not an "email virus",

Re:It is not wiretapping!

[ethereal]

Well, look on the bright side. At least the FBI isn't illegally accessing Russian computers this time :) Maybe they reall are kindler and gentler...

Remember: it's a "Microsoft virus", not an "email virus",

Re:Good

[ethereal]

Well, if the case had already reached a verdict, that verdict is thrown out. But the government can refile the case without the offending evidence. Unless of course that conflicts with double jeopardy?

Remember: it's a "Microsoft virus", not an "email virus",

Re:Who has the right to privacy?

[ethereal]

A search warrant != legal authorization to plant a bug.

Remember: it's a "Microsoft virus", not an "email virus",

Re:they DIDN'T have a judge's approval!

[ethereal]

But searching someone's safety deposit box would also require a warrant, which would be separate from the warrant to search someone's home. I don't think your analogy is correct.

There is a distinction between hard copy communications which are physical objects that may be searched with a search warrant, and immaterial communications (electronic or just voice) which are by definition transitory and don't hang around to be searched. IMHO, if he had anything written down they could have taken it when they searched, but leaving a device which effectively converts a transitory communication (password keystrokes) into a permanent piece of evidence (keystrokes stored in a bug) is effectively a wiretap, rather than a search of physical property that the mafioso already had. The agents had to do something to convert his communications into physical form so they could take it with a search, and in doing so they stepped over the line into wiretap land.

Your argument has ludicrous consequences, because you could use it to do essentially any wiretap with just a search warrant - just place miniature voice recorders in all the phones, wait a week, come back again and harvest the tapes, and see what you got. I don't think that's consistent with the spirit of the law, which expects law enforcement to get a separate wiretap warrant for intercepting communications.

Remember: it's a "Microsoft virus", not an "email virus",

Re:The FBI will use this to fight encryption

[red_one]

enjoy.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 5.0
Comment: PGP Key Server 0.9.4+patch2

mQGiBDfYEDURBAD2ud7d0VWJLlK5oyn22bue6xDKGBJ0mmC+ DH Sj84CRdjEkOIP5
iR6A/+AZB1rr57mBkJ2ITowR66nAaytXfpQEU0lo+JBKlowj wf O2mRo5h0e+wHdg
CSr+9diSRX/jIoj/dVbGVNUndpZ96bFtassXdR29GR9rAVX9 vm j+mqWMPwCg/63T
NqeIM8QCisuYTAdBsLMUDSsEAOG0I03lwxXZQhKLMe3CM7/l ZY 7in1RXu5Qvh+9Q
pGFl0XHmFehqFxymCx3KvEFVtUC4xuBPtP5/UpMiCPrr5nqP KD CqMmcZV36uULWg
B1CpD01TmIUF191soVyEfs0+S/lA9vH+/3/z4w9vxB/vSAak Zw zNImomFfDtpG0I
3GT+A/4moipLU34IPEfLetus27gT9eHyqHAmQ8IIwLxxp0FS 2W 3Hrr+aSDMtMDQr
GC3wCQK7d+vgzPdYoKTKJT7C5IESp+JNQbFq54g4lELWpi+Z ue HAm7vyyz0o4rN/
Co1HIzHfeT1zBR9xlYQmlEB8WgAzAaOGpcyWjIkZRAgDOtVD Zr QoU2ltb24gSGls
bCA8cmVkX29uZUBvdGhlcnNkaWV0cnlpbmcuY29tPohOBBAR Ag AOBQI5yZiBBAsD
AgECGQEACgkQsnOzDG7Xi8rtiQCeLuP/M06CR2UPuHCO91ZA bO aNe6UAnAxms2tF
4alLPdBdGj5v+tYZKr0+tCVTaW1vbiBIaWxsIDxzaW1vbl9o aW xsQGdlb2NpdGll
cy5jb20+iQBOBBARAgAOBQI5yZiBBAsDAgECGQAACgkQsnOz DG 7Xi8rYGwCgjRMv
gHpBtvLdVtVmeb0qPQ16USkAoLx9iXa4QUh9rmEnou55RC67 vI MluQMNBDfYEDUQ
DADMHXdXJDhK4sTw6I4TZ5dOkhNh9tvrJQ4X/faY98h8ebBy HT h1+/bBc8SDESYr
Q2DD4+jWCv2hKCYLrqmus2UPogBTAaB81qujEh76DyrOH3SE T8 rzF/OkQOnX0ne2
Qi0CNsEmy2henXyYCQqNfi3t5F159dSST5sYjvwqp0t8MvZC V7 cIfwgXcqK61qlC
8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdM ZI ZJ+AyDvWXpF9Sh
01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHO fM lm/xX5u/2RXscB
qtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNs OA 1FHQ98iLMcfFst
jvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq /z zhsSlAGBGNfISn
CnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2J Sy IZJrqrol7DVelM
Mm8AAgIMAIo63O6kKVrqFzzJjAgiOKYx9+sxIj7kPAL2ge4P Fd ahReYpoP9M+8Hi
xJsr/cpN5QF+HhHQTFP0JTcq3gr77rf8KsB+8qcLjOKauznP YU 9A51zWNxDTLeKL
gzRskZtFVx0XSGTYnY5tFksQQyCRd2Ep5y8Rir6+Mg1RNOcy dv usRSnSTDV6hijT
Slz1a0+wBNE2E2ETEOe9+jJXLOhjTgUvm7HJBoC0/IDqivp0 5s YUSzN7QFPdXRxY
dKZrRyt7lwq16l526BEAzNet7TfFbi4aNaFG36iTqbCK9eEz 3J /zr6YiNDGi2tQ3
whEWf7kuZRfV4Ad3F9fz80twPlT09x7QFEOT5ogTAMU2Oesy XT EPNC/FB4oxPVP7
ESY8o48ntlzYzRrXm19JI8KHdNsfgzogVxoDrPWxTWByHrdr 5P uCkCdwHQ6UfMDN
P9aTeM8AT2RMmv3euGLvaUCTqwXUuwjw4jJZihCjTjIW6PRd IE dyydOSUNtKicB0
aefpRWjNlYkARgQYEQIABgUCN9gQNQAKCRCyc7MMbteLytdR AK DhZy8j+H/VXrgj
XXTi76l0NVxNOACg9StY4wWGI6XwaCzXF5dxM1DoJdU=
=DH+8

-----END PGP PUBLIC KEY BLOCK-----

Biometrics won't help

[Sloppy]

Of course, with biometric stuff getting so cheap, soon typed passphrases may only be part of the puzzle and even then the FI will somehow manage to succeed.

If attackers have physical access to your machine, then biometric keys don't add any security. They can just compromise the software, or install a sniffer in between the biometric reader and the software, or something like that. It's the old "trusted machine" problem. If it were possible to secure against this type of attack, then DVD players would have it.

---

Also at the BBC

[Midnight+Thunder]

For those of you interested, the BBC also has an article on the same subject.

Re:Also at the BBC

[beanerspace]

Interstingly enough, the BBC article shows a picture of hands at keyboard of what appears to be a laptop computer ... a technology that might have helped "Little Nicky" ... provided he packed it on his person with the same regularity as gold-plated money clip.

Re:Sad day

[Nightpaw]

Yeah, yeah; you're just weirded out because you're playing Majestic.

:)

TEMPEST is not a system

[No-op]

TEMPEST is a classification, not a system. you don't tap people's system with "TEMPEST". read the orange book if you want to know more about what it is, or some of the FOIA docs on cryptome.org. thanks.

Re:Good

[Black+Parrot]

> I also don't support a government that believes in wholesale destruction of the constitution to fulfill their agenda.

What chaps me about law enforcement is that every time a new technology comes out they assume that the constitution doesn't apply to it, and they walk on our constitutional freedoms until the courts reaffirm the constitution. Can't they see that the phrases "secure in their persons and property" and "unreasonable search and seizure" don't have anything to do with what technology is involved?

IMO, "zero tolerance" should start with the lawmakers and law enforcers. How can they expect us to behave when they don't?

--

Similar question - two monitors at once?

[SuperKendall]

One thing I've wondered about this kind of tapping, would putting two CRT monitors next to each other with different displays make it much harder to tap, or is it easy to distingush the two video signals?

Re:Go on, mod me offtopic!!!

[hrm]

Thanks.

(damn 20 sec rule)

Re:Who has the right to privacy?

[TFloore]

The FBI won't want to waste money/time/resources/etc in surveying the activities of a law abiding citizen.

Now there is a problem with this view. Two problems, really.

First, there is no such thing as a law-abiding citizen anymore. There are enough laws, and enough conflicting laws, that I no longer believe it is possible to live without violating laws. (Frankly, I have a problem with this. I *like* having respect for the law, but this encourages disrespect for the law. There is a slippery slope here too... Once one law is stupid, moving to "all laws are stupid" as a blanket generality is no longer unimaginable.)

Second, collecting information is NEVER a wasted activity. There is no such thing as too much data, so long as you have the ability to sort, collate, and cross-reference it, or may have that ability in the future.

It doesn't matter what information you are collecting, or who it concerns. It may have use later, and government is very good at taking a long view on collecting information.

Re:Good

[itachi]

There was a "good faith" exception to the Exclusionary Rule that sprang out of a court case in 1983. If the cops belive that they are conducting a legal search (eg, they get a warrant, but the judge inserts a typo and the warrant is for the wrong apt), the evidence is not excluded. It does fit well with the 4th Amendment.

itachi

Re:Who has the right to privacy?

[itachi]

I think we can respect the FBI's right to technological privacy when they can remember how to respect the 4th Amendment rights of the people they are investigating. This is a clear and blatant violation of the 4th Amendment, they are obviously collecting a data stream, and therefore the obviously need a wiretapping warrant. Until the FBI can clean up their act, I'm al in favor of providing free consulting services for any mobster/terrorist/political subversive who managed to piss off Dubya/etc.

itachi

Re:Tech-savvy Feds

[StenD]

not that i'm an acronym fascist, but SCOTUS sounds cooler (and for some strange reason, dirtier) than USSC.

Prolly because you're subconciously adding a couple of letters: SCrOTUmS.

Re:Is my DNA protected by the DMCA

[mefus]

Any similarities between my DNA and IP-protected DNA are purely conincidental or due to a natural and accepted process of selection based on the fitness of said DNA, familial connections, or some combination of these factors. (yada yada)

Re:Hrm ...

[gorilla]

I don't think anyone who uses their authority 'thinks' they're misusing it. Even J Edger probably thought he was in the clear when he dug up dirt on the powerful to protect his position, or when he spied on political organizations he disagreed with. Today, few would agree with his actions.

Government and Law

[rjh]

If the government wants us to obey the law, the government really should set a better example.

If the government wants us to be without guns, the government really should set us an example.

If the government wants <foo>, they should be prepared to <foo> first, to provide us with an example.

At least, that's my own personal political philosophy. Take it for what it's worth. :)

Re:Good

[rjh]

FBI agent Lou Horouchi participated in a cold blooded murder

His name is Lon Horiuchi. If you're going to slander a man's reputation, at least spell his name right.

The facts of the matter are very much disputed, depending on which side of the government-paranoia fence you are and how good your common-sense filters are. However, the founder of the FBI's Hostage Rescue Team, Danny Coulson, has publically described Horiuchi's experience as the "tortures of the damned".

First he was excoriated in an FBI inquiry; then a separate governmental inquiry exonerated him. Then he was indicted on manslaughter statutes for Vicki Weaver's death, and then a judge declared that Horiuchi was immune to prosecution because he was acting in good faith.

And just last month, a Federal appeals court set aside the immunity decision, clearing the way for Horiuchi to be tried.

Contrary to what you believe, Horiuchi is not out of the woods. Barring intervention from the Supreme Court, it is overwhelmingly likely that Horiuchi will soon be tried for manslaughter in the death of Vicki Weaver.

the FBI jackboot who is persecuting Sklyarov is up to become HEAD of the FBI!

Robert Swan Mueller III is the United States Attorney for the Northern District of California. The charges against Sklyarov were pressed by one of his subordinates. It is overwhelmingly likely that Mueller was never consulted about the Sklyarov prosecution.

Again, if you're going to slander someone, then at least get which branch of the government they work for correct.

The next time you decide to rant off with your anti-government rhetoric, please do your research.

Legality of evidence

[rjh]

In American courtrooms, evidence which is obtained illegally is treated no different than any other evidence, as long as the government had no role in the illegality.

If the government played any role in the illegality, then the evidence is suppressed.

Framing a guilty man

[rjh]

While I generally agree with your assessment, let's put it in a little more focus here.

The detective responsible for the case, Mark Fuhrman, committed perjury on the witness stand and was exposed to the jury as being an unrepentant racist. That, in turn, meant that virtually all the evidence in the criminal trial was suspect. After all, most of the evidence went through Fuhrman's hands at some point. And if Fuhrman would lie on the witness stand, then it's also very possible that he would doctor evidence to ensure a conviction.

Fuhrman's perjury is what sunk the OJ trial. OJ was acquitted, as was correct. If the police cannot be trusted--and the LAPD clearly cannot, given Fuhrman and Rampart and Rodney King and every other scandal that's come along--then reasonable doubt will always exist as to whether or not someone arrested by the police is really guilty.

Re:Good and bad aspects

[Steve+B]

One thing which stands out about this is that the FBI guys didn't get a wiretap order. This is obviously not a good thing. IIRC, they got a search warrant, and assummed (wrongly IMHO) that the warrant included the right to search his computer

There's a reasonable case that a search warrant for documents includes a search of the current contents of the target's computer. However, the keystroke sniffer, placed for the purpose of making it possible to monitor future communications, clearly falls into the "wiretap" category rather than the "search" category.

(The reason the two are different, and the latter requires a higher standard, is that a search can be executed in the presence of the suspect. This serves as a deterrent against illegal expansion of the search into a fishing expedition. Wiretaps, obviously, cannot be known to the suspect until after the fact, which makes them more open to abuse.)
/.

The FBI will use this to fight encryption

[alteridem]

This guy will probably have his case thrown out of court because agents, without a wiretap order, recorded a suspect's computer keystrokes which the FBI will then spin to make their point that common citizens should not have strong encryption. They will then push for one legal encryption scheme that they have a backdoor password to (deja-vu anyone?)

This falls perfectly into the government's propoganda that only criminals use encryption. Why is it that more of us don't use PGP for all of our emails? I would happily use it if any of my friends actually had public keys. We can't fight these fights unless we all pull together.

Re:The FBI will use this to fight encryption

[cdgod]

"This falls perfectly into the government's propoganda that only criminals use encryption"

And the government is right. The RIAA, MPAA, and Adobe are all using encryption.

It's an interesting dycotomy: on one hand you have the government saying breaking encryption is illegal (DMCA). On the other you have them saying "using encryption" should be controlled or illegal.

I am wondering do different parts of the US government ever speak to each other?

Re:So simple its scary

[SweenyTod]

The one thing I've always wondered about biometrics, is what happens when somebody steals a copy of your finger prints or a digital picture of your retna?

It's easy enough to generate a new passphrase or digital key, but swapping fingerprintes must be a bugger of an operation.

Re:tempest radiation off an LCD?

[VFVTHUNTER]

Highly debatable. I read that LCD's produce NO emission's in Phil Zimmerman's Introduction to Cryptography (its a PDF that comes with PGP). I am trusting Zimmerman on this, but seeing as how I trust his program (PGP) and the FBI's statements prove its security, I really have no trouble trusting him on this.

At any rate, it's better than CRT. And unless you want to construct your own Tempest shield, it's really the only feasible option.

PGP *IS* Invincible

[VFVTHUNTER]

From the Court Order: Normal investigative procedures to decrypt the codes and keys necessary to decipher the "factors" encrypted computer file have been tried and have failed"

They couldn't break PGP. PGP _is_ secure. So they broke his computer, which is not secure. They have not said specifically if they used hard or soft methods - they may have used a hidden program, or they may have used Tempest technology.

For all of you mafioso reading, keep this case in your mind. Do all of your illegal activities on a laptop, and take it with you every where you go. The FBI can't install software on a laptop they can't get to, and they can't pick up tempest radiation off an LCD.

Re:So simple its scary

[javatips]

why waste all those NSA CPU cycles tryin gto crack it - just grab teh passphrase

That's the way to go...

All cryptography expert will tell you that the best way to break encryption is by attacking the protocol. What most people forget, is that entering a secret (the passphrase in this case) is part of the protocol. It is so much easier to attack this part of the protocol than to attack other parts.

However I did not know that an agent was allowed to modify the scene when doing a search warrant. I always (maybe wrongly) though that search warrant were done to gather information based on what's present. Not to allow an agent to add spoofing devices without your knowledge.

Re:Hrm ...

[karb]

The point that I'm making is that while *we* would ask for more oversight for the FBI, in absence of abuse it is absurd for us to expect *them* to want more oversight.

Hrm ...

[karb]

I'm usually one of the FBI hawks here (I'd always thought it would be cool to work for them).

But, I think it's reasonable to agree that they probably need to get a wiretap to install the detection software.

However, I don't think they're evil. They have no need to control their own authority because they aren't planning to misuse it, hence the arguing for the search warrant only.

I don't agree on the disclosal of the methods, however. It's probably simple ... enough to fool a criminal. If we know what it does, I don't really see why we need to know how it does that.

Re:Hrm ...

[karb]

Yes, I agree.

I was pointing out that it would be absurd for the FBI to request more oversight, in light of typical /. comments saying the FBI is evil, or the embodiment of big brother, etc.

The less oversight they have, the more effective they probably feel they can be in fighting crime. It's up to the people (us) and the courts to put checks in place ... I just don't feel it's right to demonize the FBI when they seek less oversight in instances like this. (Even though I think they're wrong ... we'll see)

Re:Hrm ...

[karb]

Yeah, but 99% of the FBI's troubles seem to lie with bad processes. I worked at a college with only about 1,000 computers, and we were 'losing' things all the time :)

And about the wen ho lee thing ... I'm not sure what the scandle was, but he got off easy ... I don't know, maybe that's the scandle?

Re:Hrm ...

[gwallen3141]

"They have no need to control their own authority because they aren't planning to misuse it" Well aren't you the trusting soul. What we need to remember is that the FBI is made up of people each of whom has their own agendas, personal as well as professional. If the agenda of every member of the FBI was 'to protect and serve' I would gladly climb onto your bandwagon. If, on the other hand, those agendas involve 'catching the bad guys at any cost' or 'getting attention, promotion and personal power' then we're going to have some problems. I join with the founding fathers in betting on the latter.

Re:Hrm ...

[gwallen3141]

Point well taken.

My point, however, was that even given the presence of abuse it is absurd to expect them to willing accept oversight. Consider the recent difficulties for which they are being pilloried by Congress (e.g. missing laptops and the Wen Ho Lee affair). I haven't followed the hearings closely but I would be very surprised to hear that any FBI representative had said, "Sure, we'd love for our activities to be more closely supervised by Congress."

they DIDN'T have a judge's approval!

[Coolfish]

From the article: agents, without a wiretap order, recorded a suspect's computer keystrokes.

So before people start flapping their mouths bout how this mafia probably got what he deserved, the agents didn't have a court order to do this. Think about it. If FBI agents have enough "probably cause" and figure they should tap your computer cause you're under suspicision of doing something illegal, and they don't even have to go see a judge to approve it, then your privacy and civil rights have gone right out the window.

Re:they DIDN'T have a judge's approval!

[plague3106]

What i wonder is, if the FBI doesn't find anything once they enter my house with a search warrent, could they leave a camera behind in hopes of taping me doing something illegal. I would hope that goes beyond the 'resonable search' the 4th amendment protects. Does anyone one know how much freedom the FBI has to bug people, especially when a search doesn't turn up evidence?

Re:they DIDN'T have a judge's approval!

[BlueUnderwear]

> they have to cease listening after 1 minute if there is nothing relevant to the case said, and wait 1 hour before resuming listening, or something like that)

Does this mean that if you spend one minute talking about the weather, how are the wifes and the kids, etc. you get one wiretap-free hour of talking "business"?

Re:they DIDN'T have a judge's approval!

[drnomad]

This is true. Whoever you are, whatever you do, if your computer usage is wiretapped, it's not only your collection of conspiricay documents which they will find, it's not only the black lists they will find, they will find everything. Facts need interpretation so whether you are guilty or not, does not matter, because it's the fact interpretation that counts, and you can make anything look bad.

Suppose someone is busy with "the-process-of-being-a-criminal", the so-called facts they find can make a killer out of a burgular - and I don't think that's the same thing. Eventually, the people get used to the technique of keyboard wiretaps, the barrier for using it will go down, and then what? They can use it on innocent people.

The Maffiaguy in this story has probably "deserved" this or something, but this (ofcourse) stirs up the discussion when and where to use this.
--

Re:they DIDN'T have a judge's approval!

[drnomad]

Hmm, that's not what I meant. I actually meant is that not every act of breaking the law is criminal behaviour, take speeding tickets for example.

So if barriers for using this go down, you can actually try it on anybody, as no-one is innocent. If a police officer were to walk next to me for a week - holding up the law, I'd be bankrupt for the rest of my life. The same goes for any person.
--

Re:they DIDN'T have a judge's approval!

[SuiteSisterMary]

Yup. Whereas a traditional 'wiretap' sits between two phones, the telephonic equivalent of this would be placing an incredibly small recorder in the mouthpiece of the phone itself; it's not a 'transmitted communication' at that point, under the letter of the law. Sounds like stuff like this will need an amendment to the wiretapping laws to make the letter closer to the spirit.

Re:they DIDN'T have a judge's approval!

[Enigma2175]

Re:they DIDN'T have a judge's approval!
Yes they did. See for yourself.

From the document linked:

The seizure and retrival of key related information and encrypted file(s) ordered pursuant to this order do not involove captured communications protected under title 18, United States Code, Sections 2510 et seq..

This would indicate to me that this was an illegal wiretap. I'm not sure if there is a precedent judging whether keylogging is a wiretap or a search, but common sense says it is a wiretap.


Enigma

Re:they DIDN'T have a judge's approval!

[Elvis+Maximus]

Yes they did. See for yourself.

-

Re:they DIDN'T have a judge's approval!

[ichimunki]

Eventually, the people get used to the technique of keyboard wiretaps, the barrier for using it will go down, and then what? They can use it on innocent people.

And this is a problem how? :)

Either they find out that people are not so innocent after all, or tracking the innocent people wastes inordinate amounts of FBI time, making it easier for criminals to slip under the radar.

Disclaimer: when I'm not being sarcastic I fully support the rights of the non-to privacy and security in their persons. That some crime is undetectable without the invasion of privacy is a price that society must pay to protect the liberty of all.

Re:they DIDN'T have a judge's approval!

[dj28]

They had a search warrent, not a wire tapping warrent. Two different things.

Re:they DIDN'T have a judge's approval!

[unicaller]

The cort did aprove the use of the keyboard tap.

Re:they DIDN'T have a judge's approval!

[unicaller]

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered." from http://inq.philly.com/content/inquirer/2000/12/04/ front_page/JMOB04.htm

Re:they DIDN'T have a judge's approval!

[Zathrus]

Sure. Have fun guessing that one minute out of sixty when they ARE listening.

Re:they DIDN'T have a judge's approval!

[markmoss]

tracking the innocent people wastes inordinate amounts of FBI time, making it easier for criminals to slip under the radar. So? I remember when the FBI spent inordinate effort tracking a few, mostly harmless, political radicals, while claiming that the Mafia didn't exist so they didn't have to put any resources into fighting organized crime. Anything that makes it easier for them to do this sort of thing is BAD.

Note however that this case involves a fine technical point: they got a warrant, but it wasn't the right kind of warrant for a wiretap, and this does seem to be a wiretap as far as the technology goes. On the other hand, wiretaps are especially limited because when you tap a phone, you are tapping two persons, and often one of them is not a suspect. Tapping the keyboard cable doesn't involve an innocent third party. I can see a court reasonably going either way on this one...

Anyway, the big problem is that the penalties are backwards. Cops don't go to jail for illegal searches. DA's don't get disbarred for fooling some judge into approving a warrant that doesn't really cover what they are going to do. It's pretty unlikely that the judge who signs a warrant on insufficient grounds will even get a reprimand. ALL THAT is what should happen when the cops and prosecutors step over the line -- not tossing out the evidence.

Re:they DIDN'T have a judge's approval!

[actiondan]

how did they tap his keyboard without breaking into his house illegally (without court order) or is the first recorded TEMPEST tap by the FBI?

IIRC, they did enter his house (with a search warrant) and installed a (presumably hardware) bug.

They are claiming that it did not constitute a wiretap (requiring a court order) because no communication was intercepted - only usage a computer. The complication is that the computer was used for email...

Re:they DIDN'T have a judge's approval!

[Amazing+Quantum+Man]

Straw man.

By your argument, the FBI could place a tape recorder in my house during one warranted search and pick it up during another. Same principle, and that would be an illegal wiretap.

Re:they DIDN'T have a judge's approval!

[Runt-Abu]

This would never happen in the UK you see thanks to the incredibly nice and friendly RIP bill. [http://www.stand.org.uk/]

DMCA

[Kanasta]

Hmm. I thot your DMCA said it was illegal to decrypt stuff w/o the owner's permission. So even if they had the key, they shouldn't be allowed to use it w/o a warrant.

Anyway, that key sniffer sure sounds like a circumvention device to me. Better go arrest the manufacturers too while you're at it.


---

The Speed Trap analogy

[ka9dgx]

It's like this... a search is a single shot event... much like a parked State Trooper on the highway. You watch for him, slow down, and all is well. Everyone accepts this as a way of making revenue for the agencies, and a reasonable trade off in keeping drunks down to a low roar.

A wiretap (or in this case some other form of bug) is like having the police put a monitor in your car, monitoring your speed and location until they come and pick it up.

If you know the police are watching, you act accordingly. Would you really want to get a ticket for every single time you went more than the posted limit? Would you want to live in a country that allowed it?

The bill of rights is a restraint on government, because it's better to let ten guilty men go free than to wrongly convict one innocent man.

The bias against the persons involved is irrelevant, innocent until proven guilty. The bug was illegal.

--Mike--

They are fighting against the clock

[dybdahl]

Passwords won't mean much when public/private key encryption in USB keys becomes normal, and the next step is to have things only viewed decrypted on a pocket computer, which makes is virtually impossible to bug or tap anything.

I wonder if somebody would port gpg to my Palm computer?

Re:They are fighting against the clock

[jezreel]

Aren't they able to tap your wireless GSM/Bluetooth communication? I bet they are (or will be)

Re:They are fighting against the clock

[jezreel]

Uhmm... sounds kinda right ;)

Re:They are fighting against the clock

[dossen]

I think the idea is, that the file is decrypted LOCALLY on the handheld. Thus there is NO cleartext document being communicated over GSM/Bluetooth for the feds to catch. Of cause they can still try to get at the handheld, but such is life...

Re:This is going to make me unpopular but...

[slykens]

Wiretap or no wiretap, the indeed Feds had permission to enter surreptitiously in this case.

This will make me unpopular too, but...

What would have happened had this guy been working late when the FBI broke in? Here in Pennsylvania (and even more notably Texas) it is lawful to shoot to terminate an illegal entry into one's home or place or business if it is reasonably believed that the actor intends to commit a felony on the premises and force less than deadly would not stop them. (18 PaCS 507c4i)

Specifically, what position would the FBI and US Attorney's Office taken had this guy justifiably shot an FBI Agent? What if the FBI returned fire and killed him? Without the FBI making their "lawful" presence known this guy would have no reason to believe it wasn't a gang of jack-booted thugs. (Pun intended)

Re:Good

[mOdQuArK!]

I dunno 'bout letting the truly-guilty go free (if there is no real doubt about the quality of the illegally-gathered evidence).

I always thought it might be a better idea to go ahead and use the evidence, but then go ahead and throw the book at all of the people who were responsible for collecting it illegally (at the very least blacklisting them from law enforcement, and with the possibility of jail time).

You'd only have to do that a few public times before most enforcers would only play by the book, unless they thought it was worth sacrificing themselves to take down somebody exceptionally bad for society.

Of course, there should be a special place in hell for those enforcers who make up evidence.

Re:Good

[mOdQuArK!]

You can't do that and still maintain the integrity of the Bill of Rights. To allow someone's rights to be violated by the government, and then to allow that to be used as evidence makes them meaningless.

I don't agree. That's like saying that punishing someone for suppressing free speech makes the Bill of Rights meaningless. I'd argue that allowing minor points of law to overrule the facts is a major factor in reducing the respect of the average citizen for the rationality of the law.

You will NEVER discourage government agents violating the Constitutional rights of citizens unless you then DENY them the rewards of the violation, ie, the illegal evidence that leads to a conviction.

Again, I disagree. You seem to think that government agents act irrationally. If penalties are properly chosen, you _will_ discourage most government agents from illegally gathering evidence. If they are confronted with the choice, then they will have to decide whether the destruction of their lives is worth putting their suspect behind bars. If they're looking at an organized crime leader directly or indirectly responsible for the deaths of thousands who will otherwise walk on a technicality, they might decide that it was worth it. And you won't have scumbags laughing with their high-priced lawyers scott-free on their way out of the court.

To the courts, there is no difference at ALL between illegally obtained evidence and false planted evidence, and that's the way it should be.

No, this is not the way it should be. There's a factual difference between illegally obtained evidence & false planted evidence, and this should be taken into account when determining someone's guilt.

The best way to discourage this practice is to BOTH disallow that evidence, AND to prosecute those responsible.

As long as the evidence is beyond question, there's no benefit to society to let a guilty-beyond-all-reasonable-doubt person go free. In fact, it's easy to argue that the current system lets the guilty person go free AND lets the illegal-evidence-gathering person remain in law enforcement and/or relatively unpunished. The best result for society is that the truly guilty be punished, in both cases.

Now, to prevent conflict of interest, I'd certainly agree that any agency responsible for monitoring & discouraging illegal-evidence gathering activities should be autonomous from the agency they are monitoring, and should have the legal authority to back up their duties, unlike the silly Citizen Review Boards & Internal Affairs departments which so many enforcement agencies use to cover their asses.

Re:So simple its scary

[Greyfox]

Compromising the passphrase is always easier. I'm sure that you could extract the passphrase from just about anyone given a couple of hours and a pair of needle nosed pliers. It's pretty easy to ignore those inconvienent laws against that sort of thing, too, especially if your suspect is thought to be a domestic terrorist or a copyright infringer.

Might be illegal now.

[Sax+Maniac]

Van Eck phreaking may very well be illegal now, even for cops.

Awhile back, there was a case where the cops used a heat scanner to detect marijana plants inside a house. The lights necessary to grow them efficently apparently give off a recognizable signature, and your average house doesn't have quite so many of them. However, it was ruled that this was an illegal "search".

Re:Might be illegal now.

[Dr_Cheeks]

Yeah, that rings a bell. IIRC it was ruled that the cops were effectively searching the house without a warrant - the tech simply enabled them to do this from outside. Following on from that precedent, I guess Van Eck Phreaking could be considered to be bugging someone at a distance.

However, since the FBI are accused of not seeking clearance to run this "wiretap", I'm guessing they wouldn't bother if this was illegal or not either. And since it's a passive, non-invasive process, you'd never know they were doing it until they tried to use it as evidence : (

Re:Might be illegal now.

[DrSkwid]

the grapevine tells me (so it could be hopeless tosh) that when UK pigs have nothing better to do they fly over the low rent areas and use the infrared camera's on the chase helicopter to find "glowing" houses. Being the paranoid types that will believe most things, dope growing was generally moved to the cellar in our town. We would here the 'copter flying round at 2am and feel safe in our beds.

Mind you at harvest time you could smell the flowers in the street as they wafter up through the air vents.

The best/worst story I heard was somebody coming home to find the fire brigade dousing their house where their dope crop caught fire in the loft. The poor guy just had to keep walking and leave the mess and whatever was in the house behind him.

.oO0Oo.

Re:Who has the right to privacy?

[wannabe]

Forgive me for being too ultra paranoid.

We are currently in very dangerous times. Every action by our government must be highly scrutinized to make sure it is in the best intrests of the populous.

Yes, this guy's a mobster. The courts will ultimately decide his guilt. Maybe it's fine that this guy goes away.

Is the FBI right to do this without permission of an advisory? Absolutely not.

The FBI is not autonomous, neither is our government. Both need oversight. Our constitution provides a means to oversee our government namely in checks and balances as well as elections. In a last resort we have the right to choose a new government as a government derives its authority by the consent of the governed.

If we choose to not fight each and every small battle for our privacy and rights, later we will not have the option as the war will be lost.

Justice is for those who can afford it.

[ronmon]

The ordinary citizen doesn't have the financial means to contest the blatant abuse of power being wielded by the Feds. It's with grave misgivings that I find myself rooting for this guy to win, so that our basic rights of privacy can stand.

Re:More people SHOULD use encryption

[4of12]

People already dislike the idea of government-held key escrow so that idea is not likely to fly again any time soon either.

Hmmm. Sounds like a business opportunity to me.

How about "MS Visa Passport .NET", borrowing a few ideas from AOL marketing about it being "easy", "fun", "hip", "sexy", etc?

I always knew

[cybercuzco]

I always knew taco was a troll at heart

Re:Is my DNA protected by the DMCA

[cybercuzco]

No, because neither god nor you own your DNA. Specific DNA sequences can and have been patented by whatever drug company first discovers them. Ignoring of course the fact that its a discovery, not an invention, but hey the USPTO is wacky like that. For example, theres a certain gene that will tell wether or not you have a predisposition towards certain types of breast cancer. In order to test to see if you have that gene, you have to pay a drug company a royalty, because they have a patent on that gene. If anything, the drug companies can sue God for patent infringement.

Re:What's the problem?

[dead+sun]

The problem is when the law is unjust and makes something that shouldn't be illegal into a crime. I do so cherish the thought of a state where those in power can change things such that the masses are in their complete control, as opposed to the masses controlling their government.

So get down off your high horse you coward. Show the world you enjoy your freedoms and liberties. Each small thing the government takes from us leads to another. Where will you draw the line? When will you realize that the law is a changing thing, and if these sorts of injustices keep up, that sometime down the road, maybe not today or tomorrow, it will be defined such that you're breaking it? What will it take?

So think about that for a second. Its not an advocacy of crime, its an advocacy of rights. Hell, we've come a long way to get our rights, and I for one don't want to go back to the persecution that was found mere centuries ago.

Re:The problem with biometrics

[errxn]

...who's to say they won't drug you and use your body against you?

They've already tried that. Ever heard of MK-Ultra?

Steganography is more than that.

[Dr_Cheeks]

"...the hiding of messages in images..."

Actually, hiding messages in images is just one application of steganography - a while back there was a story about a girl who did a science project about hiding a message in the DNA of a pigeon (http://slashdot.org/articles/00/03/14/1924204.sht ml).

In a wider sense, it's the practice of hiding data in other data (typically a lot of other data to make it harder to find), but still being able to retrieve it on demand.

Re:Steganography is more than that.

[martyb]

Hey! Thanks for the info! I had no idea that steganography was such a wide-ranging idea. Reminds me of Edgar Allan Poe's: "The Purloined Letter" where the main character (IIRC) hid a sensitive letter about someone in government in plain sight. The authorities were so intent on looking for it in obscure and well-hidden locations, that they missed what was out in the open. Anyway, thanks again for the clarification and the links!

methods for keystroke logging?

[wunderhorn1]

Where does the bug typically reside? In software?

Wouldn't it be possible to check for strange processes running? Or Win2K now has "hit ctrl-alt-del to logon", would it be possible to implement systemwide encryption in a manner similar to that?

Or if it's in hardware, do you keep your keyboard on your person 24/7? Or use only a laptop and do the same?

Re:methods for keystroke logging?

[mikeee]

Or encase it in concrete.

Re:methods for keystroke logging?

[snarfer]

I kow that Last Resort has been doing this for a long time.

Re:methods for keystroke logging?

[phantumstranger]

And in related news; The Mob is now known to be hiring geeks after realizing that they don't have time to RTFM in between money laundering and Wall Street extortion.

"We really don't have a full understanding of this [expletive] technology and we really don't give two [plural expletive] about wanting to learn it.", a spokesman for the New York 5 Families was quoted as saying.

He continued with, "But we ain't gonna get pinched because of it, so we hired a couple of those smart-ass techno-nerds to make sure that the way we run our *businesses* is as tight as legally can be."

Tomorrow, we venture into the world of hacking Monks and how they are trying to circumvent technology that would keep God in our lives.

Larry?

He should have been using Windows XP

[Dambiel]

Then if the FBI installed a tap on the keyboard, windows would have stopped working because of the hardware change.

I don't see linux employing privacy invasion countermeasures like this ;-)

PGP support in mail readers.

[E.R.]

One of the reasons public key encryption is not more widespread is the lack of support in popular mailing software. Normal users do not feel that encryption is important enough to bother downloading and installing patches/modules to their MUAs. Now, if it was already part of the package and all you had to do was to click a button on the toolbar to turn on signing/encryption, it would be much more probable that people actually used it.

As for standards, (open-)PGP is the only encryption format widespread enough for practical use. It is also well-documented and there are conformant applications and libraries for most if not all popular platforms.

Re:Good

[CaseStudy]

But in the US it seems the means justify ends - letting someone known to be a serial killer free just because some inspector or police made a mistake.

That's not the exclusionary rule does. All that happens is that the evidence gathered illegally is thrown out. The case isn't dismissed.

Re:Good and bad aspects

[SuiteSisterMary]

expansion of the search into a fishing expedition.

Remember, folks, unless they have the little piece of paper that says 'search warrent' you can make them stand in the door when they're asking questions, cuz if you let them in, they'll wander around looking at things while they talk to you.

Re:Good

[SLi]

This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free.

This is a thing I've never understood in the US legislation. Here in Finland a court has to consider any evidence, even if obtained by illegal means. This just means that the person who used illegal means will also be prosecuted.

Perhaps someone knows something more about the history of this piece of legislation which seems particularly strange to me?

Re:Good

[SLi]

How many cops are in Jail for gathering evidence illegally in Finland?

To be honest, I don't know of any.

It's true that the courts generally trust here the police more easily than a "normal citizen", especially in a word-against-word situation (should I believe it's much different there?). But then, I haven't heard of any such crime committed by the police for which imprisonment is the punishment. I believe they're rather often prosecuted for lesser crimes though.

To me it just seems a bit too twisted logic that a murderer or a rapist should be let free just because some police makes a mistake, whether intentionally or not.

Can you imagine the public outcry if McVeigh had been let free because of some minor mistake on the FBI's part? Would it have been right?

Re:Good

[SLi]

Which is why we need the courts to defend the Constitution. While I'm all for putting mobsters away, the ENDS DO NOT JUSTIFY THE MEANS. To advocate that is to advocate lawlessness and anarchy.

The ends do not justify the means, and therefore the violator should be punished.

But in the US it seems the means justify ends - letting someone known to be a serial killer free just because some inspector or police made a mistake.

Actually I wonder why terrorist organizations couldn't at least theoretically use this for their advantage. It shouldn't be too hard to get a corrupted, underpaid policeman to intentionally make a "mistake" (for some nice amount of cold cash), should it?

Re:Good

[SLi]

Ok, I believe I now understand the reasoning for this law better - thanks for explaining so patiently.

I must say, though, that I think the system use here in Finland has also worked remarkably well. I admit it has its own problems, too. In an idealistic situation it should prevent rogue law enforcement because they don't want to risk losing their jobs or ending up in jail.

Too bad there's not always a solution which takes the best from both approaches and still works in a non-idealistic world.

Re:Good

[SLi]

You will NEVER discourage government agents violating the Constitutional rights of citizens unless you then DENY them the rewards of the violation, ie, the illegal evidence that leads to a conviction. To the courts, there is no difference at ALL between illegally obtained evidence and false planted evidence, and that's the way it should be.

You somehow seem to forget that even government agents want to have a life and not end in jail. That should be used as a deterrent, not freeing criminals.

Keyboard Type

[segfault7375]

Are there differences in signals by keyboard type? What I mean is, would using a DVORAK keyboard defeat this if it was designed for QWERTY?

Re:Keyboard Type

[NotoriousQ]

Nope. They would just note that the keyboard is dvorak and make appropriate changes in their monitoring software, or in the worst just look at the picture. Remember they actually saw his keyboard.

More people SHOULD use encryption

[No+Such+Agency]

Yeah, I too would happily use PGP or a similar technology if anybody I knew used it. That's the problem: nobody feels that e-mails containing "fwd:fwd:fwd:Funny joke" and pictures of their cats warrant spending time and money on encryption. Most people, if they don't feel secure sending sensitive info (credit card #'s, financial records, naked pictures of their spouse) by e-mail, will make a phone call or send a registered letter instead. So how does widespread encryption usage get off the ground? I suppose this is one case where all the paranoia about "hackers" could serve a useful purpose and not just as FUD. People already dislike the idea of government-held key escrow so that idea is not likely to fly again any time soon either. So all we need is one encryption standard that the general public feels comfortable using. Could it be PGP? I dunno.

Re:More people SHOULD use encryption

[andymoe]

Maybe M$ will make it all better, ha.

Police moral decay?

[Sara+Chan]

This weeks edition of The Economist has several stories surveying illegal drugs. The story relevant here is the one on Collateral Damage, which begins

The most conspicuous victim of the war on drugs has been justice, especially in America, ...

The attack on drugs has led to an erosion of civil liberties and an encroachment of the state that alarms liberals on America's right as well as the old hippies of the left. At the Cato Institute, a right-wing think-tank in Washington, DC, Timothy Lynch is dismayed by the way the war on drugs seems to be corrupting police forces. ...

Civil liberties ... suffer because there is usually no complaining witness in a drugs case: both buyer and seller want the transaction to take place. The police, says Mr Lynch, therefore need to rely on informants, wire-taps and undercover tactics that are not normally used in other crimes. The result is "a cancer in our courtrooms", as he puts it, that proponents of America's drugs war rarely acknowledge as one of the costs of prohibition.

Gradually, the police get accustomed to using these "undercover tactics" even when doing so violates civil liberties. And then they use those tactics in more and more investigations, whether it is legal to do so or not--like (perhaps) keystroke sniffing. And of course, they claim that the end result justifies the means. Clearly, Justice is the loser.

I'm not sure that I agree with all this, but it's an interesting perspective.

It is not wiretapping!

[www.sorehands.com]

Under the definition it is not wiretapping! It is illegal use of a computer! If any one of us did this, we would be arrested. They accessed a computer without authorization, then installed software that stole information from it.

Re:Is my DNA protected by the DMCA

[MaxwellStreet]

A neat little interview with the USPTO's guy in charge of gene patenting appears in this month's Scientific American.

Actually, patents are only granted on genes as chemical compounds - not on anything as they exist in nature.

If a drug company decodes a gene to the point that they can come up with a nifty test to detect a genetic disorder, it's patentable.

And apparently the USPTO is raising the bar for getting genetic patents approved as well. (See the new criterion for "utility").

Re:not quite

[rfc1394]

>>IMHO, if he had anything written down they could have taken it when they searched
Only if the warrant listed such things. When you go to get a search warrant, you must specifically state which items are being searched for. Any other items you come across during the search are inadmissable as evidence.

Not true. Let's say the police have a warrant to search your house for a stolen piano. They may reasonably search any place (within the area specified by the warrant) where the piano might be.
If one of the cops opens a desk drawer and finds crack cocaine or child pornography, that's inadmissible because it is not reasonable to find a piano in a desk drawer.
If they open a coat closet and find a dead body of someone you had butchered and were eating, same thing - it's not reasonable to expect to find a piano in a coat closet - and that's inadmissible too (unless it's arguable that it is reasonable to presume the door being opened was of a size large enough for a piano to fit in there; a closet in the middle of the house that just looks like another door is probably valid as a place to search but not the closet next to the entrance). Also if the door is too narrow to allow the piano to fit through it would be unreasonable to search that area.
Now, if they find the crack or kiddie porn (or the dead body) inside the stolen piano, that's valid evidence that can be used against you. Same if the contraband is lying in plain sight in the living room of your house, it's legal to use that against you too.
If the warrant says the alleged piano is at 1423 Main Street Apartment A, and the piano is actually in 1425 Main Street Apartment A, the police can't go to that building unless they get a new warrant (unless they saw (or possibly had reason to believe) the piano being moved while the search was in progress in which case they might be able to do so; it's at that point is where the lawyers make their money arguing legal issues.

The problem with biometrics

[kilonad]

...with biometric stuff getting so cheap, soon typed passphrases may only be part of the puzzle...
As it stands right now I see passphrases as being MORE secure than biometrics, the way the FBI stands. Think about it -- if they're willing to illegally wiretap your computer to get your passphrase, who's to say they won't drug you and use your body against you? Fingerprints and retinal scans are the same when you're drugged as when you're sober. Passphrases can die with you... your fingerprints can't.

Re:This is going to make me unpopular but...

[Suidae]

Quite simple, they would have explained that he got hostile while they were attempting to execute a search, that he shot an agent, and was then killed.

You'd think that someone with a laptop containing evidence that could convict them would not leave it lying around unattended long enough for anyone to install a keylogger. What a dumbass.

Re:The Worst Part

[snarfer]

The worst part of this to me was that the US Attorney was refusing to tell the defense how this program works.

I know that programs like Last Resort catch every keystroke you type and put it into a file that you can check later. It's been around for years. I remember opne guy wrote a book where they caught a guy stealing company secrets using the program.

Hmm, I wonder what it could be?

[taliver]

U.S. Attorney Robert J. Cleary has told the court that the surveillance device is a "highly sensitive law enforcement search and seizure technique" and should not be made public.

Could it be this?

Or how about this?

I'm pretty sure there was a piece of hardware as well...

Re:Is my DNA protected by the DMCA

[jaga~]

I'm sorry, I own my DNA. I reserve all rights to their use, and hold such right closely, thanks. Any government that recognizes someone else's claim to my DNA must be overthrown.

Re:Sad day

[firewort]

At 27, what have you done to warrant a red flag in your FBI file? Did you use the FOIA to find out about your red flag?

I'm in Raleigh, what part of NC are you in?

A host is a host from coast to coast, but no one uses a host that's close

Re:Two solutions

[firewort]

Yes,

but your monitor isn't shielded and the screen can be read outside your building at staggeringly large distances.

If you do attempt something like this, shield your monitor, or shield your room.

A host is a host from coast to coast, but no one uses a host that's close

Good and bad aspects

[Jetifi]

One thing which stands out about this is that the FBI guys didn't get a wiretap order. This is obviously not a good thing. IIRC, they got a search warrant, and assummed (wrongly IMHO) that the warrant included the right to search his computer, which necesitated something like this.

However, which would you rather have: a targeted bug/sniffer program which can only be used selectively (as in this case), or carnivore, which has the capability of dredging through large amounts of email regardless of who it's from?

I would rather that the FBI stick with keyboard bugs and trojans (nap the sub7 guys and 'turn' them :-), than have them install something upstream of whoever they're targeting that has the capability to do far more damage to many people's privacy.

Re:Good and bad aspects

[TeraCo]

Didn't the warrant they got explicitly say they were ALLOWED to put a device into his computer? Sounds just like the sort of thing they need.

Re:Good and bad aspects

[gear7000]

It is appalling how easily you roll over on an issue of this magnitude, weather they are violating one persons rights or a thousand it is still a violation. If they do it to one it wont be long before they are violating ten....and so on and so on. It is excepting the lesser evil that will lead to the down fall of society.

encrypted keyboards?

[Sebastopol]

I AM NOT A CRYPOTGRAPHER: So why doesn't somebody take a keyboard, replace the microcontroller (typically a cyrix 63412) with a beefier one that can do hardware encryption, and use a protocol with a device driver that establish encrypted transmission across the keyboard's cable?

I'm sure there's a protocol somewhere in "Applied Cryptography" that covers this scenario, something that defeats a sniffer.

I wouldn't be surprised if this already existed.


---

Re:encrypted keyboards?

[anarcat]

The thing with that is that it's moving the problem. The FBI can now just set a camera on the keyboard, sniff the keyboard itself (not the wire), etc, etc.

Once the FBI (or any competent person, for that matter) break into your house and tap it, there's not much you can do to insure hardware integrity.

Heck, there's no way to insure hardware integrity apart from building your own (!).

Re:encrypted keyboards?

[sakul]

I don't think this would work. At some point the message goes in unencrypted. This would only make the FBI's work slightly more difficult and with all the money they seem to have to waste I doub't it would do anything to stop them.

Re:This is going to make me unpopular but...

[Elvis+Maximus]

The problem in this specific case is that the FBI had a search warrant, not a wiretap authorization. There's a distinct difference: the suspect knows that his home or office has been searched when a search warrant is acted upon. In the case of a wiretap, the suspect necessarily knows nothing.

Wiretap or no wiretap, the indeed Feds had permission to enter surreptitiously in this case.

-

This is going to make me unpopular but...

[Elvis+Maximus]

...I actually think this is a good thing.

We've been told for years that encryption must be controlled because it gives Bad Guys the power to evade law enforcement in a way that was not possible using traditional means of telecommunications. This arrest puts lie to that claim. You can have publicly-available encryption without disrupting law enforcement's existing ability to conduct court-ordered surveillance.

I know some of you have a beef with court-ordered surveillance, and that's cool. But if you don't, then how is this case any different from surreptitious voice recording?

-

Re:This is going to make me unpopular but...

[Elvis+Maximus]

Uh, because the court didn't order any surveillance?

The court order is here. It grants permission to:

...search for and seize key related information from Nicodermo S. Scarfo's computer in the TARGET LOCATION by deploying recovery methods which will allow the Government to read and interpret data that was previously seized pursuant to a search warrant on January 15, 1999, as well as those to be seized under this present Court Order. (Emphasis mine.)

It seems from this that the judge indeed intended for a device to be used to get the private key. Scarfo's lawyers are just trying to argue that he should have specifically said "wiretap" if the device actually transmitted information. It's lawyerly semantics.

-

Re:This is going to make me unpopular but...

[sh00z]

I know some of you have a beef with court-ordered surveillance, and that's cool. But if you don't, then how is this case any different from surreptitious voice recording?

Uh, because the court didn't order any surveillance? It was a search warrant, not a wiretap order. And now the Feds won't even say if the technology crossed the line (which means it probably did). Just another example of the culture of arrogance that Robert Mueller is about to be grilled about how he intends to correct it.

Re:This is going to make me unpopular but...

[sh00z]

...deploying recovery methods which will allow the Government to read and interpret data...

Which would cover them if his key was written on a Post-it note affixed to the bottom of the keyboard.

That says "recovery methods," not "montoring methods." It's more than semantics. It's the difference between finding a smoking gun and placing a device which would notify them of future firings of a gun that hadn't been implicated in a crime. It's a wiretap, whether those are active transmitters, or simply recorders which would have to be physically retrieved at another time.

Dammit!

[GungaDan]

Can't they leave poor mafiaboy alone, already?!?

Jurassic Park IV?

[martyb]

Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

and stego? Geesh! I can just see it now, Spielberg using the FBI to help fight off raging stegosauruses in Jurassic Park IV. =)

(For the humor-impaired: Yes, I am aware refers to steganography(sp?); the hiding of messages in images.)

Re:You can get the device they used for US$139

[wheel]

from the URL:

* (MacOS & USB keyboards not currently supported).

One more reason to get a Mac.

That's funny

[Zecho]

I posted this story two days ago and it was rejected.

Rejected again, that's okay I'm use to it, terminal loneliness.......(C.S. - PUTV)

Re:PGP *IS* Invincible NOT

[unicaller]

and they can't pick up tempest radiation off an LCD.

Yes and no, they cannot get a signal from the LCD it self but you can easly get it right off the wires from the video chip.

Re:So simple its scary

[Jucius+Maximus]

"I've known people who think PGP is invincable - I try to tell them otherwise. But the way teh FBI pulled this off is genius..."

I completely agree with the point that you're making here, but at least the case shows us this: Even the FBI does not have some sort of instant cryptographical or mathematical attack we don't know about that can be used to efficiently attack PGP.

Re:Is my DNA protected by the DMCA

[AndroidCat]

My parents can prove prior art, nyah-nyah!

Why FBI doesn't want to talk about the tool used

[AndroidCat]

They probably just used a copy of BackOrifice.

Physical security?

[SCHecklerX]

How did they manage to get access to the computer to bug it in the first place?

First rule of securing a box....

[(H)elix1]

Always have the box physically secured. The suspect was using encryption, perhaps firewalls, etc. Folks with a boot disk can do wonders against most OS's - though I suspect they just put a keystroke logger between the boxen and the keyboard in this case.

Wanna know if you're being sniffed?

[whizzmo]

Perhaps a small program that checks to see what "wedge" programs (Key loggers, Video capture proggies, etc) are in place would be of interest to Privacy-conscious people?

For Win32 ppl, I'm sure a short perl script that pokes around in HKLM\HARDWARE\DEVICEMAP subkeys and looks for known wedges and suspicious strings would be helpful.

If you would be interested in something like this, write me at that HOT place to get MAIL.
---
nuclear presidential echelon assassination encryption virulent strain

You can get the device they used for US$139

[asmithmd1]

The device they probably used is available commercially at Keyghost When was the last time you checked how your keyboard is plugged in?

Re:You can get the device they used for US$139

[guuyuk]

There is also a version of this same device that can be installed internally. The company also sells various replacement keyboards with the device already implanted.

Who has the right to privacy?

[PhipleTroenix]

The most disturbing quote in the article:

U.S. Attorney Robert J. Cleary has told the court that the surveillance device is a "highly sensitive law enforcement search and seizure technique" and should not be made public.

It wasn't too long ago when the people had a right to privacy and the government was forced to disclose their secrets.

Re:Who has the right to privacy?

[jeffy124]

People still have a right of privacy. The FBI in this case sought legal rights to survey the activities of an alledged mobster. The FBI had reason to survey this person's activities and obtained the legal authroization plant a deveice of some kind. The FBI won't want to waste money/time/resources/etc in surveying the activities of a law abiding citizen.

The reason they do not want the public to gain knowledge of how the device works is because the FBI may want to re-use this device in future investigations. Should another mobster out there find out how the device works, he/she can set themselves up to protect themselves from the device, hence rendering the FBI's efforts useless, and allowing a criminal to go on without facing justice. I dont think the good people of the US would like that to happen.

The keyboard is the weak link. Any solution?

[wackysootroom]

This has been a problem for awhile. Spouses logging keystrokes to see if their other is cheating on them, private investigators, hackers, etc. Why isn't the data stream that goes between the keyboard and the OS. Maybe we should be calling the keyboard companies (and OS developers) to come up with some sort of crypto for keyboards.

Is this possible on the OS level? The application level? I am not well versed in these areas, but I have been wondering for awhile.

Re:The keyboard is the weak link. Any solution?

[eXtro]

If an operating system (a piece of software) can access your hardware then the statement "it's now impossible for software to directly access hardware components" is either wrong or at least overstated.

Re:The keyboard is the weak link. Any solution?

[jezreel]

I am not well versed too.
But as I read the manual of my A7M266 mainboard it tells me that it's now impossible for software to directly access hardware components. That would mean that the only way to get your keystrokes is placing a but somewhere or get the signal somehow before it reaches my PS/2.
Am I wrong?

Re:Sad day

[ConsumedByTV]

Explain about being flagged? How do you know? How would someone else know? Did you simply assess yourself as a risk? Any good links on the subject?


The Lottery:

Sad day

[daniel_isaacs]

It's a sad day when the Gov't throws you in jail for breaking the encryption that "protects" a copyrighted work, but openly funds and encourages the development of technolgies that violate the privacy of it's Citizens.

Re:Sad day

[sh4d3r]

isn't the keyboard logging in this case a "circumvention device" for the guys PGP'd email, as it is a way to break the encryption (if not in thte traditional sense...)?

Re:Sad day

[well_jung]

It's a safe assumption given some of the groups that I have openly belonged to (at which FBI agents were commonly masquarading as members) and the newsgroups I used to read and post to (under a different name). it's widely accepted that the FBI maintians files on members of fringe political groupsI've never seen such a file, so the possiblity exists that I'm imagining things.

Let's just say I'm more than a little subversive where the Excutive Branch is concerned. :)

Carl G. Jung
--

Re:Sad day

[well_jung]

Amen. When cases like this filter up to the periphery of the mainstream, it further illustrates the substance behind the LP position on privacy.

Government should never be trusted to behave responsibly with the powers it is given. Just as Corporations' trustworthyness is inversly proportional to the amount of power they have, so too are governments. As someone with a red flag in thier FBI file, I obviously have a vested interest in being able to protect myself. I believe everyone has a vested interest in thier right to live a private life. Period.

Carl G. Jung
--

Re:Sad day

[gwallen3141]

The problem is that as some of these cases 'filter up to the periphery of the mainstream' the mainstream concludes that the government is right. 'The mainstream' isn't interested in protecting the privacy of mafiosi or Russian hackers.

Secret Decoder Ring

[EABinGA]

Check out this Java Powered Secret Decoder Ring...

Go ahead...Pull my Finger!

So simple its scary

[baptiste]

I've known people who think PGP is invincable - I try to tell them otherwise. But the way teh FBI pulled this off is genius - why waste all those NSA CPU cycles tryin gto crack it - just grab teh passphrase. Of course, with biometric stuff getting so cheap, soon typed passphrases may only be part of the puzzle and even then the FI will somehow manage to succeed.

This is clearly a case of wiretapping though. My keystrokes are the same a talking (to me anyway, IANAL) so if they need a court order to bug my house, they damn well better need one to bug my keyboard.

Time to start putting tiny pieces of tape or those warranty type stickers on my keyboard and PC :) Can't be too paranoid ;)

Re:So simple its scary

[dotty]

If I were mute and used my pc as a voice synthesizer, then my keystrokes would definately be speech, no?

Re:Good

[mikethegeek]

"Actually I wonder why terrorist organizations couldn't at least theoretically use this for their advantage. It shouldn't be too hard to get a corrupted, underpaid policeman to intentionally make a "mistake" (for some nice amount of cold cash), should it?"

This is why there needs to be balance in the law. If you are going to punish those who commit acts against law enforcement more harshly than against joe citizen, you should also punish lawbreaking law enforcement agencies more harshly.

Of course, that never happens. The point is, if things are the way you want them to be, and evidence is allowed, even if obtained illegally, then you've just made the Bill of Rights irrelevant and given any rogue agent of the government carte blanche to conduct witchunts.

Re:Good

[mikethegeek]

"Well, if the case had already reached a verdict, that verdict is thrown out. But the government can refile the case without the offending evidence. Unless of course that conflicts with double jeopardy?"

It would only violate double jeopardy if the defendant was found not guilty. The Constitution does not allow for someone to be tried again for the same charge if once found not guilty.

However, it's less likely, of course, that the prosecutors would re-try a case if the primary evidence is tossed. They'd have to have enough evidence left to even bring the charges again, much less make it to trial.

This brings up an excellent point... It seems to me that law enforcement is getting TOO dependant on high tech means of evidence gathering, to the point where they neglect conventional means. Take the OJ case for example, the prosecution made the defense's case easier given the fact that they staked their WHOLE case on DNA evidence. DNA evidence, that, it turned out, was processed at a lab with a less than stellar record.

It's likely that in this case, the FBI's case against this mobster relies almost EXCLUSIVELY on this illegally gained evidence. If so, tough shit. Convienience is no excuse to allow government operatives to violate civil rights.

Re:Good

[mikethegeek]

"I always thought it might be a better idea to go ahead and use the evidence, but then go ahead and throw the book at all of the people who were responsible for collecting it illegally (at the very least blacklisting them from law enforcement, and with the possibility of jail time)."

You can't do that and still maintain the integrity of the Bill of Rights. To allow someone's rights to be violated by the government, and then to allow that to be used as evidence makes them meaningless.

You will NEVER discourage government agents violating the Constitutional rights of citizens unless you then DENY them the rewards of the violation, ie, the illegal evidence that leads to a conviction. To the courts, there is no difference at ALL between illegally obtained evidence and false planted evidence, and that's the way it should be.

The best way to discourage this practice is to BOTH disallow that evidence, AND to prosecute those responsible.
I'd rather see guilty go free (like OJ did) than have innocent people imprisoned. Though I agree that he was guilty, I agree that the jury reached the propler verdict, given all the evidence of mishandled (and even planted) evidence and rampant police corruption. As an upside, it's no coincidence that the pursuit of corruption in the LAPD that is going on today is a DIRECT result of that verdict.

Re:Good

[mikethegeek]

"This is what happend in the OJ Simpson case. The LAPD got caught trying to frame a guilty man. The Juice walked because the police acted dirty. Note that he promptly lost the civil case."

This happened largely because the rules of evidence in a civil case (where imprisonment is not a possible penalty) and a criminal case are completely different. And, the burden of proof is less than "reasonable doubt", but is "perponderance of evidence".

Which, incidentally, I disagree with. I think that civil double-jeopardy following an acquital of the same charge in criminal court should be outlawed, as is actually implied in the Constitution. And that rules of evidence and standard of conviction should be altered to the same tough standards in criminal cases. This would go a long way to reducing abuse of civil court by the powerful as their personal persecution squad.

Re:Good

[mikethegeek]

"There was a "good faith" exception to the Exclusionary Rule that sprang out of a court case in 1983. If the cops belive that they are conducting a legal search (eg, they get a warrant, but the judge inserts a typo and the warrant is for the wrong apt), the evidence is not excluded. It does fit well with the 4th Amendment. "

Something like that I can live with, as the "spirit" of the law was indeed followed (ie, probable cause WAS shown, etc), however, it is still dangerous to allow. The 4th Amendment is very specific that the PERSON and/or PROPERTY to be searched/seized must be enumerated.

Re:Good

[mikethegeek]

"But in the US it seems the means justify ends - letting someone known to be a serial killer free just because some inspector or police made a mistake."

That, of course is not a good thing. But everyone makes mistakes, even the most skilled.

The reason why the law HAS to be what it is so that police who WILLFULLY violate the law do not get to use that illegal evidence to prosecute someone.

It's unfortunate, but the only way to prevent jailing INNOCENT people because of the actions of rogue law enforcement is to increase the chance of freeing the guilty. And the kicker is, the more power you give the jackboots, the more likely you are going to jail more innocents than guilty.

This comes because under the US Constitution, there is a PRESUMPTION of innocence. It's the burden of the state to prove guilt, and they should not be allowed to use evidence obatined illegally.

Re:Good

[mikethegeek]

"This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free."

Don't hold your breath. The FBI has a long and distinguished history of breaking the law, and I've yet to see a FBI agent be punished for what they've done, unless it's spying.

FBI agent Lou Horouchi participated in a cold blooded murder, that of Vicki Weaver and her baby, yet wasn't even prosecuted. In fact, he and his fellow jackboots got awards and promotions. Hell, the FBI jackboot who is persecuting Sklyarov is up to become HEAD of the FBI!

Which is why we need the courts to defend the Constitution. While I'm all for putting mobsters away, the ENDS DO NOT JUSTIFY THE MEANS. To advocate that is to advocate lawlessness and anarchy.

The only way the FBI will stop violating the Constitution is to lose cases against people they violate.

This is why under US law, evidence obtained illegally is NOT evidence in the eye of the courts, this is ultimately the ONLY check and balance that will provide incentive for law enforcement to obey the law.

Not the point

[TheSHAD0W]

Whether this "alleged" mobster gets off or not isn't the point. Whether the search warrant was worded properly to allow the FBI to intercept keystrokes isn't the point.

The point is, in the near future, once the courts have settled on a procedure, is that the FBI will soon be able to (routinely?) get your keystroke data and use it against you. The point is, if they don't require warrants to get that data, third parties can ALREADY grab your passwords using this method.

So how does one foil this sort of attack? The only way I can think of is to use a monolithic device, similar to a smart card, with its own display and data entry, and use it to store and implement your private keys. It requires its own keypad, so no one can bug it imperceptively; and it requires a display, so you can determine no one's switched it on you.

Good

[eXtro]

I don't by any means support organized crime. I also don't support a government that is both allowed to and willing to use loopholes in the system to drum up evidence against somebody. I also don't support a government that believes in wholesale destruction of the constitution to fulfill their agenda.

There are legitimate needs for a wiretap, and there are checks in place that are supposed to prevent abuse. Calling the process "wiretap" was shortsighted but unfortunately the name sticks. Whether you're spying using a phone tap, concealed microphones, a pair of binoculars or some as yet discovered/revealed technology you're accomplishing the same thing. This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free. Still, that is much better than a court case which ends up squashing citizens rights due to precident.

Re:Good

[Just+a+user]

Too bad our courts are as corrupt as our cops. Cases in point:

Records of the Mitnik trial sealed, explicitly to shield prosecutors, FBI agents, and the corporate "victims" of Mitnik's activities from felony prosecution and civil damages (fraud, solicitation of perjury, perjury).

I won't even mention the Supreme Court Republicans and Al Gore's 30,000 vote margin of victory in the Florida election.

We live in a dictatorship of the Corporations. Sure it's a demoncracy: One dollar, one vote.

99 buckets of bits on the wall...

Good vs. Evil

[jezreel]

On the one hand you could make a law that enables authorized persons to "share" your privacy if you're the suspect of a crime. It would have to be ensured that these persons, should the suspicion been proved wrong, will NEVER tell anyone about what they've seen/heard/recorded. Now that's an open door....

On the other hand I'd like to see as much criminals blown, regardless wether they communicate with each other by email or phone. There'll always be possibilities to hide information from the feds, but that doesn't give you ANY right to be criminal

Re:Two solutions

[markmoss]

Monitor emissions can do a lot of spying, but they will not reveal your password (unless you're using software so braindead it displays the password when you type it). Not that a shielded, encrypted keyboard would be full protection for your passwords, either. It might defeat a physical or distant (Tempest-type) tap on the keyboard cable, but if they break in, they can load a keystroke monitor program that will snag the keys after they're decoded. Remember, the keys have to be decoded before they are presented to the OS to either handle itself or pass on to various applications. It might even be possible to decode your motherboard's radio emissions to tell when it's processing a keystroke and pick that up...

Ways to detect this?

[Rick+the+Red]

Let's say the FBI walks into your house and plants one of these keystroke sniffers on your PC. How can you detect this? Oh, and let's assume it's a software sniffer, because if you're doing something that might attract the attention of the FBI, then you should be smart enough to check for physical bugs.

1) Run Linux or *BSD or another unix-like system. In a Windows PC you (or in this case, the FBI) can always "cancel" the login and gain some control over the PC, although you will not log into the associated NT network and thus cannot access network resources. So I assume there's a way the FBI could easily install a keyboard sniffer on a Windows PC. But would it work for unix? Even if the FBI knows unix inside and out and could write a keystroke sniffer for it, wouldn't they need to hack your system to install this software? Even if they could hack in, wouldn't they need root access? Discuss.

2) Use anti-virus software Would this work? Assuming you must run Windows, would anti-virus software detect the keyboard sniffer? Is there any other software that would? Is there a way to make an automated scan of the hard disk to see what new software's been added since you last logged into Windows? (remember, the FBI can't log in as you yet, because they have not yet sniffed your user ID and password, so the next time you log in is still the next time anyone has logged into your account). Discuss.

3) The best approach might be to use a diskless workstation to access an account on one of several physically remote, physically secure boxes. With SSH and VPN and PGP or GPG this should be easy to do in a secure way, and with a diskless workstation how can the FBI load their sniffing software? You could even have the last part of the secure communication be an agreement on which IP address to use next time, sort of a one-time-pad. The hard part would seem to be setting up the distributed, off-site host system, but I think the mafia should be able to pull that off. Comments?

The Worst Part

[Atreides4]

The worst part of this to me was that the US Attorney was refusing to tell the defense how this program works. Besides seeming to imply that its a wiretap, it also makes us subject to forms of surveillance that we cannot know or anticipate. It is even worse here because the knowledge of how it works is necessary to prepare the defense. So the FBI would have us be subject to secret techniques from which we cannot defend ourselves, either from their use or legally. That's just great.

Irony?

[phantumstranger]

Earlier this year, the FBI used a keystroke bug to nab two Russians suspected of hacking into U.S. Internet companies. The Russians have not yet gone to trial.

Neither has Dmitry.

Security through obscurity

[steevo.com]

Should I be in a position where security becomes paramount, not only would I run encryption, but also use some OS that would be difficult for the guys in the jackboots to work with. Maybe BeOS, QNX or even AtheOS. I would bet that these guys don't have readymade tools for a semi-obscure OS.

Re:Security through obscurity

[malsbert]

Maybe BeOS, QNX or even AtheOS. IIRC all of these are POSIX, to same degree, so if they got a UNIX ver. of there soft, it may work on these, not sure just a thought.

Re:Tech-savvy Feds

[3am]

this not relevant to the story at hand in any form or fashion...

but i thought i'd just let you know that the official acronym for the Supreme Court is "SCOTUS" (supreme court of the US).

not that i'm an acronym fascist, but SCOTUS sounds cooler (and for some strange reason, dirtier) than USSC.

Is my DNA protected by the DMCA

[-douggy]

If so can god sue?

Re:Tech-savvy Feds

[Compulawyer]

I don't recall either the NSA or the CIA being law enforcement agencies, which is what my comment referred to.

Tech-savvy Feds

[Compulawyer]

Like it or not, the Feds are probably the most tech-savvy of all the world's law enforcement agencies. Also, with propoer procedures, including obtaining a search warrant, most of these procedures are legal.

You should be aware though that the US Supreme Court appears to be taking the issue of high tech's effects on privacy very seriously. In Kyllo v. United States, 121 S. Ct. 2038 (2001) (available on LexisOne - free registration required) the USSC held that the police's use of a thermal imaging unit to detect the use of heat lamps to grow marijuana inside the defendant's home violated the 4th Amendment's prohibition on unreasonable searches and seizures.

I predict that the USSC will continue to take privacy matters very seriously as technology progresses.

They can sniff all they want...

[infinite9]

They can sniff my keyboard all they want. Although I don't know why they'd want to. I mean, it just smells like pizza and jergens lotion.

Expectation of Privacy and the Law

[Uttles]

OK, I'm not an expert, but as I understand things, any form of evidence gathering that is not covered under a search warrant MUST give the individual the expectation of privacy. In other words, they can't use what you say in confession against you in court, but if they get a warrant they can search through your private things in your house. That's how the FBI taps phones, they get a warrant from the judge first. The warrant names a specific person, and the FBI can only use the evidence against that person. I think that if the FBI gets a warrant to use the keyboard bug first then that's fine, but without a warrant it is a definite invasion of privacy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Decrypt his data? DMCA?

[RazzleDazzle]

Circumventing encryption?
To me it sounds like maybe the FBI is violating the DMCA kinda like how the MPAA was attacking 2600 for linking the DeCSS except of course 2600 was not decrypting anything using DeCSS. So I wonder if the DMCA only applies to people or organizations not part of the government or owned by big corporations?

TEMPEST in a TeaPot

[beanerspace]

I'm glad that the system worked, that is, a judge was wise enough to tell the FBI to play by the rules. Still, it concerns me that the same Government that has to monitor itself restricts technologies designed to prevent such privacy intrusions asserting that they fall under the licensing jurisdiction of the Department of State, Category XI (C), Title 22 of Federal Regulations, Section 121.

Still, I'm a bit bemused by the fact a mobster was smart enough to use PGP. I can only imagine what a savvy cartoonist would do with the Mafia's idea of TEMPTEST hardware !

ack, more press mangling of computer terms

[beanerspace]

Did anyone else notice the article's definition of "TEMPEST", which appeared in the article that read:

"There is even a system called TEMPEST that detects electromagnetic emanations from a computer monitor." ?

Really ?! And here I thought it was a code word, perhaps even an acronymn, that that identifies a classified set of standards and endorsements for LIMITING electromagnetic emissions radiated from electronic equipment.

So for all you confused members of the press:

• The Complete, Unofficial TEMPEST Information Page
• TEMPEST in a teapot
• NSA/ISSO TEMPEST Endorsement Program

Re:ack, more press mangling of computer terms

[malsbert]

the system _is_ call'd TEMPEST not every acronymn means the same. look here

tempest radiation off an LCD?

[deneshac]

Well, are you sure about this? I read that LCDs have 'less' emissions than a CRT, it doesn't mean that they have none.

Re:tempest radiation off an LCD?

[deneshac]

Good points. I'll check out the Zimmerman article, I did not know about it. I'll have to check and see if the flat panel monitors are LCD. And the remark (I saw it on one of the threads) about analog monitor cables needing to be sheilded concerned me - perhaps a digital connection is available. Time to do some more research!

Re:Hey Pauly!

[andymoe]

Or write everything down on little peices of paper and eat it when your done...

Uhm...

[christoofar]

Let me see: Tapping a phone line is not an invasion of privacy but capturing the electromagnetic waves that pass through my body IS? This is not a technologically logical argument here.

Had the FBI broken into the home and tapped the machine, THAT would have been an invasion of privacy. Had the FBI planted a trojan horse on his computer, THAT would have been an invasion of privacy.

Face it, this technology has been out for years. The guy should have known and/or shielded his computer, pure and simple.

Hey Pauly!

[Ratbert42]

Next time buy a laptop and keep it with you.

More bad news

[Amazing+Quantum+Man]

According to Politech, a funding bill in the Senate is pending to give the FBI $7Million to thwart encryption, including "analysis/exploitation of systems to allow access to data pre-encryption".

Guess they want to keep doing this.

Re:a simple question

[Amazing+Quantum+Man]

It's called "One Time Pad".

Aren't you scared!!!

[Umanity]

Aren't you scared that they are monitoring this /. site? I am pretty sure that they are, therefore I will not speak my mind.

I think that in order for us to speak, we must come up with a code language which will make it more difficult for the 'evil' forces {We all know who I'm talking about}. In light of the recent policy decisions of the FBI and the Bush administration, I think it is easy to see that our rights will continue to be taken away. The excuse is always the same. We need to sacrifice our rights for the 'greater good' of the country.

This is hogwash

I think free speech will be a fond memory within 10 years. It is inevitable, if we follow the path we seem to be following. It will be illegal to install your own Operating System, because it would require the FBI to learn something new {and cost some money to train the clowns}.

HERE COMES 1984 {Only 17 years later}....

BIG BROTHER IS IN YoUr LIVINGROOM!

Michael A. Uman
Sr Software Engineer
softwaremagic.net

Re:What's the problem?

[Nihilanth]

Ben franklin once said "when you give up freedom for security, you often find you end up with neither", or something to that effect.

Privacy is something worth preserving even if you're not doing anything illegal. The right to privacy has to be garunteed to minimize the possibility of corrupt authorities misusing their power. The more power the government has to spy on our private lives, the more likely it is to be abused.

If we do just disregard our privacy and let our lives become open books...what happens when the laws change? what happens if they become unreasonable? I certainly wouldnt want to have to appear in court every time i made a backup of one of my PC disks, or sent someone an MP3 so they could hear what i was listening to. I wouldnt want to come under investigation for tinkering around with packet sniffers and powerful encryption. -I- know i'm not engaging in any malicious activity, but we can't always trust the ones with the firearms to know the difference.

Re:a simple question

[PsychoFraculator]

The one-time pad works like this: let K be a key and let M be a message. The ciphertext is computed as the bitwise XOR

C = M^K (is that the right symbol? I forget)

and decryption is done the same way, since

M = C^K.

But it doesn't matter what encryption scheme you're using, it's not going to matter against the kind of attack the FBI was using here. If you have to type a password, they can find out the password. If there were biometrics (fingerprints, retina scans, or such) the FBI could place a bug that just records what comes on the screen.

Re:Mistrial?

[PsychoFraculator]

Could this now result in a mistrial?

I'm not a lawyer but my understanding is that a mistrial is declared if the trial is tainted in some way. If there is evidence that one side wants to use and the other side wants to suppress, and it gets decided without the jury seeing it, then the trial hasn't been tainted.

a simple question

[dotty]

Would it be possible for the (frightening) Carnivor system to hack into a machine a plant a keystroke reading program? Suppose that is what they did, and for that reason came up with the story of going in the guys house. They would not want anyone to know that they have that capability.

It has got to be possible, right? How else do virus mongers create Zombie machines?

Also, if you want true privacy use a very simple but virtually unbreakable system. Pick the words you want from a book, define the word by page and number of the word on the page, add some random digits, send. You could make it more difficult by using different books in 1 message.

Pros: unbreakable until virtually every book in the world that has ever been written is digitized.

Cons: what a pain! Also not generalizeable unless all of your buds have (or have access to)the same books.

Forsyth used this a plot element in "The Key to Rebecca".