Slashdot Mirror
Keyloggers Now Classified Technology
general_re writes: "The New York Times (free reg required blah blah blah) is reporting that the Department of Justice is still refusing to turn over details of how the keystroke loggers used against Nicky Scarfo worked, claiming that revealing how it works "would render it useless in future investigations" as well as claiming that it is classified information. Nevermind that this also prevents his lawyers from evaluating or attacking the credibility or accuracy of the evidence arrayed against him. One interesting question raised is whether it's always been classified, or if they're retroactively classifying it in order to avoid revealing how they work."
Comrades, welcome to the CCCUSA.
Big Brother is watching.
We must continue to stand up for ourselves or the government is really gonna run us over with all this BS
Before we know it, there could be keyloggers for everyone to download!
I believe the same to be true of the Carnivore system, even though I readily defend its use as legitimate.
What if they classified the tape and tape recorder they used to tape a conversation - no one would be able to check the tape to see if it was or could have been altered!
quis custodiet ipsos custodes - Juvenal
Just replace the "www" in the link with "archive".
For this link, it is
http://archive.nytimes.com/2001/08/25/technolog
It
a) Saves all the "No reg link" posts, and
b) Saves all the "Anonymous login" posts, and
c) just makes the world a better place in general.
Thanks!
It sounds like the FBI has built upon existing key logging technology. I imagine those are patented, right? So distribute that information. If it's similar enough, then the same methods to defeat it would work against the FBI's stuff. This what the FBI is claminig they are trying to avoid by releasing details.
Of course, this information should only be used to prevent unscrupulous business competitors from using key logging against you ;-). Don't use it to cover up a crime, like reading and encrypted e-book.
Robotiq.com is heavily tested on animals
technology ? If the DoJ won't share, I think "we the people" should make every effort to see that any knowledge we have is made available. Someone had to write this for them.
errr....umm...*whooosh* *whoosh* Is this thing on ?
What does your constitution say about this? What are they allowed to do to you in this sense?
Furthermore I think they *must* release their technology that they used, to give him a fair chance. Or am I wrong here?
The innaresting thing to me is that the defense is trying to play the "keylogger = wiretap" card, and therefore invalidate the evidence because it wasn't acquired under the corrent warrent.
Now, why would the Feds not want to disclose the mechanism of their keylogger? Either it's typical spook selfishness OR they think that doing so would strengthen the defense's argument. I havn't looked at the actual details of the argument the defense is making, so it's hard to tell if this is part of the motivation for the "it's classified" song and dance.
On the one hand, perhaphs they just don't want people knowing how the FBI keylogger works as opposed to all the others. Maybe because, shame shame, it's the same as the market variety.
But maybe it interfaces automagically with some external snooping device. That would be both something they'd rather not let people know about AND something that would give the defense the winning argument in the court case.
(start carnivore paranoia ranting... now)
Howard Dean for president
In Animal House it was a joke. For the feds it's becoming a habit. This is an outrage -- but I don't think it will hold up in court. When you present evidence like this, you have to establish its reliability. And "Trust US' isn't good enough.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
. . .
Must make this short (as there's a god long debate behind what follows) but this would make inadmissable any collected evidence in a UK court.
This would be because there is then no person or other body of evidence available to question regards veracity.
Evidence rules here very tough, and the case would be almost immediately thrown out.
This is tantamount to claiming the Ivisible Man as witness and the prosecutor or plaintiff claiming they cannot bring him for cross examination because they cannot find him.
The anaology is the same, if something cannot be shown to court, it may not bear witness.
This is the first basic rule of civilisation and law over hearsay, rumour and superstition.
Presumably, at least, the "classified the technology in question properly" is to ensure that there's actually something that deserves real protection, not just a lame attempt to keep it unaccountable and unquestionable under the mantle of National Security. It also appears to be pretty clear that the classification has to predate the claims against it. If they're trying to classify it retroactively to avoid accountability, their attempt is likely to blow up in their face.
There's no point in questioning authority if you aren't going to listen to the answers.
Was there a keylogger to begin with?
Perhaps they just handed over the encrypted data to the NSA who promptly cracked it. Now, how do you use this in court without revealing that it was NSAs monster cracker that did all the work.
You invent a keylogger!
The standard the court promulgated is as follows: Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a "search" and is presump-tively unreasonable without a warrant.
The slip opinion (99-8508) is available in pdf format
Although the government did have a warrent to search thus supects home in this case, they did not have permission to wiretap. Since the bug could concievably be used to wiretap, the government has the responsibility to provide evidence that the device did not go beyond the scope of the existing warrant.
Kyllo suggests that, since the device's capabilities are secret, such a device is presumptively not in public use, and requires the most expansive of warrents for legal use. Since the feds did not have a wiretap warrent, and such a device could be used for such activity, the placement of the device is illegal. (IANAL)
In the words of Gore Vidal (not usually one of my favorite people), "Now that the Great Red Menace is gone, the government can now turn its attention to the real enemy, which is now, and always has been, the people."
Welcome, UStasi.
Don't take life too seriously; it isn't permanent.
If refusing is helping catching bad guys, I'm all for it.
"Those who would trade their essential Liberty for a perceived temporary Security deserve neither Liberty nor Security" --Ben Franklin
If refusing is lopping the legs off the constitution, I'm against it. Right now, without answering questions, we can only assume that they're hiding something. If they thought it would stand on its own merit, they should've applied for the wiretap order. Of course, the judge would ask if they'd see him register for access to NY Times articles, or a Slashdot registration, or even a flame email that was typed but subsequently cancelled and thus never sent. My guess is that since the answer would be "Yes" to all those questions, they knew a wiretap order wouldn't be signed, as the information gathered would be beyond the boundaries of the order.
What they SHOULD have done was take the PGP source, write in a routine to either store or forward the passphrase, compile it, and tote that to the federal judge, and apply for the wiretap with THAT rather than something they bought from a spam mail about tracking your kid online. I would expect that they could get a judge to buy in on that since it would (and could) only intercept the information they were seeking.
Also, you're presupposing that all people they "catch" are "bad guys". Sadly, such is not the case, but we won't even begin to get into that.
The truth about Scientology, Xenu, and you: Operation Clambake
Still, it reflects a general opinion within the FBI that they should be able to tap computer-related information without a full wiretap order. There are two kinds of information gathering here - a wiretap order, which allows interception of content, and a "pen register" order, which allows collection of data about who someone called by phone. The problem is that the FBI has been trying to expand what can be collected with a "pen register" order to cover almost everything that doesn't go through a microphone. The FBI position has been that pager messages, dialed digits, text messages, cellular location, etc. should be easily available to law enforcement. Or, "all the new stuff belongs to us".
"two wrongs don't make a right"
No, but two Wrights made an airplane.
Amendment IV
The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon probable cause, supported
by Oath or affirmation, and particularly describing the place to be
searched, and the persons or things to be seized.
This is just FBI legal maneuvering, and we all know it, because keylogger tech is quite common. I know of at least 10 different keyloggers that you can download off the web.
As a side comment--this is another case of new technology that the average person doesn't understand well(or at all), being used to degrade our rights.
"The price of liberty is eternal vigilance."
Damnit, Jim, I'm an anarchist, not a F@#$!^& doctor!
That seems to be a common response by defense attorneys in cases like this; demand classified information, then when it's not provided get the charges reduced or dismissed. Fortunately judges have learned that "just trust us" from US intelligence agencies isn't a valid basis to take someone's rights away.
I also doubt the judge possesses the clearance required to evaluate it himself, so no one may be able to evaluate it's accuracy.
The FBI won't be able to pull a "you're not cleared for that" on a federal judge. If he asks for it, they either give it to him, drop the charges, or try to appeal to a higher court.
Recently, the supreme court decided that infared surveyance, and other "high technology" surveyance of someones's house was unconstitutional, since they involve an unreasonable invasion of privacy without a warrant. In other words, that to look in someone's house, you need a warrant, even if you aren't physically entering.
So how does this apply to a keystroke monitor? Isn't that an unresonable invading of privacy, using a technology to circumvent "searches of persons and papers"?
Does the FBI need a warrant to install one of these? Or if the computer is used for "business" (even illegal business) does the constituional prohibition against unreasonable search not apply.
And more important, if we don't know how this works on a technical level, how will we ever find out whether or not it is constitutional?
Hopefully I didn't put any [] around my words.
You're assuming that a mobster wouldn't have the money to burn on toys like an LCD monitor, or maybe even a laptop.
I'm sorry your Honor but I cannot testify on how our classisfied Shoulder Surfing technology works. I can only tell you it works.
Why not just bring counter-suit under the DMCA for unauthorized circumvention of an encryption scheme?
Vintage computer games and RPG books available. Email me if you're interested.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Things don't have to be born classified, per se. What it really takes is a guy in a government office deciding that it ought to be classified and the understanding that the info has never been made publicly available.
With science and technology projects in government most things start out with the ubiquitious "Protect as Restricted Data" designation, which means it's not important enough to guard or lock up but don't go talking about it or publishing to the public. Later on someone comes along and decides that the project or whatever has becomes more important (i.e. it actally works and is useful), and then bumps the security classification up.
The trick here is that almost nothing starts out truly unclassified unless intentionally designated so (for example some pure research efforts).
Sooner or later they have to show someone the specs, if not this judge then a higher judiciary, and there are judges with exceptional clearance (such as those that approve NSA snooping). I think the bigger concern is whether he has the technical savvy to interpret the information he is given accurately.
"We have this secret evidence against, and you must trust us to tell you that you are guilty of crimes that violate these secret laws. If you knew what these laws were, we would have to shoot you.
[snort]
"The liberty of a democracy is not safe if the people tolerate the growth of private power to a point it becomes stronger than their democratic state itself. That, in its essence, is Fascism - ownership of government by an individual, by a group or by any controlling private power." -FDR
Sounds like we made it.
We won the war against fascism, and communism, (WWII, Cold War, etc) only to be left with a communistic fascism called a corporate democracy. It is a communism of fascistic corporate interests.
Time to blow the planet while there is still a chance.
- - -
Radio Free Nation
is a news site based on Slash Code
"If You have a Story, We have a Soap Box"
- - -
"It is a greater offense to steal men's labor, than their clothes"
OTOH in the UK they wouldn't have needed a keylogger to get the key. They can demand your PGP passphrase (the computer was seized legally, so that's not the issue) and throw you in jail if you don't divulge it. It's up to the accused to prove that he doesn't know or has forgotten it, and if he can't prove that then he can be imprisoned for failing to cooperate.
There's no point in questioning authority if you aren't going to listen to the answers.
Yes, but they didn't have permission to. Isn't DeCSS using a proper Xing key?
Vintage computer games and RPG books available. Email me if you're interested.
At least it let you log in, which is more than it would do for me.
I see even classic Slashdot is now pretty much unusable on dial up anymore.
The story is under the "censorship" topic, for which there doesn't seem to be a Slashbox. In other words Slashdot published it but came as close to hiding it as possible. Ironic, huh?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
If I were going to log keystrokes, I would be tempted to use the parked van approach. I'm sure with a reasonable budget and access to better technology, reading keystrokes would be easy at moderate distances.
chongo () /\__/\
chongo (was here)
" No, not really. It's the same technology that allows a remote listener to decode printer, keyboard, fax and all sorts of other electronic gizmos."
The electrical impulses used in a keyboard is orders of magnitude less than those used in your average business fax machine or printer. And with both the fax machine and the printer, the electric motors used are extremely noisy when compared to the print head. If the printer in question is a dot matrix... maybe...
"Without taking special TEMPEST precautions there is no reason a laptop or LCD couldn't be read also."
The difference in EM radiation output between a CRT and an LCD display is like the radiation difference between uranium and gold. One involves accelerating ions to relativistic speeds, the other involves minisculse voltage differences. Combine that with the way EM drops off exponentially with distance, and, well... you get the idea.
IMO, if you're using an LCD display, and you take any precautions beyond, say, turning on a ceiling fan, you're being too paranoid.
Now, why would the Feds not want to disclose the mechanism of their keylogger? Either it's typical spook selfishness OR they think that doing so would strengthen the defense's argument. I havn't looked at the actual details of the argument the defense is making, so it's hard to tell if this is part of the motivation for the "it's classified" song and dance.
Defense: "Prove beyond a reasonable doubt that you got a warrant to gather this information or that the keylogging was otherwise not an unreasonable search and seizure."
Feds: "Umm..... uh...."
Defense: "Motion to reject this evidence."
Perhaps they learned their lesson from the Sklyarov debacle and are trying to get a judge to rule the "wiretapped" evidence inadmissible.
Will I retire or break 10K?
<ConspiracyTheory>
I choose instead to believe that some FBI agent talked to a buddy with the NSA, and they picked the PGP key for him, with the understanding that the "keyboard logger" cover story would be used.
Now that things have gone in the dumpster, there IS NO KEYBOARD LOGGER to disclosed the details of.
</ConspiracyTheory>
Besides, anyone with a DigiKey catalog and some time could build a VERY sweet keyboard logger, with remote dump via radio, etc. We should have a contest to see how few PIC chips it takes.
--Mike--
Ooh! Ooh! A chance to troll for site traffic :-)!
My review of the Keyghost II Professional is here. It links to my older review of their Security Keyboard, which has a hardware logger built in.
They're a bit expensive, but they're very nifty gadgets, if you feel like being Big Brother for a change.
If it's ruled as inadmissible (sp?) then the Gov has no case. Everything they have came from what they got via that tap. If tap == illegal, evidence acquired via tap == inadmissible.
Hmm, this makes the UK law look good, until you consider that the cabinet just has to sign a D list and the suspect is up the swannee. Just look at the Iran supergun affair. The cabinet was ready to sell an honest businessman's life & reputation down the Swanee, and only Michael Hesseltine saved him from going to jail, because the other corrupt scumbags in the cabinet REFUSED to release evidence that proved he was working in full cooperation with the government and not trying to smuggle arms to Iran.
Take your glorious British laws and your RIP bill and shove them, instead of waving them around here.
I hate to tell you this - but there is a long history in the UK of judges saying "this evidence was illegally gathered; I expect disiplinary action against the officers concerned, but as your case relies on it I won't throw it out...."
-=DaveHowe=-