Judge Upholds FBI Keyboard Sniffing

mshiltonj writes: "Wired is reporting that keyboard sniffing can be used to catch "mobsters." I feel safer already. You can read the ruling. Here's a snippet: "This case presents an interesting issue of first impression dealing with the ever-present tension between individual privacy and liberty rights and law enforcement's use of new and advanced technology to vigorously investigate criminal activity. It appears that no district court in the country has addressed a similar issue. Of course, the matter takes on added importance in light of recent events and potential national security implications." Translation: Don't deny us this tool or you'll be blamed for us not catching terrorists." See also an Infoworld article. We have several previous stories on the Scarfo case.

Re:Am I missing something?

[agentZ]

Please read the article.

Previously, the FBI had to get a wiretap order, under Title III, which has to be signed by the Attorney General or the Deputy. In this case, the FBI was able to gather their evidence using only a search warrant, which any judge can issue.

The FBI's argument was that because the device only intercepted intra-computer communication (i.e. from the keyboard to the CPU) and not computer to computer communications, those communications are not protected by the Wiretap statute (18 USC 2518).

The 4th Amendment is alive and well

[alen]

contrary to /. belief. It specifically states that law enforcement needs a search warrant before searching your property or person. Now since they didn't have tcp/ip or telephones in those days it's up to the court system to update the meaning of our constitution as times and technology changes. That's how it has always worked. If you're a suspect and a search warrant is issued our law enforcement agencies have been able to search your property for the last few hundred years.

Proper procedures were followed

[libertynews]

Here's the relavent part of the decision:

"Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named ?Factors.?
Suspecting the ?Factors? file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a ?Key Logger System? (?KLS?) on the computer and/or computer keyboard in order to decipher the passphrase to the encrypted file, thereby gaining entry to the file."

Note that the FBI has a warrent for the first entry, and returned with new warrents to install the KLS. I'm as paranoid as the next guy about government intrusion (hence my Libertynews.org website) but the FBI followed the rules here. And as detailed in previous articles they actually bent over backwards to make sure the KLS did not record any of his online keystrokes.

This is the kind of thing that civil libertarians should be applauding, proper use of warrents and use of technology to limit the scope of thier intrusion.

Key points

[RobertGraham]

The ruling centers around the question whether this was a wiretap of the phone line. The FBI had search warrants to obtain the passwords, but they did not have a wiretap order for his phone (Scarfo used AOL dialup). Thus, if the keystroke monitor was active while he was chatting on IRC, then it would be the equivalent to a phone wiretap of his AOL communications.

In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.

Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".

The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).

Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com).

Re:Scary, but honestly...

Umm, well.....lets see. Right now, not really. I DO inhale occasionally (OK, more than occasionally) and do a little personal cultivation - visit lots of offshore websites, work with encryption products, am employed as a telecom engineer (SS7, etc) and do not have a US bank account - cash works just fine, thanks. Oh yes, I also do a little hunting, have some rifles around...a handgun for snake country (loaded w/buckshot).

Yeah, I can envision myself being 'of interest'.

Examine your life. Any quirks, 'habits', choice of reading material, web sites visited, banking habits, lifestyle, hell the part of town you live in can mark you for observation! Stop using this damn line of reasoning "those who have nothing to hide have nothing to fear".....EVERYONE has something they would rather not share with the Feds.

Re:how do we protect ourselves?

[Sebastopol]

Quit being a cheap ass, and go buy McAfee Viruscan for $29.99 at WalMart. You must be one of those guys with like a killer box and all, but you have to sit on an upside down cardboard box and eat ramen noodles.

Let me clarify: there has been quite a bit of press about NAV and McAfee supporting the FBI backdoor, that is: letting the fed's virus slip by undetected. The reason why I asked about freeware should be obvious at this point.

Now back to my oh so tasty Ramen... ;-)