Slashdot Mirror
Legal Challenge to FBI's Keystroke Sniffing
Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online."
Meanwhile, a spending bill proposes a
$7 million increase
in the FBI's budget for defeating encryption (and stego).
The main arguement is whether or not that the original warrant covered the 'wiretap'. The warrant did allow for seizing of passwords via a keystroke logger, but didn't deal with the transmission of the passwords back to the FBI, hence the problem. I suspect that this case will get appealed upstream perhaps to SCOTUS. But if it turns out that the transmission of the passwords required a wiretap order, then a lot of evidence gets thrown out (Fruit of the Poisonous Tree).
> Why is it that more of us don't use PGP for all of our emails? I would happily use it if any of my friends actually had public keys. We can't fight these fights unless we all pull together.
I find this slightly ironic, as you have no PGP key in your user info. What are you waiting for ?
They had a search warrant. The distinctin is a technical one, as they indicate that the "bug" did not transmit anything. It doesn't heed to usual wiretapping SOP, as it was placed on the PC in one warranted search, and the data was picked up at another. As such, the agents did not have the ability to choose not to intercept unrelated data, as they would in a standard wiretap (they have to cease listening after 1 minute if there is nothing relevant to the case said, and wait 1 hour before resuming listening, or something like that). Maybe it's easier to think about it like this: what if the FBI got a warrant, broke in while he wasn't there, stole the key to his safety deposit box, made a copy of it, and replaced it without him knowing. It's just different in that they had to come back later to pick up the copy of the key. They aren't relying on any communications intercepted by the key-capture to make their case, only his password, like his safety-deposit box key.
While the case will probably turn on a technical distinction, it ought to turn on a much more philosophical one.
What is the primary difference between a search and a wiretap? Why do we more evidence before a judge can authorize a wiretap than before he/she can authorize a search?
1) A search is a one-time event, whereas a wiretap represents ongoing surveilence. As such, a search tends to capture a small amount of private, transitory data (i.e. conversations, web cache, etc) while a wiretap tends to capture and catalog a large amount of this sort of information. This is a much greater invasion of privacy.
2) A search captures narrowly tailored information, whereas a wiretap casts a very wide net. A search warrent that authorized the authorities to look for root kits on your machine ought not allow them to page through your Quicken data. (I realize that the standards for searching a hard drive haven't yet caught up to the standards that apply to the physical realm, but I'm making a philosophical argument.) A wiretap wouldn't permit that level of distinction.
3) A search does not require, or generally permit, surreptitious entry. Police officers come to your door, announce that they have a search warrent, and enter. When someone searches your home, they have to provide you with a receipt of the items taken. Everything is done very much out in the open. A wiretap, on the other hand, requires that the police don't alert anyone to their entry when they install the bug. The open nature of the search provides a suspect with context that may be useful should he have to exercise his Constitutional right to confront his accuser at trial. In addition, it provides a useful check on government power since it permits outsiders to analyze the pattern and practice of searches to determine whether there's an abuse of power. The FBI could get away with a lot of abuses by wiretapping civil rights organizers in the 60's than they could not have had they done repeated physical searches.
Using the "if it looks like a duck, walks like a duck, and quacks like a duck" rule, I would submit that the FBI make a wire tap in this case.
This doesn't even seem like a close call to me. The Bill of Rights is about privacy and the individual in the face of the awesome power of the state. The protections aren't to protect criminals, but to protect us normal folks against intrusions from the state.
long ago, we decided that wiretaps warranted special procedures, rather than a regular simple warrant. It would be bizarre to keep this reasoning while allowing the more intrusive act of sniffing keystrokes . . .
hawk, esq.
The DMCA has to go, but clueless, uninformed rambling only helps the other side.
(On that note: has anyone written an anti-DMCA advocacy FAQ? We need some guidelines in order to present a unified front to the politicians and media. The Linux Advocacy mini-HOWTO is a terrific example of the type of document meant to keep advocacy focused and rational, and has been quite successful.)
The problem in this specific case is that the FBI had a search warrant, not a wiretap authorization. There's a distinct difference: the suspect knows that his home or office has been searched when a search warrant is acted upon. In the case of a wiretap, the suspect necessarily knows nothing.
What we have here is law enforcement gaining authorization for one type of activity - a search of a premises - and undertaking in another. I agree that keystroke logging is a valid investigative technique, but there needs to be a legal structure set up to make sure that it's not abused, as, I believe, it was in this case.
Typically these days 'wiretaps' are done in software at telco switches. At least there are still some folks around who remember how to do hardware just in case we need them. (The guys who built this gizmo didn't authorize the illegal tap).
I suspect if you're a criminal you should be using a USB or ADB keyboard to up the ante.
-----
My God, it's full of source!
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I'm not sure if there is a precedent judging whether keylogging is a wiretap or a search, but common sense says it is a wiretap.
True, therefore I predict that the legal system will decide that it is a search.
Leaving aside the question of what if those conversations with the mistress are actually a secret code used for the discussion of the alleged crime, does this mean that wiretap orders are too difficult to get, or that search warrants are handed out on a whim instead of according to the rather strict parameters specified in the Constitution? Isn't a wiretap just a specialized type of search warrant?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
You don't have to be in favor of the existance of the mafia to be bothered by this.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
The article also talks about techniques to
"tap" CRT screens by picking up the RF radiation that they emit.
I was wondering: are LCD screens safe from this kind of tapping?
Han-Wen Nienhuys -- LilyPond
The difference is, they would have required a wiretap order to tap his phone line. A wiretap order also carries a fair amount of restrictions as to how it is applied and what information is usable. In this case, they're doing something that does exactly the same thing as a wiretap, they just don't _call_ it that.
The argument the lawyers are making is that recording his keystrokes is a wiretap, regardless of whether the information is recorded on a phone line or not. The reasons for this include the fact that they will be gaining personal non-crime related information as well as the fact that they're receiving a stream of information (not a snapshot like they would get in a normal search).
For example, if they went into this person's home and searched his computer, that would fall under the warrant that they had. That's legitimate, no argument here.
In a court case, the FBI can require that a defendant give up his password so that they can view the files. In order to do that, they need to have enough evidence to go to trial. Obviously in this case they didn't have enough evidence and they suspected they would if they were able to search the encrypted files. My point being that there were lots of ways that they could have gathered the same information without putting a tap on his machine. (Which is probably why they didn't get a wiretap order - the judge may have said "No, there's other ways you can get this info without doing a tap.")
If I'm not totally mistaken, the FBI would require some variant of a wiretap order to put a camera in the house and monitor his keystrokes. This shouldn't be any different. I'm not arguing that they shouldn't be able to wiretap/record/etc. However, if they're going to be able to do that, then they need to follow the rules. Get a wiretap order, it isn't that much of a pain in the ass and it means that any information you gather will be used in a trial without being thrown out on technicalities.
If a criminal goes free because these agents screwed up, then that's the way the system works. It's something that's designed to make sure that police and the FBI don't overstep their bounds... the knowledge that if they do, the case will be tossed out.
~ Leilah
The reason the methods are important is that if the way this device works is similar enough to a wiretap, then it will be considered one. Without knowing anything about how the device works, the court can't make any kind of a ruling as to whether it's a tap or not. While I understand the FBI would prefer to keep the information hidden because it would make it harder to circumvent, it is necessary for and relevant to this case.
~ Leilah
It is because a wiretap requires a high degree of probable cause and also restricts the enforcement ageny to not record communications not covered by the wiretap order. IE. the FBI could get a wiretap covering an alleged crime and record any conversations about that crime; however, if the target starts having phone sex with his mistress the FBI is not supposed to record the information.
The FBI in this case sought legal rights to survey the activities of an alledged mobster. The FBI had reason to survey this person's activities and obtained the legal authroization plant a deveice of some kind.
Um, no they didn't; that's the whole point of this alleged mobster's suit.
They had a search warrant, which allowed the FBI to search for currently existing evidence. Scarfo's suit charges that in order to place whatever device they used, they needed a wiretap order, which has a stronger standard to meet.
Jay (=
They had a search warrant. The distinctin is a technical one, as they indicate that the "bug" did not transmit anything.
...
So what are the rules for "bugging" a person's home with an audio tap? Their home, not their telephone. Is a search warrant sufficient, or is a court ordered wiretap required? If the former, this may well stand. If the latter, then the FBI were clearly out of bounds and should have known better.
Invading one's private communications a la a keyboard wiretap is IMHO more akin to opening someone's mail or tapping their telephone, so whatever standards apply to those sorts of actions should apply to this as well. Guess we'll find out soon enough
--
The Future of Human Evolution: Autonomy
A search warrant != legal authorization to plant a bug.
Remember: it's a "Microsoft virus", not an "email virus",
Your right to not believe: Americans United for Separation of Church and
But searching someone's safety deposit box would also require a warrant, which would be separate from the warrant to search someone's home. I don't think your analogy is correct.
There is a distinction between hard copy communications which are physical objects that may be searched with a search warrant, and immaterial communications (electronic or just voice) which are by definition transitory and don't hang around to be searched. IMHO, if he had anything written down they could have taken it when they searched, but leaving a device which effectively converts a transitory communication (password keystrokes) into a permanent piece of evidence (keystrokes stored in a bug) is effectively a wiretap, rather than a search of physical property that the mafioso already had. The agents had to do something to convert his communications into physical form so they could take it with a search, and in doing so they stepped over the line into wiretap land.
Your argument has ludicrous consequences, because you could use it to do essentially any wiretap with just a search warrant - just place miniature voice recorders in all the phones, wait a week, come back again and harvest the tapes, and see what you got. I don't think that's consistent with the spirit of the law, which expects law enforcement to get a separate wiretap warrant for intercepting communications.
Remember: it's a "Microsoft virus", not an "email virus",
Your right to not believe: Americans United for Separation of Church and
If attackers have physical access to your machine, then biometric keys don't add any security. They can just compromise the software, or install a sniffer in between the biometric reader and the software, or something like that. It's the old "trusted machine" problem. If it were possible to secure against this type of attack, then DVD players would have it.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
For those of you interested, the BBC also has an article on the same subject.
Jumpstart the tartan drive.
> I also don't support a government that believes in wholesale destruction of the constitution to fulfill their agenda.
What chaps me about law enforcement is that every time a new technology comes out they assume that the constitution doesn't apply to it, and they walk on our constitutional freedoms until the courts reaffirm the constitution. Can't they see that the phrases "secure in their persons and property" and "unreasonable search and seizure" don't have anything to do with what technology is involved?
IMO, "zero tolerance" should start with the lawmakers and law enforcers. How can they expect us to behave when they don't?
--
Sheesh, evil *and* a jerk. -- Jade
One thing I've wondered about this kind of tapping, would putting two CRT monitors next to each other with different displays make it much harder to tap, or is it easy to distingush the two video signals?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I don't think anyone who uses their authority 'thinks' they're misusing it. Even J Edger probably thought he was in the clear when he dug up dirt on the powerful to protect his position, or when he spied on political organizations he disagreed with. Today, few would agree with his actions.
FBI agent Lou Horouchi participated in a cold blooded murder
His name is Lon Horiuchi. If you're going to slander a man's reputation, at least spell his name right.
The facts of the matter are very much disputed, depending on which side of the government-paranoia fence you are and how good your common-sense filters are. However, the founder of the FBI's Hostage Rescue Team, Danny Coulson, has publically described Horiuchi's experience as the "tortures of the damned".
First he was excoriated in an FBI inquiry; then a separate governmental inquiry exonerated him. Then he was indicted on manslaughter statutes for Vicki Weaver's death, and then a judge declared that Horiuchi was immune to prosecution because he was acting in good faith.
And just last month, a Federal appeals court set aside the immunity decision, clearing the way for Horiuchi to be tried.
Contrary to what you believe, Horiuchi is not out of the woods. Barring intervention from the Supreme Court, it is overwhelmingly likely that Horiuchi will soon be tried for manslaughter in the death of Vicki Weaver.
the FBI jackboot who is persecuting Sklyarov is up to become HEAD of the FBI!
Robert Swan Mueller III is the United States Attorney for the Northern District of California. The charges against Sklyarov were pressed by one of his subordinates. It is overwhelmingly likely that Mueller was never consulted about the Sklyarov prosecution.
Again, if you're going to slander someone, then at least get which branch of the government they work for correct.
The next time you decide to rant off with your anti-government rhetoric, please do your research.
In American courtrooms, evidence which is obtained illegally is treated no different than any other evidence, as long as the government had no role in the illegality.
If the government played any role in the illegality, then the evidence is suppressed.
While I generally agree with your assessment, let's put it in a little more focus here.
The detective responsible for the case, Mark Fuhrman, committed perjury on the witness stand and was exposed to the jury as being an unrepentant racist. That, in turn, meant that virtually all the evidence in the criminal trial was suspect. After all, most of the evidence went through Fuhrman's hands at some point. And if Fuhrman would lie on the witness stand, then it's also very possible that he would doctor evidence to ensure a conviction.
Fuhrman's perjury is what sunk the OJ trial. OJ was acquitted, as was correct. If the police cannot be trusted--and the LAPD clearly cannot, given Fuhrman and Rampart and Rodney King and every other scandal that's come along--then reasonable doubt will always exist as to whether or not someone arrested by the police is really guilty.
There's a reasonable case that a search warrant for documents includes a search of the current contents of the target's computer. However, the keystroke sniffer, placed for the purpose of making it possible to monitor future communications, clearly falls into the "wiretap" category rather than the "search" category.
(The reason the two are different, and the latter requires a higher standard, is that a search can be executed in the presence of the suspect. This serves as a deterrent against illegal expansion of the search into a fishing expedition. Wiretaps, obviously, cannot be known to the suspect until after the fact, which makes them more open to abuse.)
/.
/. If the government wants us to respect the law, it should set a better example.
This falls perfectly into the government's propoganda that only criminals use encryption. Why is it that more of us don't use PGP for all of our emails? I would happily use it if any of my friends actually had public keys. We can't fight these fights unless we all pull together.
The one thing I've always wondered about biometrics, is what happens when somebody steals a copy of your finger prints or a digital picture of your retna?
It's easy enough to generate a new passphrase or digital key, but swapping fingerprintes must be a bugger of an operation.
Alas gallinaceas de urbe bovis volo
They couldn't break PGP. PGP _is_ secure. So they broke his computer, which is not secure. They have not said specifically if they used hard or soft methods - they may have used a hidden program, or they may have used Tempest technology.
For all of you mafioso reading, keep this case in your mind. Do all of your illegal activities on a laptop, and take it with you every where you go. The FBI can't install software on a laptop they can't get to, and they can't pick up tempest radiation off an LCD.
That's the way to go...
All cryptography expert will tell you that the best way to break encryption is by attacking the protocol. What most people forget, is that entering a secret (the passphrase in this case) is part of the protocol. It is so much easier to attack this part of the protocol than to attack other parts.
However I did not know that an agent was allowed to modify the scene when doing a search warrant. I always (maybe wrongly) though that search warrant were done to gather information based on what's present. Not to allow an agent to add spoofing devices without your knowledge.
But, I think it's reasonable to agree that they probably need to get a wiretap to install the detection software.
However, I don't think they're evil. They have no need to control their own authority because they aren't planning to misuse it, hence the arguing for the search warrant only.
I don't agree on the disclosal of the methods, however. It's probably simple ... enough to fool a criminal. If we know what it does, I don't really see why we need to know how it does that.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
From the article: agents, without a wiretap order, recorded a suspect's computer keystrokes.
So before people start flapping their mouths bout how this mafia probably got what he deserved, the agents didn't have a court order to do this. Think about it. If FBI agents have enough "probably cause" and figure they should tap your computer cause you're under suspicision of doing something illegal, and they don't even have to go see a judge to approve it, then your privacy and civil rights have gone right out the window.
Hmm. I thot your DMCA said it was illegal to decrypt stuff w/o the owner's permission. So even if they had the key, they shouldn't be allowed to use it w/o a warrant.
Anyway, that key sniffer sure sounds like a circumvention device to me. Better go arrest the manufacturers too while you're at it.
---
A wiretap (or in this case some other form of bug) is like having the police put a monitor in your car, monitoring your speed and location until they come and pick it up.
If you know the police are watching, you act accordingly. Would you really want to get a ticket for every single time you went more than the posted limit? Would you want to live in a country that allowed it?
The bill of rights is a restraint on government, because it's better to let ten guilty men go free than to wrongly convict one innocent man.
The bias against the persons involved is irrelevant, innocent until proven guilty. The bug was illegal.
--Mike--
I dunno 'bout letting the truly-guilty go free (if there is no real doubt about the quality of the illegally-gathered evidence).
I always thought it might be a better idea to go ahead and use the evidence, but then go ahead and throw the book at all of the people who were responsible for collecting it illegally (at the very least blacklisting them from law enforcement, and with the possibility of jail time).
You'd only have to do that a few public times before most enforcers would only play by the book, unless they thought it was worth sacrificing themselves to take down somebody exceptionally bad for society.
Of course, there should be a special place in hell for those enforcers who make up evidence.
I don't agree. That's like saying that punishing someone for suppressing free speech makes the Bill of Rights meaningless. I'd argue that allowing minor points of law to overrule the facts is a major factor in reducing the respect of the average citizen for the rationality of the law.
Again, I disagree. You seem to think that government agents act irrationally. If penalties are properly chosen, you _will_ discourage most government agents from illegally gathering evidence. If they are confronted with the choice, then they will have to decide whether the destruction of their lives is worth putting their suspect behind bars. If they're looking at an organized crime leader directly or indirectly responsible for the deaths of thousands who will otherwise walk on a technicality, they might decide that it was worth it. And you won't have scumbags laughing with their high-priced lawyers scott-free on their way out of the court.
No, this is not the way it should be. There's a factual difference between illegally obtained evidence & false planted evidence, and this should be taken into account when determining someone's guilt.
As long as the evidence is beyond question, there's no benefit to society to let a guilty-beyond-all-reasonable-doubt person go free. In fact, it's easy to argue that the current system lets the guilty person go free AND lets the illegal-evidence-gathering person remain in law enforcement and/or relatively unpunished. The best result for society is that the truly guilty be punished, in both cases.
Now, to prevent conflict of interest, I'd certainly agree that any agency responsible for monitoring & discouraging illegal-evidence gathering activities should be autonomous from the agency they are monitoring, and should have the legal authority to back up their duties, unlike the silly Citizen Review Boards & Internal Affairs departments which so many enforcement agencies use to cover their asses.
Compromising the passphrase is always easier. I'm sure that you could extract the passphrase from just about anyone given a couple of hours and a pair of needle nosed pliers. It's pretty easy to ignore those inconvienent laws against that sort of thing, too, especially if your suspect is thought to be a domestic terrorist or a copyright infringer.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Awhile back, there was a case where the cops used a heat scanner to detect marijana plants inside a house. The lights necessary to grow them efficently apparently give off a recognizable signature, and your average house doesn't have quite so many of them. However, it was ruled that this was an illegal "search".
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
Forgive me for being too ultra paranoid.
We are currently in very dangerous times. Every action by our government must be highly scrutinized to make sure it is in the best intrests of the populous.
Yes, this guy's a mobster. The courts will ultimately decide his guilt. Maybe it's fine that this guy goes away.
Is the FBI right to do this without permission of an advisory? Absolutely not.
The FBI is not autonomous, neither is our government. Both need oversight. Our constitution provides a means to oversee our government namely in checks and balances as well as elections. In a last resort we have the right to choose a new government as a government derives its authority by the consent of the governed.
If we choose to not fight each and every small battle for our privacy and rights, later we will not have the option as the war will be lost.
"Draw them in with the prospect of gain, take them by confusion." Sun Tzu
People already dislike the idea of government-held key escrow so that idea is not likely to fly again any time soon either.
Hmmm. Sounds like a business opportunity to me.
How about "MS Visa Passport .NET", borrowing a few ideas from AOL marketing about it being "easy", "fun", "hip", "sexy", etc?
"Provided by the management for your protection."
I always knew taco was a troll at heart
No, because neither god nor you own your DNA. Specific DNA sequences can and have been patented by whatever drug company first discovers them. Ignoring of course the fact that its a discovery, not an invention, but hey the USPTO is wacky like that. For example, theres a certain gene that will tell wether or not you have a predisposition towards certain types of breast cancer. In order to test to see if you have that gene, you have to pay a drug company a royalty, because they have a patent on that gene. If anything, the drug companies can sue God for patent infringement.
Actually, hiding messages in images is just one application of steganography - a while back there was a story about a girl who did a science project about hiding a message in the DNA of a pigeon (http://slashdot.org/articles/00/03/14/1924204.sht ml).
In a wider sense, it's the practice of hiding data in other data (typically a lot of other data to make it harder to find), but still being able to retrieve it on demand.
Wouldn't it be possible to check for strange processes running? Or Win2K now has "hit ctrl-alt-del to logon", would it be possible to implement systemwide encryption in a manner similar to that?
Or if it's in hardware, do you keep your keyboard on your person 24/7? Or use only a laptop and do the same?
Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
Vintage computer games and RPG books available. Email me if you're interested.
Are there differences in signals by keyboard type? What I mean is, would using a DVORAK keyboard defeat this if it was designed for QWERTY?
Yeah, I too would happily use PGP or a similar technology if anybody I knew used it. That's the problem: nobody feels that e-mails containing "fwd:fwd:fwd:Funny joke" and pictures of their cats warrant spending time and money on encryption. Most people, if they don't feel secure sending sensitive info (credit card #'s, financial records, naked pictures of their spouse) by e-mail, will make a phone call or send a registered letter instead. So how does widespread encryption usage get off the ground? I suppose this is one case where all the paranoia about "hackers" could serve a useful purpose and not just as FUD. People already dislike the idea of government-held key escrow so that idea is not likely to fly again any time soon either. So all we need is one encryption standard that the general public feels comfortable using. Could it be PGP? I dunno.
Freedom: "I won't!"
I'm not sure that I agree with all this, but it's an interesting perspective.
...with biometric stuff getting so cheap, soon typed passphrases may only be part of the puzzle...
As it stands right now I see passphrases as being MORE secure than biometrics, the way the FBI stands. Think about it -- if they're willing to illegally wiretap your computer to get your passphrase, who's to say they won't drug you and use your body against you? Fingerprints and retinal scans are the same when you're drugged as when you're sober. Passphrases can die with you... your fingerprints can't.
At 27, what have you done to warrant a red flag in your FBI file? Did you use the FOIA to find out about your red flag?
I'm in Raleigh, what part of NC are you in?
A host is a host from coast to coast, but no one uses a host that's close
Yes,
but your monitor isn't shielded and the screen can be read outside your building at staggeringly large distances.
If you do attempt something like this, shield your monitor, or shield your room.
A host is a host from coast to coast, but no one uses a host that's close
I AM NOT A CRYPOTGRAPHER: So why doesn't somebody take a keyboard, replace the microcontroller (typically a cyrix 63412) with a beefier one that can do hardware encryption, and use a protocol with a device driver that establish encrypted transmission across the keyboard's cable?
I'm sure there's a protocol somewhere in "Applied Cryptography" that covers this scenario, something that defeats a sniffer.
I wouldn't be surprised if this already existed.
---
https://www.accountkiller.com/removal-requested
Wiretap or no wiretap, the indeed Feds had permission to enter surreptitiously in this case.
-
-
Give me liberty or give me something of equal or lesser value from your glossy 32-page catalog.
...I actually think this is a good thing.
We've been told for years that encryption must be controlled because it gives Bad Guys the power to evade law enforcement in a way that was not possible using traditional means of telecommunications. This arrest puts lie to that claim. You can have publicly-available encryption without disrupting law enforcement's existing ability to conduct court-ordered surveillance.
I know some of you have a beef with court-ordered surveillance, and that's cool. But if you don't, then how is this case any different from surreptitious voice recording?
-
-
Give me liberty or give me something of equal or lesser value from your glossy 32-page catalog.
Yes and no, they cannot get a signal from the LCD it self but you can easly get it right off the wires from the video chip.
They probably just used a copy of BackOrifice.
One line blog. I hear that they're called Twitters now.
Always have the box physically secured. The suspect was using encryption, perhaps firewalls, etc. Folks with a boot disk can do wonders against most OS's - though I suspect they just put a keystroke logger between the boxen and the keyboard in this case.
+++ UGUCAUCGUAUUUCU
The device they probably used is available commercially at Keyghost When was the last time you checked how your keyboard is plugged in?
Free cell phone tracking
Explain about being flagged? How do you know? How would someone else know? Did you simply assess yourself as a risk? Any good links on the subject?
The Lottery:
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
- Dan I.
This is clearly a case of wiretapping though. My keystrokes are the same a talking (to me anyway, IANAL) so if they need a court order to bug my house, they damn well better need one to bug my keyboard.
Time to start putting tiny pieces of tape or those warranty type stickers on my keyboard and PC :) Can't be too paranoid ;)
Top Most Bizarre/Disturbing Error Messages
"Actually I wonder why terrorist organizations couldn't at least theoretically use this for their advantage. It shouldn't be too hard to get a corrupted, underpaid policeman to intentionally make a "mistake" (for some nice amount of cold cash), should it?"
This is why there needs to be balance in the law. If you are going to punish those who commit acts against law enforcement more harshly than against joe citizen, you should also punish lawbreaking law enforcement agencies more harshly.
Of course, that never happens. The point is, if things are the way you want them to be, and evidence is allowed, even if obtained illegally, then you've just made the Bill of Rights irrelevant and given any rogue agent of the government carte blanche to conduct witchunts.
=== The price of freedom is eternal vigilance
"Well, if the case had already reached a verdict, that verdict is thrown out. But the government can refile the case without the offending evidence. Unless of course that conflicts with double jeopardy?"
It would only violate double jeopardy if the defendant was found not guilty. The Constitution does not allow for someone to be tried again for the same charge if once found not guilty.
However, it's less likely, of course, that the prosecutors would re-try a case if the primary evidence is tossed. They'd have to have enough evidence left to even bring the charges again, much less make it to trial.
This brings up an excellent point... It seems to me that law enforcement is getting TOO dependant on high tech means of evidence gathering, to the point where they neglect conventional means. Take the OJ case for example, the prosecution made the defense's case easier given the fact that they staked their WHOLE case on DNA evidence. DNA evidence, that, it turned out, was processed at a lab with a less than stellar record.
It's likely that in this case, the FBI's case against this mobster relies almost EXCLUSIVELY on this illegally gained evidence. If so, tough shit. Convienience is no excuse to allow government operatives to violate civil rights.
=== The price of freedom is eternal vigilance
"I always thought it might be a better idea to go ahead and use the evidence, but then go ahead and throw the book at all of the people who were responsible for collecting it illegally (at the very least blacklisting them from law enforcement, and with the possibility of jail time)."
You can't do that and still maintain the integrity of the Bill of Rights. To allow someone's rights to be violated by the government, and then to allow that to be used as evidence makes them meaningless.
You will NEVER discourage government agents violating the Constitutional rights of citizens unless you then DENY them the rewards of the violation, ie, the illegal evidence that leads to a conviction. To the courts, there is no difference at ALL between illegally obtained evidence and false planted evidence, and that's the way it should be.
The best way to discourage this practice is to BOTH disallow that evidence, AND to prosecute those responsible.
I'd rather see guilty go free (like OJ did) than have innocent people imprisoned. Though I agree that he was guilty, I agree that the jury reached the propler verdict, given all the evidence of mishandled (and even planted) evidence and rampant police corruption. As an upside, it's no coincidence that the pursuit of corruption in the LAPD that is going on today is a DIRECT result of that verdict.
=== The price of freedom is eternal vigilance
"This is what happend in the OJ Simpson case. The LAPD got caught trying to frame a guilty man. The Juice walked because the police acted dirty. Note that he promptly lost the civil case."
This happened largely because the rules of evidence in a civil case (where imprisonment is not a possible penalty) and a criminal case are completely different. And, the burden of proof is less than "reasonable doubt", but is "perponderance of evidence".
Which, incidentally, I disagree with. I think that civil double-jeopardy following an acquital of the same charge in criminal court should be outlawed, as is actually implied in the Constitution. And that rules of evidence and standard of conviction should be altered to the same tough standards in criminal cases. This would go a long way to reducing abuse of civil court by the powerful as their personal persecution squad.
=== The price of freedom is eternal vigilance
"There was a "good faith" exception to the Exclusionary Rule that sprang out of a court case in 1983. If the cops belive that they are conducting a legal search (eg, they get a warrant, but the judge inserts a typo and the warrant is for the wrong apt), the evidence is not excluded. It does fit well with the 4th Amendment. "
Something like that I can live with, as the "spirit" of the law was indeed followed (ie, probable cause WAS shown, etc), however, it is still dangerous to allow. The 4th Amendment is very specific that the PERSON and/or PROPERTY to be searched/seized must be enumerated.
=== The price of freedom is eternal vigilance
"But in the US it seems the means justify ends - letting someone known to be a serial killer free just because some inspector or police made a mistake."
That, of course is not a good thing. But everyone makes mistakes, even the most skilled.
The reason why the law HAS to be what it is so that police who WILLFULLY violate the law do not get to use that illegal evidence to prosecute someone.
It's unfortunate, but the only way to prevent jailing INNOCENT people because of the actions of rogue law enforcement is to increase the chance of freeing the guilty. And the kicker is, the more power you give the jackboots, the more likely you are going to jail more innocents than guilty.
This comes because under the US Constitution, there is a PRESUMPTION of innocence. It's the burden of the state to prove guilt, and they should not be allowed to use evidence obatined illegally.
=== The price of freedom is eternal vigilance
"This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free."
Don't hold your breath. The FBI has a long and distinguished history of breaking the law, and I've yet to see a FBI agent be punished for what they've done, unless it's spying.
FBI agent Lou Horouchi participated in a cold blooded murder, that of Vicki Weaver and her baby, yet wasn't even prosecuted. In fact, he and his fellow jackboots got awards and promotions. Hell, the FBI jackboot who is persecuting Sklyarov is up to become HEAD of the FBI!
Which is why we need the courts to defend the Constitution. While I'm all for putting mobsters away, the ENDS DO NOT JUSTIFY THE MEANS. To advocate that is to advocate lawlessness and anarchy.
The only way the FBI will stop violating the Constitution is to lose cases against people they violate.
This is why under US law, evidence obtained illegally is NOT evidence in the eye of the courts, this is ultimately the ONLY check and balance that will provide incentive for law enforcement to obey the law.
=== The price of freedom is eternal vigilance
There are legitimate needs for a wiretap, and there are checks in place that are supposed to prevent abuse. Calling the process "wiretap" was shortsighted but unfortunately the name sticks. Whether you're spying using a phone tap, concealed microphones, a pair of binoculars or some as yet discovered/revealed technology you're accomplishing the same thing. This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free. Still, that is much better than a court case which ends up squashing citizens rights due to precident.
Chris Kuivenhoven is a thief, beware
Monitor emissions can do a lot of spying, but they will not reveal your password (unless you're using software so braindead it displays the password when you type it). Not that a shielded, encrypted keyboard would be full protection for your passwords, either. It might defeat a physical or distant (Tempest-type) tap on the keyboard cable, but if they break in, they can load a keystroke monitor program that will snag the keys after they're decoded. Remember, the keys have to be decoded before they are presented to the OS to either handle itself or pass on to various applications. It might even be possible to decode your motherboard's radio emissions to tell when it's processing a keystroke and pick that up...
1) Run Linux or *BSD or another unix-like system. In a Windows PC you (or in this case, the FBI) can always "cancel" the login and gain some control over the PC, although you will not log into the associated NT network and thus cannot access network resources. So I assume there's a way the FBI could easily install a keyboard sniffer on a Windows PC. But would it work for unix? Even if the FBI knows unix inside and out and could write a keystroke sniffer for it, wouldn't they need to hack your system to install this software? Even if they could hack in, wouldn't they need root access? Discuss.
2) Use anti-virus software Would this work? Assuming you must run Windows, would anti-virus software detect the keyboard sniffer? Is there any other software that would? Is there a way to make an automated scan of the hard disk to see what new software's been added since you last logged into Windows? (remember, the FBI can't log in as you yet, because they have not yet sniffed your user ID and password, so the next time you log in is still the next time anyone has logged into your account). Discuss.
3) The best approach might be to use a diskless workstation to access an account on one of several physically remote, physically secure boxes. With SSH and VPN and PGP or GPG this should be easy to do in a secure way, and with a diskless workstation how can the FBI load their sniffing software? You could even have the last part of the secure communication be an agreement on which IP address to use next time, sort of a one-time-pad. The hard part would seem to be setting up the distributed, off-site host system, but I think the mafia should be able to pull that off. Comments?
If all this should have a reason, we would be the last to know.
Neither has Dmitry.
"From of old, there are not lacking things that have attained Oneness." - Lao Tzu
I don't recall either the NSA or the CIA being law enforcement agencies, which is what my comment referred to.
Laws affecting technology will always be bad until enough techies become lawyers.
You should be aware though that the US Supreme Court appears to be taking the issue of high tech's effects on privacy very seriously. In Kyllo v. United States, 121 S. Ct. 2038 (2001) (available on LexisOne - free registration required) the USSC held that the police's use of a thermal imaging unit to detect the use of heat lamps to grow marijuana inside the defendant's home violated the 4th Amendment's prohibition on unreasonable searches and seizures.
I predict that the USSC will continue to take privacy matters very seriously as technology progresses.
Laws affecting technology will always be bad until enough techies become lawyers.
They can sniff my keyboard all they want. Although I don't know why they'd want to. I mean, it just smells like pizza and jergens lotion.
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
Next time buy a laptop and keep it with you.
The reason they do not want the public to gain knowledge of how the device works is because the FBI may want to re-use this device in future investigations. Should another mobster out there find out how the device works, he/she can set themselves up to protect themselves from the device, hence rendering the FBI's efforts useless, and allowing a criminal to go on without facing justice. I dont think the good people of the US would like that to happen.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.