Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keyloggers Now Classified Technology

Posted by michael on from the trust-us-we're-the-government dept.

general_re writes: "The New York Times (free reg required blah blah blah) is reporting that the Department of Justice is still refusing to turn over details of how the keystroke loggers used against Nicky Scarfo worked, claiming that revealing how it works "would render it useless in future investigations" as well as claiming that it is classified information. Nevermind that this also prevents his lawyers from evaluating or attacking the credibility or accuracy of the evidence arrayed against him. One interesting question raised is whether it's always been classified, or if they're retroactively classifying it in order to avoid revealing how they work."

133 of 212 comments (clear)

  1. welcome by coloneyb · · Score: 2, Insightful

    Comrades, welcome to the CCCUSA.
    Big Brother is watching.
    We must continue to stand up for ourselves or the government is really gonna run us over with all this BS

    1. Re:welcome by CoderDevo · · Score: 2, Redundant

      First come the Scientists to create the technology.
      Then come the Entrepreneurs to think of new products.
      Then come the Investors to pay to build the products.
      Then come the Marketeers to feed us the products.
      Then come the Lawyers to protect the Investors.
      Then come the Politicians to protect the Lawyers.
      Finally comes the Laws to protect us from the technology.

      Crazy.

    2. Re:welcome by NonSequor · · Score: 3, Funny
      Big Brother is watching.


      No, you have it backwards. People are watching Big Brother.

      --
      My only political goal is to see to it that no political party achieves its goals.
    3. Re:welcome by bat'ka+makhno · · Score: 1

      Holy shit, a Beru fan on Slashdot! Good quote, brings back fond memories.

  2. Top secret information by Modus+Nonsens · · Score: 2, Funny

    Before we know it, there could be keyloggers for everyone to download!

    1. Re:Top secret information by OmegaDan · · Score: 2
      Before we know it, there could be keyloggers for everyone to download!

      Maybe there already is ... maybe they're inserting it into programs people commonly use ... if gator can get spyware onto 100 million computers, why cant the CIA?

      --
      Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
    2. Re:Top secret information by Modus+Nonsens · · Score: 1

      Was thinking of those you can download here and there, but yes, you do have a good point there.

      Perhaps it could be a part of Echelon, even?

    3. Re:Top secret information by jeffphil · · Score: 1

      No need to download. It's called Microsoft Windows and the infamous NSA implanted key.

      Just think how bad it would hurt Microsoft if it got out that they have been planting this for years into Windows. That's what the government is worried about, not that they have a program that captures keystrokes.

    4. Re:Top secret information by Modus+Nonsens · · Score: 1

      But is this not just another urban legend? Even if MS would take such a risk to cooperate with NSA and implement such a key, why in the world call it something with "NSA", cause I have heard about this before, and they suspected it was a key for NSA cause of the name?

    5. Re:Top secret information by pantherace · · Score: 1

      Same reason they forgot to remove the debugging symbols in that service pack for nt. Knowing this, someone also determined that it was present in 98, 98sr, NT3.51, and NT4.0 (I think). This was before 2000, me. (may have been on /.)

    6. Re:Top secret information by SpaceLifeForm · · Score: 1
      Before we know it, there could be keyloggers for everyone to download!

      Pick one

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    7. Re:Top secret information by dr.g · · Score: 1

      *sigh*
      I have seen this debunked several times, but that, to a true paranoid conspiracist, just proves the vastness of the conspiracy. The absence of evidence proves the power of those involved in the coverup.

      Thus, by the power of their imagined enemies, are the small and petty raised to signifigance.

      I mean, look at the kind of people the Greynoses are always interested in!

      --
      "To be fair, I was left completely unsupervised." ~Anon
  3. Abuse of power by sourcehunter · · Score: 5, Insightful
    I'm sorry, I don't care WHAT kind of technology you use against a criminal to gather evidence, it should be open to scrutiny.

    I believe the same to be true of the Carnivore system, even though I readily defend its use as legitimate.

    What if they classified the tape and tape recorder they used to tape a conversation - no one would be able to check the tape to see if it was or could have been altered!

    --

    quis custodiet ipsos custodes - Juvenal
    1. Re:Abuse of power by randombit · · Score: 1
      they should be able to classify whatever they want.

      Sure they should. That doesn't mean the FBI should be allowed to violate federal wiretapping laws, then claim after the fact that it's classified so they don't get their illegally collected evidence tossed out of court.

    2. Re:Abuse of power by JCCyC · · Score: 4, Insightful

      Bingo. If this sticks, nobody is safe. Imagine: they can type any kind of fake e-mail, and then say it was keylogged thru their "classified technology".

      "Who'll be today's suckers, Mr. Director?"
      "Let's make Ralph Nader a pedophile, Noam Chomsky a crack dealer and David Touretzky... lessee... a terrorist from Hamas. No, better, Tim McVeigh's secret accomplice!"

    3. Re:Abuse of power by GuruHal · · Score: 1

      OK just a thought here, but why not just get a clear keyboard (if you're worried deeply paranoid about this tech) and then you can see if they add/remove anything, classified or not...
      I'm the forst one to say I totally hate the clear G3/G4 look on computer peripherals, but lets face it - that simple tech will cure this problem, classified or not.

      --
      "Quando Omni Flunkus Moritati" -- Red Green
    4. Re:Abuse of power by RAruler · · Score: 1

      Ah, but what about software keyloggers. Keyloggers in the cable... or my favorite, Tempest. Who needs keyloggers when they can read your screen from the radiation.

      --

      --
      Insert Witty Sig Here
    5. Re:Abuse of power by AussiePenguin · · Score: 1

      LCD? or could they read it from the heat in that case?

      --

      Jeremy
      Melbourne, Australia
      Jabber Australia

    6. Re:Abuse of power by RAruler · · Score: 1

      I think LCD gives off less radiation, but radiation none the less. They have fonts that are said to be harder to detect, so if you had a LCD with these fonts and some tempest shielding you should be good. I wonder if they can do something similar to keyloggers, but with video. IE: transmit the video to a reciever somewhere... paranoia is always good

      --

      --
      Insert Witty Sig Here
    7. Re:Abuse of power by GuruHal · · Score: 1

      actually I think that transmission would be easily found. Casinos all over the world use small devices, cleverly disguised as just about anything that will indicate a stong RF field. As well if you are totally paranoid you could always buy a winkleman device (I think thats what its called) scanning the RF spectrum for any trace of a recognizable RF pattern, included spread spectrum transmissions audio and video. Of course the only safe almost undetectable way to export keystrokes without being detected these days is to modulate the light coming from the bottom of the optical mouse and use an optical pickup away from the computer... but I've said too much ;)

      --
      "Quando Omni Flunkus Moritati" -- Red Green
  4. seems to me... by bigbadwlf · · Score: 1

    if they refuse to disclose their method for gathering their evidence, it should be declared inadmissible.
    But then again, IANAL.

    1. Re:seems to me... by nomadic · · Score: 2

      That seems to be a common response by defense attorneys in cases like this; demand classified information, then when it's not provided get the charges reduced or dismissed. Fortunately judges have learned that "just trust us" from US intelligence agencies isn't a valid basis to take someone's rights away.

  5. To future NYT link posters... by brunes69 · · Score: 5, Informative


    Just replace the "www" in the link with "archive".

    For this link, it is
    http://archive.nytimes.com/2001/08/25/technology /2 5CODE.html.

    It
    a) Saves all the "No reg link" posts, and
    b) Saves all the "Anonymous login" posts, and
    c) just makes the world a better place in general.

    Thanks!

    1. Re:To future NYT link posters... by CoderDevo · · Score: 1

      Or you could actually register yourselves at NYTimes. Then you are supporting this newspaper which provides well written content for us. I suppose their website ad revenue is based on page views by unique users.

    2. Re:To future NYT link posters... by brunes69 · · Score: 1, Offtopic

      Why should I have to register on their site??? I can still be subjected to their ads without them knowing my Name, phone number, address, yearly income, and favorite lunchmeat!

    3. Re:To future NYT link posters... by Fred+Ferrigno · · Score: 2, Offtopic

      It occurs to me that as popular as the "archive" links are, it is hard to believe that no one has yet submitted an "archive" link with a story. I would speculate that the Slashdot editors deliberately remove these links as to not anger the NY Times.

    4. Re:To future NYT link posters... by burtonator · · Score: 1, Offtopic

      Just replace the "www" in the link with "archive".

      DON'T DO THIS! This is illegal due to the DMCS and would amount to circumvention of a copyprotection system!

    5. Re:To future NYT link posters... by Drakantus · · Score: 1

      How is useing an archive link instead of the usual link "stealing"? Wouldn't it be trivialy easy for NYT to remove the archived stories if they really didn't want anyone on the internet to access them?

      --
      I love going down to the elementary school, watching all the kids jump and shout, but they dont know I'm using blanks.
    6. Re:To future NYT link posters... by jhunsake · · Score: 1

      Wouldn't it be trivialy easy for Wal-Mart to put all the candy bars behind locked glass doors if they really didn't want anyone to steal them?

    7. Re:To future NYT link posters... by brunes69 · · Score: 1

      Cost of installing locked glass doors in every Wal-mart: Millions.

      Cose of taking 20 mins to write a script that doesn't allow access throught the archive URL for new stories: 20 mins = Around 20 bucks, assuming the guy makes 60 bucks / hour.

      They don't want to invest 20 bucks for reasonable control measures, thats their fucking problem, not mine.

    8. Re:To future NYT link posters... by general_re · · Score: 3, Funny

      It's not that hard to believe - I submitted the story and just used the straight nytimes.com link.

      Yes, I know about the partners.nytimes.com and archive.nytimes.com links. Yes, it occurred to me to use them about 30 seconds after submitting the story. Yes, I am a moron.

      Thank you.

      --
      ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
    9. Re:To future NYT link posters... by commodoresloat · · Score: 1
      Circumventing their registration system basically amounts to stealing.

      Am I the only one who finds this hypothesis ludicrous to the point of absurdity?

    10. Re:To future NYT link posters... by TeraCo · · Score: 1
      They don't want to invest 20 bucks for reasonable control measures, thats their fucking problem, not mine.


      Hark, at the wild mating cry of the hax0r! Sorry, the world just does NOT work that way.


      ie: If someone leaves a system unsecured, no matter how unsecure it is, if you tamper with it, you are breaking in, and in the eyes of the law, it is not their fault for leaving it unsecure.

      --
      Not Meta-modding due to apathy.
    11. Re:To future NYT link posters... by terrymah · · Score: 1

      You said, "but what has truely been stolen? It's not like the NY Times (NYT) is being cheated out of a paid account, they make these articles available free of charge"

      They are only "free of charge" if you consider your name, address, and other contact information of no value. That is the price you're paying, you are allowing yourself to be placed into their marketing database for various demographic purposes in exchange for their content - and that comes back to my original point.

    12. Re:To future NYT link posters... by jareds · · Score: 1

      Sending a properly formed HTTP GET request is not tampering with or breaking into a system!!

      This isn't like stealing Walmart's candy bars because they fail to put them inside a display case, this is like taking Walmart's candy bars because they put a sign next to them saying "Free Candy".

      In general, how am I supposed to know that going to some particular URL in my browser is "breaking into a system"?

  6. So make what is known public by YouAreFatMan · · Score: 2, Insightful
    "The technology behind the key logger, which was developed by the F.B.I. but is similar to readily available commercial products..."

    It sounds like the FBI has built upon existing key logging technology. I imagine those are patented, right? So distribute that information. If it's similar enough, then the same methods to defeat it would work against the FBI's stuff. This what the FBI is claminig they are trying to avoid by releasing details.

    Of course, this information should only be used to prevent unscrupulous business competitors from using key logging against you ;-). Don't use it to cover up a crime, like reading and encrypted e-book.

    --
    Robotiq.com is heavily tested on animals
  7. So does anyone know anything about keylogger by Archfeld · · Score: 2

    technology ? If the DoJ won't share, I think "we the people" should make every effort to see that any knowledge we have is made available. Someone had to write this for them.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
    1. Re:So does anyone know anything about keylogger by terrymah · · Score: 1

      Keyloggers have been around for quite some time. Check out www.keyghost.com for an example. It's really not that complicated.

      Of course then there are software keyloggers as well, but I'm sure everyone here has heard of them or can imagine how they'd work.

  8. Enlighten me by Modus+Nonsens · · Score: 2, Interesting

    What does your constitution say about this? What are they allowed to do to you in this sense?

    Furthermore I think they *must* release their technology that they used, to give him a fair chance. Or am I wrong here?

    1. Re:Enlighten me by bnenning · · Score: 4, Interesting

      You're assuming that what the Constitution says has any relevance toward what the government does, which has not been the case for many decades. The Constitution clearly requires that an accused person be able to confront his accusers, which means that no secret evidence is permitted. It also prevents abridging freedom of speech or punishing people who have not been charged or convicted of a crime, but that didn't stop them from passing the CDA, DMCA, and asset forfeiture. The government no longer recognizes any limit on its power, and the voters have let them get away with it.

      --
      How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
    2. Re:Enlighten me by Modus+Nonsens · · Score: 1

      So if the constitution isn't followed or respected, what can the people do? Can they do anything at all? Do they want to?

    3. Re:Enlighten me by Von+Rex · · Score: 1

      They can elect politicians that won't wipe their ass with their Consitution. As soon as any appear.

      That's about it, I'm afraid. The Supreme Court will, in theory, correct abuses of the Constitution. But the problem is they don't initiate actions on their own, they only respond to challenges launched by others. There really should be a mechanism for automatically reviewing new legislation for Constitutional affronts, but there isn't. The closest thing we have is citizen's groups like the ACLU or NRA, and they don't offer anything close to 100% coverage of new legislation.

      So the Constitution is broken over time in various ways until you get the situation like you have today, where some parts of the constution (like the tenth amendment) might as well not even exist.

    4. Re:Enlighten me by Modus+Nonsens · · Score: 1

      I see the problem there...
      But in my own little world, the constitution of a country is the highest of laws and if any other laws go against it, the constitution is the one to follow. But as you say, someone has to watch them all the time.

    5. Re:Enlighten me by GlassUser · · Score: 1

      what can the people do?

      The second amendment hasn't been completely taken away. Yet. Use it before it's too late.

      --
      funny munging
    6. Re:Enlighten me by camusflage · · Score: 2

      There really should be a mechanism for automatically reviewing new legislation for Constitutional affronts, but there isn't.

      As you alluded to, there are in fact groups that do it. Think about CDA or COPA. Those haven't seen the light of day because public interest groups got involved and had restraining orders put down before the laws became effective.

      --
      The truth about Scientology, Xenu, and you: Operation Clambake
  9. Wiretapping Function? by lysurgon · · Score: 3, Interesting

    The innaresting thing to me is that the defense is trying to play the "keylogger = wiretap" card, and therefore invalidate the evidence because it wasn't acquired under the corrent warrent.

    Now, why would the Feds not want to disclose the mechanism of their keylogger? Either it's typical spook selfishness OR they think that doing so would strengthen the defense's argument. I havn't looked at the actual details of the argument the defense is making, so it's hard to tell if this is part of the motivation for the "it's classified" song and dance.

    On the one hand, perhaphs they just don't want people knowing how the FBI keylogger works as opposed to all the others. Maybe because, shame shame, it's the same as the market variety.

    But maybe it interfaces automagically with some external snooping device. That would be both something they'd rather not let people know about AND something that would give the defense the winning argument in the court case.

    (start carnivore paranoia ranting... now)

    --


    Howard Dean for president
    1. Re:Wiretapping Function? by Guppy06 · · Score: 2

      "Either it's typical spook selfishness OR they think that doing so would strengthen the defense's argument."

      Personally, I think by not releasing the information in and of itself helps the defense. Any lawyer worth the money he's being paid should be able to use the fact that, if the jury can't understand how the device works, they can't be convinced that it was used correctly. Or that the information was really gathered at all. "Reasonable doubt" and all that.

      Keeping the keyloggers a black box pretty much gives them all the validity of a psychic. The only way a juror would buy that line is if they believed whatever the G-men said. And unless the defense attourney was a complete moron during juror selection...

  10. even easier.. by 10e+999 · · Score: 1

    someone posted this about a year ago:
    login: slashdot2000
    pass: slashdot2000
    let it save the cookie and never look back

    --
    xxx straight edge xxx
  11. Other programs by snarfer · · Score: 1

    I don't get it. What about programs like Last Resort? Are they classified now?

  12. Double Secret Prosecution by YIAAL · · Score: 3, Insightful

    In Animal House it was a joke. For the feds it's becoming a habit. This is an outrage -- but I don't think it will hold up in court. When you present evidence like this, you have to establish its reliability. And "Trust US' isn't good enough.

    --

    InstaPundit! Ahead of the Curve Since 30 Minutes Ago
  13. Classified? by hawkstone · · Score: 1

    Information is not classified after it has been born unclassified. It must be born classified as part of a classified project.

    I also doubt the judge possesses the clearance required to evaluate it himself, so no one may be able to evaluate it's accuracy.

    1. Re:Classified? by nomadic · · Score: 2


      I also doubt the judge possesses the clearance required to evaluate it himself, so no one may be able to evaluate it's accuracy.

      The FBI won't be able to pull a "you're not cleared for that" on a federal judge. If he asks for it, they either give it to him, drop the charges, or try to appeal to a higher court.

    2. Re:Classified? by dragons_flight · · Score: 2, Informative

      Things don't have to be born classified, per se. What it really takes is a guy in a government office deciding that it ought to be classified and the understanding that the info has never been made publicly available.

      With science and technology projects in government most things start out with the ubiquitious "Protect as Restricted Data" designation, which means it's not important enough to guard or lock up but don't go talking about it or publishing to the public. Later on someone comes along and decides that the project or whatever has becomes more important (i.e. it actally works and is useful), and then bumps the security classification up.

      The trick here is that almost nothing starts out truly unclassified unless intentionally designated so (for example some pure research efforts).

      Sooner or later they have to show someone the specs, if not this judge then a higher judiciary, and there are judges with exceptional clearance (such as those that approve NSA snooping). I think the bigger concern is whether he has the technical savvy to interpret the information he is given accurately.

    3. Re:Classified? by hawkstone · · Score: 1

      Seriously? I thought that was all weapons design codes and input decks, and those had all been Secret Restricted Data since some presidental act decades ago.

    4. Re:Classified? by unitron · · Score: 2
      There was a story on Slashdot a couple of weeks ago that didn't show up on the main page about an MIT scientist getting screwed over by the DoD 'cause he published something about one of their reports which they then proceeded to retroactively declare classified.

      The story is under the "censorship" topic, for which there doesn't seem to be a Slashbox. In other words Slashdot published it but came as close to hiding it as possible. Ironic, huh?

      --

      I see even classic Slashdot is now pretty much unusable on dial up anymore.

  14. Evidence would not be admissable in UK courts by new500 · · Score: 5, Insightful

    . . .

    Must make this short (as there's a god long debate behind what follows) but this would make inadmissable any collected evidence in a UK court.

    This would be because there is then no person or other body of evidence available to question regards veracity.

    Evidence rules here very tough, and the case would be almost immediately thrown out.

    This is tantamount to claiming the Ivisible Man as witness and the prosecutor or plaintiff claiming they cannot bring him for cross examination because they cannot find him.

    The anaology is the same, if something cannot be shown to court, it may not bear witness.

    This is the first basic rule of civilisation and law over hearsay, rumour and superstition.

  15. yeah yeah by labratuk · · Score: 1, Redundant
    Heres the article, because i cant stand those bloody reg sites. (yeah yeah karma whore)


    Invoking a national security law normally used in highly publicized espionage cases, the Justice Department told a federal judge on Thursday that it would not publicly reveal the details of the "key logger" system used to gather evidence in the gambling and loansharking trial of Nicodemo S. Scarfo Jr.


    The technology behind the key logger, which was developed by the F.B.I. but is similar to readily available commercial products, has become a central issue in the case against Mr. Scarfo. But, privacy experts say, the technology is also a new disturbance to the delicate balance between the privacy rights of citizens and the growing power of technology to help government invade privacy.


    In the Scarfo case, F.B.I. agents installed the monitoring technology, which records keystrokes, on Mr. Scarfo's personal computer under a court-authorized search warrant. Mr. Scarfo's lawyers have argued that the technology resembles a wiretap, and that using the logger without going through the relatively stringent requirements of a full wiretap order may have violated Mr. Scarfo's constitutional rights. But they say that they cannot know for sure unless they know how the logger works.


    Judge Nicholas H. Politan of the United States District Court in Newark agreed with Mr. Scarfo's lawyers and on Aug. 7 ordered the government to produce further information about the technology by Aug. 31. The judge also ruled that the government could file a memorandum before then as to why it could not comply. It was that memorandum that was filed on Thursday.



    Lawyers directly involved in both sides of the case are under an order not to discuss it, and could not comment.

    The government has previously argued that the technology is classified, but until the new filings, it had not officially invoked the Classified Information Procedure Act, which is normally used to prevent criminal defendants like Robert P. Hanssen, the accused spy, from revealing government secrets in open court.


    Ronald D. Wigler, an assistant United States attorney, said in court filings on Thursday that the government was seeking to invoke the act in the Scarfo case. The government said it had not withheld any information from Mr. Scarfo that might be helpful in his attempts to get the evidence gathered by the key-logger system rejected.


    Revealing the inner workings of the technology, Mr. Wigler has argued, would render it useless in future investigations. He offered instead to provide an "unclassified summary statement" that could be reviewed by Mr. Scarfo's lawyers and "a more complete description" of the technology for the judge's eyes only.


    Mr. Scarfo is the son of the imprisoned mob boss Nicodemo S. (Little Nicky) Scarfo Sr. The key logger captured the password that the younger Mr. Scarfo is accused of having used with a popular encryption program to scramble and unscramble records of gambling and loansharking operations.

    Mark Rasch, a former Justice Department lawyer who was involved in several cases using the Classified Information Procedures Act, said that the government's use of the law was surprising.


    "This is using an elephant gun to swat a fly," he said.


    He also said the government's action raised more questions than it answered. Under the law, for example, the government is required to show that it classified the technology in question properly, and did so before it was used in the investigation. "Simply saying `it's classified' is not enough," he said. The government has not yet publicly offered the proof that Mr. Rasch described.


    Mr. Rasch, who has consulted with civil liberties groups that are following the case, said that absent such proof, it could be argued that the government had invoked the law as a legal maneuver. If the government classified the technology after the fact, he said: "That would be disingenuous. That would be unconscionable."


    David Sobel, the general counsel for the Electronic Privacy Information Center, a policy and advocacy group in Washington, said, "The government elected to use this technique, and should not now attempt to hide its details under the guise of national security."


    He added: "It raises very basic questions of accountability. The suggestion that the use of high-tech law enforcement investigative techniques should result in a departure from our tradition of open judicial proceedings is very troubling."

    --
    Malike Bamiyi wanted my assistance.
  16. Read the whole article, damnit by rgmoore · · Score: 2, Insightful
    One interesting question raised is whether it's always been classified, or if they're retroactively classifying it in order to avoid revealing how they work.
    At least according to the article, the technology must be classified before the filing in order for them to invoke the act. To wit:
    He [Mark Rasch, a former DoJ lawyer] also said the government's action raised more questions than it answered. Under the law, for example, the government is required to show that it classified the technology in question properly, and did so before it was used in the investigation. "Simply saying `it's classified' is not enough," he said. The government has not yet publicly offered the proof that Mr. Rasch described.

    Presumably, at least, the "classified the technology in question properly" is to ensure that there's actually something that deserves real protection, not just a lame attempt to keep it unaccountable and unquestionable under the mantle of National Security. It also appears to be pretty clear that the classification has to predate the claims against it. If they're trying to classify it retroactively to avoid accountability, their attempt is likely to blow up in their face.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  17. Was there a keylogger? by zyklone · · Score: 4, Interesting

    Was there a keylogger to begin with?
    Perhaps they just handed over the encrypted data to the NSA who promptly cracked it. Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.

    You invent a keylogger!

    1. Re:Was there a keylogger? by camusflage · · Score: 2

      Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.

      By never saying it was the NSA's that did it. If this were the case, then I'd have to expect that they'd sooner say it was their own systems that cracked it than come up with a red herring keylogger that hasn't the stump of an evidenciary leg to stand on.

      Of course, when you and I use keyloggers, they're "technical violations of wiretap law". When it's the feds, all that's needed is a search warrant.

      --
      The truth about Scientology, Xenu, and you: Operation Clambake
    2. Re:Was there a keylogger? by sheldon · · Score: 2

      Are you sure it was the NSA?

      Perhaps that's the real purpose behind the SETI@home project?

    3. Re:Was there a keylogger? by Herstel · · Score: 1

      Hey ! I didn't think about it. The idea is provoking quite interesting and shocking thoughts.

    4. Re:Was there a keylogger? by JeffL · · Score: 2
      Perhaps they just handed over the encrypted data to the NSA who promptly cracked it. Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.

      That actually isn't too outlandish. If you recall, during WWII the allies occasionally chose to let soldiers and civilians die rather than reveal that they could read the German's codes (and new where the next attack/bombing was coming).

      When the allies had information from decrypted information that revealed the location of ships, they would always send a spotter plane over the ships before attacking to give the German's a plausible explanation for the allies knowing the ships' location.

      Properly used and implemented PGP is uncrackable by brute force. Regardless of the size of the NSA's monster cracker they couldn't brute force PGP unless they have some secret knowledge. An as yet unknown (to us) flaw in PGP, or an advance in mathematics that allows for fast factoring of large numbers is something that I expect the NSA would readily kill people to keep secret.

      As soon as knowledge of a secret like that got out, people would stop using PGP (or whatever), and the secret would become worthless.

    5. Re:Was there a keylogger? by dossen · · Score: 1

      When you say uncrackable, do you mean something like "would take enormous resources and much time" or do you mean flat out uncrackable? Just wondering... 'cause it seems like you know that there is no proof, that pgp is strong, just conjecture, and yet you use "uncrackable" which sound very much like something absolute???? While it would of cause be useless to bruteforce pgp under normal circumstances, it is possible, it is just that the universe might cease to exist before you got lucky... ;-)

    6. Re:Was there a keylogger? by mrbnsn · · Score: 1
      "Properly used and implemented PGP is uncrackable by brute force."

      I think its rather likely that the PGP in question was neither "properly used" nor "implemented" for values of "properly" sufficiently strict to support your claim.

      Weak passphrase, weak PNRG, weak data leakage protection. You name it. It's a reasonable assumption that in the particular context under discussion, PGP was not "uncrackable".

      It may or may not be the case that it was uncrackable given the time and resources available for the task, which is really the question at hand.

  18. Kyllo v. United States? by Jeremy+Erwin · · Score: 5, Informative
    I have a feeling that the Supreme Court may not look upon this too favorably. In Kyllo v. US, the court ruled that use of a thermal imaging device to detect IR radiation (evidence of indoor marijuana cultivation) leaking from an apartment constituted a search, and thus required a warrant.

    The standard the court promulgated is as follows: Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a "search" and is presump-tively unreasonable without a warrant.

    The slip opinion (99-8508) is available in pdf format

    Although the government did have a warrent to search thus supects home in this case, they did not have permission to wiretap. Since the bug could concievably be used to wiretap, the government has the responsibility to provide evidence that the device did not go beyond the scope of the existing warrant.

    Kyllo suggests that, since the device's capabilities are secret, such a device is presumptively not in public use, and requires the most expansive of warrents for legal use. Since the feds did not have a wiretap warrent, and such a device could be used for such activity, the placement of the device is illegal. (IANAL)

  19. More thoughts by Modus+Nonsens · · Score: 1

    Don't feel like register at NYT

    So I guess this Scarfo was working with the mafia, am I correct? what did he do? Did he commit crimes that justify these methods of eavesdropping? I mean, they are using hidden microphones and cameras and stuff all the time, do they not? When they are presenting evidence gathered with the help from microphones or cameras, it is automatically known for everyone how it works. Does that have to mean that every other method is explained? I mean it's not like they are presenting blueprints and schematics on how the cameras works, right? It should be sufficient that everyone knows that a camera was used. So do they really have to present info on how the keylogger works then? The question I have is if whether the law is saying anything about cameras and microphones specifically, or if eavesdropping in general is described in the law? If it is specifically described, then I doubt that they describe keyloggers. And if they aren't included in the laws, then are they legal to use or are they not, in an investigation?

  20. Welcome to the brand new UStasi. by NReitzel · · Score: 2, Interesting
    It appears that the United States Government has taken to hiring all those former East-Germans who worked for the Stasi, the bureau of state security. World over, they were known as the very epitome of state surveillance of their own citizenry. It now seems as though the FBI has decided to usurp that lofty position, and become the preeminant repository of every sneak, thief, spy, and eavesdropper that they can find.

    In the words of Gore Vidal (not usually one of my favorite people), "Now that the Great Red Menace is gone, the government can now turn its attention to the real enemy, which is now, and always has been, the people."

    Welcome, UStasi.

    --

    Don't take life too seriously; it isn't permanent.

  21. Put quite simply... by TrollMan+5000 · · Score: 1

    Even though what Scarfo was doing was wrong, what the government did was wrong, too. Like everyone's mom said "two wrongs don't make a right".

    I guess the government no longer needs search warrants, to invade online privacy. Even though it's a violation of someone's property.

    I'd wish they'd see that with the DMCA. They're so quick to defend intellectual property, but the average citizen's property is fair game.

    1. Re:Put quite simply... by Modus+Nonsens · · Score: 2, Funny

      "two wrongs don't make a right"

      No, but two Wrights made an airplane.

    2. Re:Put quite simply... by Phroggy · · Score: 1

      "two wrongs don't make a right"

      ...but three lefts do.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    3. Re:Put quite simply... by Silver222 · · Score: 1
      "Two wrongs make a right, Lisa."

      --
      "It's not a war on drugs, it's a war on personal freedom. Keep that in mind at all times." Bill Hicks
  22. Everyone Dance by ioman1 · · Score: 1

    Everyone get down, everyone dance, big brother is watching.

  23. Re:Whats wrong with that? by camusflage · · Score: 4, Insightful

    If refusing is helping catching bad guys, I'm all for it.

    "Those who would trade their essential Liberty for a perceived temporary Security deserve neither Liberty nor Security" --Ben Franklin

    If refusing is lopping the legs off the constitution, I'm against it. Right now, without answering questions, we can only assume that they're hiding something. If they thought it would stand on its own merit, they should've applied for the wiretap order. Of course, the judge would ask if they'd see him register for access to NY Times articles, or a Slashdot registration, or even a flame email that was typed but subsequently cancelled and thus never sent. My guess is that since the answer would be "Yes" to all those questions, they knew a wiretap order wouldn't be signed, as the information gathered would be beyond the boundaries of the order.

    What they SHOULD have done was take the PGP source, write in a routine to either store or forward the passphrase, compile it, and tote that to the federal judge, and apply for the wiretap with THAT rather than something they bought from a spam mail about tracking your kid online. I would expect that they could get a judge to buy in on that since it would (and could) only intercept the information they were seeking.

    Also, you're presupposing that all people they "catch" are "bad guys". Sadly, such is not the case, but we won't even begin to get into that.

    --
    The truth about Scientology, Xenu, and you: Operation Clambake
  24. Re:Whats wrong with that? by Mashiki · · Score: 1

    What happens when they want to start putting it on all machines and reading what you are writing to your mistress? Then the use that information to co-urse you into something hmm?

    Sorry keyloggers my opinion are the same as wiretaps. Wiretaps record communication that has been converted into electical impulses, keyloggers do the same thing, except the storage device is attached to the computer.

    --
    Om, nomnomnom...
  25. Sounds like another FBI screwup by Animats · · Score: 2
    This was a major investigation of the son of a major crime boss. The father is in prison, and the son seems to have taken over, but getting proof is hard. The FBI could have gotten a proper court order for a full wiretap without any trouble. That they didn't do so is an FBI screwup, in what was previously reported as a very successful investigation. This is more a bureaucratic error than heavy-handedness.

    Still, it reflects a general opinion within the FBI that they should be able to tap computer-related information without a full wiretap order. There are two kinds of information gathering here - a wiretap order, which allows interception of content, and a "pen register" order, which allows collection of data about who someone called by phone. The problem is that the FBI has been trying to expand what can be collected with a "pen register" order to cover almost everything that doesn't go through a microphone. The FBI position has been that pager messages, dialed digits, text messages, cellular location, etc. should be easily available to law enforcement. Or, "all the new stuff belongs to us".

  26. Ironic by A_Non_Moose · · Score: 1

    What they probably did was go to 2600.com, get a kelogger, put their name and copyright on it and patented it (pencil whipped it) thru the USPTO and will claim that if they did let anyone "see" what they used it would be a violation of the UCITA/DMCA/MPAA/RIAA/Because I said so laws.

    Moose.

    I thought "flamebait" was just jailbait with red hair.

    --
    Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
  27. Think back to Salem by brad3378 · · Score: 1


    I don't care how I know,

    I just know that she must be a
    WITCH!

    --
    1. Re:Think back to Salem by Phroggy · · Score: 1

      Well, it stands to reason that if she were a witch, she would obviously be made out of wood (after all, you burn witches at the stake, and you also burn wood). Since wood floats in water, and ducks also float in water, all you have to do to confirm whether she is indeed a witch is to get a scale, and compare her weight to that of a duck.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  28. Constitutionally... by blkros · · Score: 2, Insightful
    speaking, if they didn't get a warrant to use this keylogger, it is just as illegal as a wiretap without a warrant. It is a case of illegal search and seizure which the US Constitution prohibits in the fourth amendment, which reads:

    Amendment IV
    The right of the people to be secure in their persons, houses, papers, and
    effects, against unreasonable searches and seizures, shall not be
    violated, and no Warrants shall issue, but upon probable cause, supported
    by Oath or affirmation, and particularly describing the place to be
    searched, and the persons or things to be seized.


    This is just FBI legal maneuvering, and we all know it, because keylogger tech is quite common. I know of at least 10 different keyloggers that you can download off the web.


    As a side comment--this is another case of new technology that the average person doesn't understand well(or at all), being used to degrade our rights.


    "The price of liberty is eternal vigilance."

    --
    Damnit, Jim, I'm an anarchist, not a F@#$!^& doctor!
    1. Re:Constitutionally... by MrBogus · · Score: 2

      Another possibility is that it was a hardware key logger. Someone posted a link to a commercial device called the KeyGhost that plugs inline on your PS/2 cable and looks like your ordinary cable bump.

      --

      When I hear the word 'innovation', I reach for my pistol.
  29. Re:Evidence would not be admissable in UK courts by hburch · · Score: 1

    As I understand the situation, they used the logger to get passwords to decrypt data. The veracity of the encrypted data, as I understand it, is not the question here. Assuming the passwords decrypted the data, the only question is the legality of collecting the passwords.

    Thus, the question of 'bearing witness' it moot, as it's not using the correctness of the passwords as evidence, but the decrypted data. I suppose you could argue that the passwords are wrong and the fact that the decrypted data corresponds to English text is pure coincidence, but that's is, to say the least, not a strong argument.

  30. Re:Evidence would not be admissable in UK courts by 037 · · Score: 1

    Things are a little different here. In the article, they say that the keylogger was just used to find the key for the encryption that the gangster was using. The actual key isn't really evidence -- whatever they decrypted is. Now; if the FBI can go into my house, and they have a search warrant, then they can open my safe. The method they use to find the combination of my safe isn't very important. Just as long as the decryption was legally done, and the data wasn't modified in order to incriminate the suspect, I don't see a problem here.

    --
    Everything above may well be poorly-thought out / spelled. Blame the beer, not me.
  31. Re:Whats wrong with that? by A_Non_Moose · · Score: 1


    What happens when they want to start putting it on all machines and reading what you are writing to your mistress? Then the use that information to co-urse you into something hmm?

    In case you have not heard, XP shipped recently.

    I rest my case, now if only the DOJ/MS could do the same.

    Moose.

    /. needs accumulative moderations points, that way I can have a goal of +5 funny informative interesting flamebait.

    --
    Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
  32. I Know How They Did It by zulux · · Score: 1
    The Spooks have been shopping at the Thrift-Stores and gobbleing up thos old mid-90's Gateway keyboards with those darned 'Program' and 'Macro' keys. Then they sneek them into your house while you are in the pantry making a cheese fondu.



    See http://www.firmware.com/support/bios/anykey.htm if you don't know what I'm yammering about

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  33. Re:Good morning! by DJ-Dodger · · Score: 1

    Get off my back you American-centric sheep! Not all of the world is subject to your government's oppressive laws!

  34. Expanded Definition? by Dr.+Noooo · · Score: 1

    Has it occured to anyone else that maybe what the FBI is calling a "keylogger" might actually be some type of EMF snooping? It's been possible for a long time for a properly equiped black van to park a short distance from the target, and "see" what's on the screen, for example. Maybe that's why it's "classified"?

    1. Re:Expanded Definition? by Guppy06 · · Score: 2

      You're assuming that a mobster wouldn't have the money to burn on toys like an LCD monitor, or maybe even a laptop.

    2. Re:Expanded Definition? by dossen · · Score: 1

      also, passwords/phrases are rarely shown, except as ****** or the like, and while the signals are there, I should think that Van Eck Phreaking gets a lot harder, when you are trying to get somethng like keyboard and mouse, than if it's a crt with a lot of wellknown frequencies (or ratios of same).....

    3. Re:Expanded Definition? by LinuxHam · · Score: 1

      Back in the earliest posting about this on /., the technology was described as resembling a sugarcube, installed inside the keyboard. It stored keystrokes for later retrieval. The agents would return, park a few blocks away, and retrieve the contents remotely via rf. The article said you would have to weigh the keyboard and detect tiny fractions of an ounce to notice the added weight.

      No software keyloggers here. Also, it has nothing to do with defeating PGP because the documents and outbound emails were retrieved as plaintext key sequences directly from the keyboard. They said that sure, they caught the passphrases in the key sequences, but they're useless without the private key and they didn't need to decrypt anything anyway.

      --
      Intelligent Life on Earth
    4. Re:Expanded Definition? by Guppy06 · · Score: 2, Informative

      " No, not really. It's the same technology that allows a remote listener to decode printer, keyboard, fax and all sorts of other electronic gizmos."

      The electrical impulses used in a keyboard is orders of magnitude less than those used in your average business fax machine or printer. And with both the fax machine and the printer, the electric motors used are extremely noisy when compared to the print head. If the printer in question is a dot matrix... maybe...

      "Without taking special TEMPEST precautions there is no reason a laptop or LCD couldn't be read also."

      The difference in EM radiation output between a CRT and an LCD display is like the radiation difference between uranium and gold. One involves accelerating ions to relativistic speeds, the other involves minisculse voltage differences. Combine that with the way EM drops off exponentially with distance, and, well... you get the idea.

      IMO, if you're using an LCD display, and you take any precautions beyond, say, turning on a ceiling fan, you're being too paranoid.

  35. Could they fight it? by silent_poop · · Score: 1

    Could the defense team fight it or push for the evidence gained from the key-logger to be deamed inadmissable since it's accuracy can not be proven at the present time?

    --

    --
    silence is poetry.
  36. Re:Whats wrong with that? by codeforprofit2 · · Score: 1

    "want to start putting it on all "

    Want to? These is the police force, they are in the bussiness of hunting criminals.

  37. Why would it render it useless... by TroyFoley · · Score: 1

    one asks. Think upon this interesting note: If something is ruled either unconstitutional or, to a lesser extent, otherwise illegal, it is thus "useless" to the DoJ. So you must ask yourself, do they not reveal their methods for reasons of technical continuation for their devices or legal continuation for their devices?
    "The world may never know."

    --
    After I have received the wisdom of good teaching, I will untiringly teach all people. - The Teachings of Buddha
  38. Recent Supreme Court Decision? by Glowing+Fish · · Score: 3, Insightful

    Recently, the supreme court decided that infared surveyance, and other "high technology" surveyance of someones's house was unconstitutional, since they involve an unreasonable invasion of privacy without a warrant. In other words, that to look in someone's house, you need a warrant, even if you aren't physically entering.


    So how does this apply to a keystroke monitor? Isn't that an unresonable invading of privacy, using a technology to circumvent "searches of persons and papers"?


    Does the FBI need a warrant to install one of these? Or if the computer is used for "business" (even illegal business) does the constituional prohibition against unreasonable search not apply.


    And more important, if we don't know how this works on a technical level, how will we ever find out whether or not it is constitutional?

    --
    Hopefully I didn't put any [] around my words.
  39. Re:Evidence would not be admissable in UK courts by MasterOfDisaster · · Score: 1
    "Now; if the FBI can go into my house, and they have a search warrant, then they can open my safe. The method they use to find the combination of my safe isn't very important."

    Yes, they can go into your house with a proper search warrent. and, the method they use to find the combination to your safe is important. for example, if you tell you friend over the phone, and they dont have a wiretapping warrent, that's an illegal way to open the safe. or, for example..if they put a gun to your head and told you to open your safe. that would be illegal too. however the 1st one is closer to what was done here.

    --
    The opinions in this post are ficticious. Any similarity to actual opinions, real or imagined, is purely coincidental.
  40. Direct from the "one true source" by Bob+McCown · · Score: 1

    CROWD
    A witch! A witch! A witch! A witch! We've found a witch! A witch! A witch! A witch! A witch! We've got a witch! A witch! A witch! Burn her! Burn her! Burn her! We've found a witch! We've found a witch! A witch! A witch! A witch!
    VILLAGER #1
    We have found a witch. May we burn her?
    CROWD
    Burn her! Burn! Burn her! Burn her!
    BEDEVERE
    How do you know she is a witch?
    VILLAGER #2
    She looks like one.
    CROWD
    Right! Yeah! Yeah!
    BEDEVERE
    Bring her forward.
    WITCH
    I'm not a witch. I'm not a witch.
    BEDEVERE
    Uh, but you are dressed as one.
    WITCH
    They dressed me up like this.
    CROWD
    Augh, we didn't! We didn't...
    WITCH
    And this isn't my nose. It's a false one.
    BEDEVERE
    Well?
    VILLAGER #1
    Well, we did do the nose.
    BEDEVERE
    The nose?
    VILLAGER #1
    And the hat, but she is a witch!
    VILLAGER #2
    Yeah!
    CROWD
    We burn her! Right! Yeaaah! Yeaah!
    BEDEVERE
    Did you dress her up like this?
    VILLAGER #1
    No!
    VILLAGERS #2 and #3
    No. No.
    VILLAGER #2
    No.
    VILLAGER #1
    No.
    VILLAGERS #2 and #3
    No.
    VILLAGER #1
    Yes.
    VILLAGER #2
    Yes.
    VILLAGER #1
    Yes. Yeah, a bit.
    VILLAGER #3
    A bit.
    VILLAGERS #1 and #2
    A bit.
    VILLAGER #3
    A bit.
    VILLAGER #1
    She has got a wart.
    RANDOM
    [cough]
    BEDEVERE
    What makes you think she is a witch?
    VILLAGER #3
    Well, she turned me into a newt.
    BEDEVERE
    A newt?
    VILLAGER #3
    I got better.
    VILLAGER #2
    Burn her anyway!
    VILLAGER #1
    Burn!
    CROWD
    Burn her! Burn! Burn her!...
    BEDEVERE
    Quiet! Quiet! Quiet! Quiet! There are ways of telling whether she is a witch.
    VILLAGER #1
    Are there?
    VILLAGER #2
    Ah?
    VILLAGER #1
    What are they?
    CROWD
    Tell us! Tell us!...
    BEDEVERE
    Tell me. What do you do with witches?
    VILLAGER #2
    Burn!
    VILLAGER #1
    Burn!
    CROWD
    Burn! Burn them up! Burn!...
    BEDEVERE
    And what do you burn apart from witches?
    VILLAGER #1
    More witches!
    VILLAGER #3
    Shh!
    VILLAGER #2
    Wood!
    BEDEVERE
    So, why do witches burn?
    [pause]
    VILLAGER #3
    B--... 'cause they're made of... wood?
    BEDEVERE
    Good! Heh heh.
    CROWD
    Oh, yeah. Oh.
    BEDEVERE
    So, how do we tell whether she is made of wood?
    VILLAGER #1
    Build a bridge out of her.
    BEDEVERE
    Ah, but can you not also make bridges out of stone?
    VILLAGER #1
    Oh, yeah.
    RANDOM
    Oh, yeah. True. Uhh...
    BEDEVERE
    Does wood sink in water?
    VILLAGER #1
    No. No.
    VILLAGER #2
    No, it floats! It floats!
    VILLAGER #1
    Throw her into the pond!
    CROWD
    The pond! Throw her into the pond!
    BEDEVERE
    What also floats in water?
    VILLAGER #1
    Bread!
    VILLAGER #2
    Apples!
    VILLAGER #3
    Uh, very small rocks!
    VILLAGER #1
    Cider!
    VILLAGER #2
    Uh, gra-- gravy!
    VILLAGER #1
    Cherries!
    VILLAGER #2
    Mud!
    VILLAGER #3
    Churches! Churches!
    VILLAGER #2
    Lead! Lead!
    ARTHUR
    A duck!
    CROWD
    Oooh.
    BEDEVERE
    Exactly. So, logically...
    VILLAGER #1
    If... she... weighs... the same as a duck,... she's made of wood.
    BEDEVERE
    And therefore?
    VILLAGER #2
    A witch!
    VILLAGER #1
    A witch!
    CROWD
    A witch! A witch!...
    VILLAGER #4
    Here is a duck. Use this duck.
    [quack quack quack]
    BEDEVERE
    We shall use my largest scales.
    CROWD
    Ohh! Ohh! Burn the witch! Burn the witch! Burn her! Burn her! Burn her! Burn her! Burn her! Burn her! Burn her! Ahh! Ahh...
    BEDEVERE
    Right. Remove the supports!
    [whop]
    [clunk]
    [creak]
    CROWD
    A witch! A witch! A witch!
    WITCH
    It's a fair cop.
    VILLAGER #3
    Burn her!
    CROWD
    Burn her! Burn her! Burn her! Burn! Burn!...
    BEDEVERE
    Who are you who are so wise in the ways of science?
    ARTHUR
    I am Arthur, King of the Britons.
    BEDEVERE
    My liege!
    ARTHUR
    Good Sir Knight, will you come with me to Camelot and join us at the Round Table?
    BEDEVERE
    My liege! I would be honored.
    ARTHUR
    What is your name?
    BEDEVERE
    'Bedevere', my liege.
    ARTHUR
    Then I dub you 'Sir Bedevere, Knight of the Round Table'.

    1. Re:Direct from the "one true source" by VS1 · · Score: 1

      HAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
      good story. really good. actually excellent.

      --
      "Humanize war? You might as talk about humanizing hell!" -- British Admiral Jacky Fisher
  41. Testify? by gad_zuki! · · Score: 2

    I'm sorry your Honor but I cannot testify on how our classisfied Shoulder Surfing technology works. I can only tell you it works.

  42. They cant say how it works. by dilvish_the_damned · · Score: 1

    Becouse they dont know how it works. They downloaded it from Hackoo!.

    --
    I think you underestimate just how much I just dont care.
  43. Re:Evidence would not be admissable in UK courts by SuiteSisterMary · · Score: 2

    Why not just bring counter-suit under the DMCA for unauthorized circumvention of an encryption scheme?

    --
    Vintage computer games and RPG books available. Email me if you're interested.
  44. Re:Whats wrong with that? by SirGeek · · Score: 1

    To them we are the criminals.. We're not one of their elite group, so we are outsiders and there fore the enemy...

    --
    UPS Sucks
  45. Constitutional issues aren't clear here by billstewart · · Score: 3, Interesting
    • The Constitution doesn't give the FBI any authority to create "Classified Information". That doesn't mean they haven't found some weasel words to authorize themselves to do so anyway, but there's nothing specific.
    • Most of the issues here are with rules of evidence, due process, and right to challenge your accuser in court; the Constitution isn't very detailed on these, particularly about issues of high technology.
    • The Exclusionary Rule, from the 1960s, says that evidence obtained illegally is inadmissable in court. The year before it was promulgated, the New York City police department didn't bother getting any search warrants - they'd just search, and if they did so illegally, too bad, they got the evidence anyway. The year after that, they got warrants (well, most of the time...)
    • The big interesting Constitutional issue here is that the Feds had a search warrant, which could fetch them a bunch of encrypted bits, but not a wiretap warrant, and what they did sounds extremely like wiretapping to me. Wiretap warrants require much more procedure than simple search warrants, and are mainly a creation of telephone regulatory law that's not clearly applicable here, since the Consitutional justification for telephone wiretaps is that the phone company is outside your house.
    • The accused computer had PGP, and the interesting messages or disk sections were encrypted with PGP. That means that if you have the keyring file (which usually lives on the disk) and passphrase (the important secret part), you can verify that the encrypted bits correspond to the decrypted bits. The usual rules of evidence for computer searches (which are rapidly evolving) apply here - were the files really written by the accused, or were they planted, or was there another person using the machine, etc.
    • If they'd found the passphrase on a yellow sticky note by the computer, there'd be no issue here. If they'd paid a snitch to give it to them, there'd be no issue either. If they'd tortured the accused without his lawyer present, there'd also be no issue - the decrypted material would pretty clearly be inadmissible. If they'd had a wiretap warrant, it would have been potentially interesting Constitutionally, but the police would almost certainly win. Instead, they found the somewhat interesting midpoint, because they pretty clearly cheated, but didn't cheat really badly.
    • In the UK, this evidence would probably be admissible, or at least the Home Office would try extremely hard to make it so.
    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
    1. Re:Constitutional issues aren't clear here by Observer · · Score: 1
      ... Wiretap warrants require much more procedure than simple search warrants, and are mainly a creation of telephone regulatory law that's not clearly applicable here, since the Consitutional justification for telephone wiretaps is that the phone company is outside your house. ...

      So, can a non-IANAL clarify what authorisation is required for investigatory authorities to install bugging devices of any type in a suspect's private property?

    2. Re:Constitutional issues aren't clear here by billstewart · · Score: 1

      Seems that a wiretap warrant can do that, or some of the FISA court orders (FISA is something like Foreign Intelligence Surveillance Act) which apply to the FBI chasing spies (remember spies? We used to have them back when there were Commies....)

      --

      Bill Stewart
      New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  46. wait... by lowtekneq · · Score: 1

    so if i use a keylogger on somebody its illegal but if say the nsa logs me say that my "31337 w4r3z fTp 15 -> 1.2.3.4:420 nsa/sucks" they could use it against me?

    --
    Carpe meam simiam!
  47. And The Real Reason Is ... by John+Hasler · · Score: 1, Funny

    That they don't want anyone to know that they bought their keylogger from ElComSoft.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  48. We have Secret Evidence by Alien54 · · Score: 3, Insightful
    Talkl about Soviet Russia!

    "We have this secret evidence against, and you must trust us to tell you that you are guilty of crimes that violate these secret laws. If you knew what these laws were, we would have to shoot you.

    [snort]

    "The liberty of a democracy is not safe if the people tolerate the growth of private power to a point it becomes stronger than their democratic state itself. That, in its essence, is Fascism - ownership of government by an individual, by a group or by any controlling private power." -FDR

    Sounds like we made it.

    We won the war against fascism, and communism, (WWII, Cold War, etc) only to be left with a communistic fascism called a corporate democracy. It is a communism of fascistic corporate interests.

    Time to blow the planet while there is still a chance.

    - - -
    Radio Free Nation
    is a news site based on Slash Code
    "If You have a Story, We have a Soap Box"
    - - -

    --
    "It is a greater offense to steal men's labor, than their clothes"
    1. Re:We have Secret Evidence by ahodgson · · Score: 1

      That's funny. Quote FDR, the President who did more than any other to undermine the constitution, in an article about Government abuse of power. Sigh.

    2. Re:We have Secret Evidence by Alien54 · · Score: 1
      The whole area is rich in multiple layers of irony.

      It has a certain dissonace to it, sort of like the blues.

      --
      "It is a greater offense to steal men's labor, than their clothes"
  49. Damned either way? by TACD · · Score: 1
    Supposing that the court makes the only possible sensible decision and deems the evidence inadmisable, this would make things difficult for the Feds.

    If their (the Feds) argument is that revealing how the keylogger works would render it useless in future, one must wonder how it will be useful if the evidence gleaned from it is forever thrown out of court because they won't show how their gadget works...


    Once again, stupidity prevails over science.

    --
    Security through promiscuity is no better than security through obscurity.
  50. Re:Evidence would not be admissable in UK courts by rgmoore · · Score: 1

    AFAIK, even if they did get the combination to the safe illegally, the contents may still be admissible as "inevitable discovery". With most safes it's going to be possible to crack them given enough time and/or the right tools. If nothing else you can brute force the combination, and I wouldn't be at all surprised if the FBI and similar agencies have robots designed specifically to do so. Or, of course, they could physically break open the safe and get the contents that way. The key is that as long as they inevitably would have gotten the safe open without their illegal activity, they can still use the evidence they get that way. You'd still be allowed to sue them for violating your rights, but you wouldn't be able to suppress the evidence.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  51. Re:Evidence would not be admissable in UK courts by rgmoore · · Score: 3, Informative

    OTOH in the UK they wouldn't have needed a keylogger to get the key. They can demand your PGP passphrase (the computer was seized legally, so that's not the issue) and throw you in jail if you don't divulge it. It's up to the accused to prove that he doesn't know or has forgotten it, and if he can't prove that then he can be imprisoned for failing to cooperate.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.

  52. So wait publicly available products are classified by pid0 · · Score: 1
    DoH! Try KeyGhost Hardware Keylogging at it's best.

    Don't worry folks, the gov't will always be a two steps behind the techies..
    until you grow up and work for em'
    Oh well.

    --
    --- "Just because you can....aw shit do it."
  53. Re:Evidence would not be admissable in UK courts by SuiteSisterMary · · Score: 2

    They didn't crcumvent the encryption scheme. They used the correct password :)

    Yes, but they didn't have permission to. Isn't DeCSS using a proper Xing key? :-)
    --
    Vintage computer games and RPG books available. Email me if you're interested.
  54. Re:somewhat offtopic by unitron · · Score: 2

    At least it let you log in, which is more than it would do for me.

    --

    I see even classic Slashdot is now pretty much unusable on dial up anymore.

  55. Re:Evidence would not be admissable in UK courts by dossen · · Score: 1

    Well, this raises an interesting question... Would they have been able to find the passphrase within a reasonable timeframe? I think the tool used was PGP, and although the passphrase is not as strong, cryptographically, as the private key it unlocks, it might still be very large. Thus the feds might never have been able to crack the encryption without tapping the keyboard... Just something to think about...

  56. remote keystroke logging by chongo · · Score: 2, Interesting
    A few years back, while playing around with a highly directional receiver (phase-shift antenna array) we were able to clearly ``hear'' the radio emissions from one of our keyboards at a distance of about 1/4 mile. Each key presented a unique waveform on an oscilloscope.

    If I were going to log keystrokes, I would be tempted to use the parked van approach. I'm sure with a reasonable budget and access to better technology, reading keystrokes would be easy at moderate distances.

    chongo () /\__/\

    --
    chongo (was here) /\oo/\
  57. Re:Whats wrong with that? by sconeu · · Score: 1

    That's my sig!

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
  58. They want to show relevant ads by yerricde · · Score: 1

    Why should I have to register on their site??? I can still be subjected to their ads without them knowing my Name

    With a unique account, NYT can track how many unique users saw and/or clicked through a banner, thus judging the banner's effectiveness. Using accounts instead of IP addresses blocks robots from driving up the click count by hitting an ad, getting a new IP address from DHCP, rinse and repeat.

    With a postal code, NYT can show you ads relevant to your region. For example, what if a local band were to advertise on NYT? How would NYT know you were from 46808 without requiring you to show your account?

    --
    Will I retire or break 10K?
  59. Classified raises reasonable doubt to admissible by yerricde · · Score: 2, Insightful

    Now, why would the Feds not want to disclose the mechanism of their keylogger? Either it's typical spook selfishness OR they think that doing so would strengthen the defense's argument. I havn't looked at the actual details of the argument the defense is making, so it's hard to tell if this is part of the motivation for the "it's classified" song and dance.

    Defense: "Prove beyond a reasonable doubt that you got a warrant to gather this information or that the keylogging was otherwise not an unreasonable search and seizure."

    Feds: "Umm..... uh...."

    Defense: "Motion to reject this evidence."

    Perhaps they learned their lesson from the Sklyarov debacle and are trying to get a judge to rule the "wiretapped" evidence inadmissible.

    --
    Will I retire or break 10K?
  60. Assumed trust that's being overlooked by ka9dgx · · Score: 3, Interesting
    Everyone assumes that there was some actual bug recording keystrokes. I don't make that assumption.

    <ConspiracyTheory>
    I choose instead to believe that some FBI agent talked to a buddy with the NSA, and they picked the PGP key for him, with the understanding that the "keyboard logger" cover story would be used.

    Now that things have gone in the dumpster, there IS NO KEYBOARD LOGGER to disclosed the details of.
    </ConspiracyTheory>

    Besides, anyone with a DigiKey catalog and some time could build a VERY sweet keyboard logger, with remote dump via radio, etc. We should have a contest to see how few PIC chips it takes.

    --Mike--

  61. Recent DeCSS no longer use the Xing key by yerricde · · Score: 1

    Isn't DeCSS using a proper Xing key? :-)

    No. DVD CCA invalidated Xing's first key after the first DeCSS program leaked it to the world, making it unable to decode new discs. Recent DeCSS programs brute-force the key after eliminating several possibilities. An O(n^16) or so attack on the known plaintext of MPEG headers.

    Really recent versions have solved for all 400 or so player keys, forcing DVD CCA to invalidate all these keys to keep DeCSS programs for PC working. But this also invalidates all DVD players' ability to play new discs. In fact, it's possible to crack the disk key in O(24) without needing any player keys.

    ( Read More... |)
    --
    Will I retire or break 10K?
  62. Something I don't understand .. by error0x100 · · Score: 1

    The article says:

    "Mr. Scarfo's lawyers have argued that the technology resembles a wiretap, and that using the logger without going through the relatively stringent requirements of a full wiretap order may have violated Mr. Scarfo's constitutional rights. But they say that they cannot know for sure unless they know how the logger works"

    I don't understand how the mechanism whereby it works can make any difference on whether or not it should qualify as a "wiretapping device". I mean, it doesn't matter how it works, one thing remains the same - it records your keystrokes. Doesn't matter if it uses tin cans with string, EM signatures or if its just a modified keyghost type device - its functionality is the same. Surely it is or isn't a "wiretapping device" based purely on its functionality, rather than how it does its job? Any decision based on anything other than that seems like just a legal technicality/loophole. "Oh .. this keylogger is a keyghost device, so its not a wiretap, but this one is just special software, so it is"??? If thats how they're deciding, thats downright scary.

    A keylogger is a keylogger is a keylogger. It was either legal, or it wasn't (given the FBI's reaction to being asked to disclose how it works, its easy to tell which one).

    Anyway, it doesn't make sense to me, what am I missing here?

    1. Re:Something I don't understand .. by Dr.+Mutex · · Score: 1
      A keylogger is a keylogger is a keylogger. It was either legal, or it wasn't (given the FBI's reaction to being asked to disclose how it works, its easy to tell which one)....what am I missing here?

      You are missing the FBI's claim that the bug only recovered the passphrase. The FBI had a warrant to recover the passphrase - nothing else. If they used a keylogger that captured everything then they probably conducted an illegal search (even without the wiretap issue[1]). The FBI claims their bug only captured the passphrase but will not say how they accomplished this. From the material the FBI initially provided to the court it does not look like the device captured just the passphrase (there were pages of data). That is the basis of the defense demanding the details of the bug.

      As to why they don't want to reveal the details, possibly they have a few hundred of these logging away on "interesting" computers and they don't want people to know what to look for.

      [1] The wiretap issue comes about because the defendant used the computer to access his AOL mail account. Thus the keylogger may have captured communications that were sent over telephone lines.

  63. You know by Hobobo · · Score: 1

    Just register. The New York Time provides us with extremly high quality reporting, and all they ask is to take a couple seconds to register. That's not that much for free access to one of, if not the, finest newspapers in the country.

  64. Keyghost! by Daniel+Rutter · · Score: 2
    > Check out www.keyghost.com for an example.

    Ooh! Ooh! A chance to troll for site traffic :-)!

    My review of the Keyghost II Professional is here. It links to my older review of their Security Keyboard, which has a hardware logger built in.

    They're a bit expensive, but they're very nifty gadgets, if you feel like being Big Brother for a change.

  65. Re:Karma is stupid. by blitz_0ne · · Score: 1

    Thank you.
    You sir are the BOMB!

    --
    Eres puto...soy cabron...
  66. How it works by ModelX · · Score: 1
    The communication between PC and keyboard is a simple low-speed serial protocol. The cable is unshielded and acts as a transmitter. The signals are squarish and will transmit well. Now take a good directional receiver (even beter use more and some digital processing to locate transmitter). You get the bits, now use an ascii table to look up what was typed.


    Want to defeat this? Use some metal shielding around keyboard cables and connectors. Put your keyboard in a metal case, so that it's open only from the top. If someone's on your house's roof, you know what's going on. Wanna know more? Go to google and search for TEMPEST.

  67. It's simple by macdaddy · · Score: 2

    If it's ruled as inadmissible (sp?) then the Gov has no case. Everything they have came from what they got via that tap. If tap == illegal, evidence acquired via tap == inadmissible.

  68. Switch the Hard Drive??? by Spock+the+Baptist · · Score: 1

    It seems to me that the simplest way to get around hardware based key loggers is to pull the hard drive/s from the old computer, and install it/them into a new computer. If the hard drive/s that contain the important data contained only said data then any additional code that was added to the hard drive would be fairly easy to detect.

    If there were some concern that there was some sort of hardware based key logger attached to the hard drive then when you got the drive/s back transfer the data to a new hard drive/s, and slag the old drive/s.

    FWIW

    --
    "Oh drat these computers, they're so naughty and so complex, I could pinch them." --Marvin the Martian
  69. Re:Evidence would not be admissable in UK courts by Performer+Guy · · Score: 2

    Hmm, this makes the UK law look good, until you consider that the cabinet just has to sign a D list and the suspect is up the swannee. Just look at the Iran supergun affair. The cabinet was ready to sell an honest businessman's life & reputation down the Swanee, and only Michael Hesseltine saved him from going to jail, because the other corrupt scumbags in the cabinet REFUSED to release evidence that proved he was working in full cooperation with the government and not trying to smuggle arms to Iran.

    Take your glorious British laws and your RIP bill and shove them, instead of waving them around here.

  70. Re:Evidence would not be admissable in UK courts by DaveHowe · · Score: 2

    I hate to tell you this - but there is a long history in the UK of judges saying "this evidence was illegally gathered; I expect disiplinary action against the officers concerned, but as your case relies on it I won't throw it out...."

    --
    -=DaveHowe=-