Slashdot Mirror
Judge Upholds FBI Keyboard Sniffing
mshiltonj writes: "Wired is reporting that keyboard sniffing can be used to catch "mobsters." I feel safer already. You can read the ruling. Here's a snippet: "This case presents an interesting issue of first impression dealing with the ever-present tension between individual privacy and liberty rights and law enforcement's use of new and advanced technology to vigorously investigate criminal activity. It appears that no district court in the country has addressed a similar issue. Of course, the matter takes on added importance in light of recent events and potential national security implications." Translation: Don't deny us this tool or you'll be blamed for us not catching terrorists." See also an Infoworld article. We have several previous stories on the Scarfo case.
so we know they can now break in and install a device as well as slip in a trojan.
what solutions are there? as for software, i've seen one site about free-ware antivirus, but it was linux only (like linux needs av software!). it would be nice if there was open-source AV for windows. any pointers?
as for hardware, other than having intimate knowledge of your own hardware (always checking your keyboard cable connection and keeping your chassis open for inspection), i can only think of sealed, tamper proof computer chassis.
https://www.accountkiller.com/removal-requested
I don't see anything wrong with the police searching, or spying on, someone if they first get a warrant.
Best Slashdot Co
I'm sure others will notice this, but how exactly does the installation of the sniffer take place? Since there is no warrant, and only a court order, do the authorities have the legal backing to "break and enter" a computer to install the sniffer? Is a computer awarded the same rights as a physical place (i.e. apt, home, etc...)?.
Also, if the sniffer is sent as a trojan'd email or program, could this lead to entrapment defenses based on the enticement used in the delivery method?
"Moving through the masses like a fish through water." syrup
Here are some excellent step-by-step instructions on securing Linux, Solaris, and NT.
Please read the article.
Previously, the FBI had to get a wiretap order, under Title III, which has to be signed by the Attorney General or the Deputy. In this case, the FBI was able to gather their evidence using only a search warrant, which any judge can issue.
The FBI's argument was that because the device only intercepted intra-computer communication (i.e. from the keyboard to the CPU) and not computer to computer communications, those communications are not protected by the Wiretap statute (18 USC 2518).
If they get a warrant first.
Best Slashdot Co
If you keep the cables a secret, expect them to be severed almost daily.
Who cares is the FBI smells my keyboard? It prolly just smells like sweat and doritos.
The real danger here lies in how wiretapping is shifting from being an activity you need to actively monitor via an external resource, and is becoming a self-contained object you drop into the suspect's house and fetch later. The latter you only need a court order. The former you need a full warrant.
Until a judge figures out that loggers and tappers are basically the same thing with two different methods of planting and unplanting, this ruling will stick, unfortunately. And once voice recorders are small enough to be plantable devices without any active collection needed (or video recorders, or combination video and audio and keystroke and data packet sniffer and so on) then little black boxes can sneak into anyone's home on thin suspicion.
The FBI still had to obtain a search warrant. That means they have to go before a judge and show that there is probable cause (i.e. enough information available to convince a reasonable person) to believe that such a search will yield evidence of a crime. The FBI can't just do this willy-nilly. They have to get a judge's approval first.
The US has the concept of the citizen/soldier. Basically, the average citizen is required, when called, to provide for the common defense.
While police are not the military, they are still providing for that common defense. Why should anything be reserved to a government agency, and kep away from the people at alarge? Isn't this a government of the people, by the people, for the people? A lifetime membership oin the public beauraucracy [sorry for my spelling] is a frightening thing.
I'm starting to think the ancient Athenians had it right.
Public service there was should be involuntary, random , and short.
I am a former Military officer, so no need to tell me about military secrets and stuff like that. Far more of our offensive ability comes from our advanced manufacturing power than scientific advances on the US has. I've served my time, and have now returned to the (server) farm.
Open Source Identity Management: FreeIPA.org
contrary to /. belief. It specifically states that law enforcement needs a search warrant before searching your property or person. Now since they didn't have tcp/ip or telephones in those days it's up to the court system to update the meaning of our constitution as times and technology changes. That's how it has always worked. If you're a suspect and a search warrant is issued our law enforcement agencies have been able to search your property for the last few hundred years.
Come on. There is absolutely nothing wrong with this. This is exactly how police surveillance should happen. A court order is still required. It is difficult to do on a large scale, at least when a physical key logger is used. It does not require people to use broken encryption. The problem starts when people are forbidden from verifying the integrity of their own computers.
bb
The FBI's argument was that because the device only intercepted intra-computer communication (i.e. from the keyboard to the CPU) and not computer to computer communications, those communications are not protected by the Wiretap statute (18 USC 2518 [cornell.edu]).
Which is kinda like saying they can put a bug directly in your phone, because then it's only recording what's going from your mouth to the microphone, not phone to phone, and thus not a wiretap.
Granted, in a computer not all keystrokes are going to be transfered over the network, but how can you, the observing FBI agent, know which are which until you look at all of them? I can't see how you could possibly avoid looking at information (like a typed email) that should be require a wiretap order.
But then again, I'm too jaded and cynical to work up much anger when the FBI makes a grab for a little more power. One day my children will wake up and find themselves in a police state where you are born free until an officer of the law says otherwise, and no one will be able to understand how it happened because they won't notice that it has.
The enemies of Democracy are
Here's the relavent part of the decision:
"Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named ?Factors.?
Suspecting the ?Factors? file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a ?Key Logger System? (?KLS?) on the computer and/or computer keyboard in order to decipher the passphrase to the encrypted file, thereby gaining entry to the file."
Note that the FBI has a warrent for the first entry, and returned with new warrents to install the KLS. I'm as paranoid as the next guy about government intrusion (hence my Libertynews.org website) but the FBI followed the rules here. And as detailed in previous articles they actually bent over backwards to make sure the KLS did not record any of his online keystrokes.
This is the kind of thing that civil libertarians should be applauding, proper use of warrents and use of technology to limit the scope of thier intrusion.
Remember Lexington Green!
In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.
Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".
The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).
Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com).
that I don't want the government brandishing.
Don't get me wrong, I'm not one of the types that thinks everytime the government makes a new law or whatever that it is a bad thing. I simply feel that privacy is one of our most sacred freedoms.
If the government taps me accidentally instead of their intended target, and they discover me doing something that violates a law in a minor way, they are going to pursue getting a warrant so that they can use the information legitimately next time it happens. Point is they didn't have the right to tap me in the first place.
Second point is this. If I get tapped by accident (net-criminal spoofed my IP/connection details) and a third party hacker (i'm simplifying this.. i know i'll catch heat for using hacker)intercepts the signal, he may learn of information that puts me, my career, or my life in danger.. information that would not have leaked had it not been for the government adding a hole to my system. I doubt the government would compensate me if I lost my job for leaking trusted information to the web.
I'm all for anything that aids our law-enforcement officials, as long as they are responsible and take ownership of the consequences.
Making it mandatory for the government to notify you that you are being snooped defeats the purpose of the monitoring in the first place. A more suitable method would be allow concerned individuals email or call to request whether or not they are being snooped. Then if they ARE snooping you, and they have reason, they can ask you to see a local court to discuss the matter without actually stating that they ARE monitoring you. That is one faster way of getting the criminals into court, if they are foolish enough. It also protects the innocent. Of course if the government is 'accidentally' snooping you, they will just tell you "no, we aren't monitoring you" because they think they are monitoring the person spoofing your connection.
A better solution is a time-passworded utility that you can install and call to request the current password. The utility would check your system for the trojan. If that is the case, I'm all for this course of action against cyber-crime.
-fc
.
. echo -e \\04 >
While I have not (yet) seen equivalent products for USB on the market, sniffing USB is even easier than PS/2.
I'm sorry, I just get annoyed when people say things about which they have no idea. What part of sniffing USB is easier? The hardware would be much more complex. You have to identify which frames belong to the keyboard and not the printer, scanner, mouse etc. if you are using a hub. There's a lot more information to process and if you want to process it later, then you have to store a lot more. I don't see how it's any easier, actually its harder. PS/2 on the other hand is a very simple protocol, very simple hardware can process it.
If you were perhaps talking about the software level, you still have to hook into the keyboard drivers, the USB or PS/2 stuff is abstracted to the keyboard driver, so on that level they are about the same degree of difficulty. And actually, sniffing linux is pretty easy too, I'm sure the FBI could do it, granted they would have to recompile the kernel since the keyboard stuff is usually not a module, but very do-able...
"Karma can only be portioned out by the cosmos." -Homer Simpson
B r o w s e t o a w e b p a g e w i t h l o t s o f w o r d s o n i t a n d t h e n c u t a n d p a s t e e a c h l e t t e r y o u n e e d.
Kind thoughts do not change the world
They've set up military tribunals,
These are explicitly for non-US citizens caught abroad, trying to attack the US. US citizens aren't subject to them (they've got constitutional rights). Residents of the US aren't subject to them (the Supreme Court says that non-citizens who are residents of the US have constitutional rights). Stop being an idiot.
email/keyboard sniffing
This case was explicitly about a mafioso, so how is the terrorist excuse working here? Besides, WIRETAPS ARE LEGAL WITH A JUDGE'S PERMISSION. This is just the 21st century version of the wiretap. Stop being an idiot.
, hundreds of detnetions,
And every single detainee is either someone who has violated the law (overstaying their visas, for example) or who is a material witness who is likely to flee. Unless you know better, oh stupid one? This is the exact same thing that liberal icon Bobby Kennedy did when he started taking on the mob; if a reputed mafioso spit on the sidewalk, he would be arrested for violating public spitting laws (which exist to prevent the spread of disease). Was it OK for Bobby Kennedy to do? Did civilization collapse?
racial profiling
Note to moron: you would have to be willfully stupid to not wonder about a muslim booking a one-way ticket on a jumbo jet, taking no baggage. Idiots don't pay attention to patterns just because it's not politically correct. Oh, and the majority of American Blacks are in favor of racial profiling to prevent terror attacks, so you can assuage your white, upper-middle class guilt.
under this "terrorism" excuse.
Excuse? If you think this is a fucking excuse, please tell me where the Twin Towers went. Do you think they're on holiday in Paris?
Russia says the Chechyns are "terrorists."
The Chechens are terrorists. They blew up several apartment buildings in Russia two or three years ago. That's what prompted the renewal of the Chechen war. There had been a cease-fire for about a year until they started blowing up civilians in Russia. Sorry to let actual facts get in the way of your mindless diatribe.
China's calling Taiwan "terrorist,"
China is run by a group of evil people. They've been calling the Taiwanese whatever name seems to strike a nerve in the West. It's like Saddam calling the US/British no-fly zones "terrorist" or "criminal." When the evil ones call you names, you're doing well.
-jon
Remember Amalek.
There is a theoretical solution to this, using quantum diodes and open source software it is possible to create an untapable system. The quantum diodes would be part of an optical based keyboard. When any photons are prematurely observed, the whole thing errors out.
The nature of open source software would make it difficult to add flaws that couldn't be detected if wanted. In fact, the encription program could do MD5 sums on the kernel and all parts of the OS that grap keystrokes making that impossible too.
Other ways like a video grab of the keyboard, or biometrics on the individual typing could be done too. But I think the simplest way would be with a smart card that had a mini ATM keyboard on it. The user would keep it in his wallet at all times, and key in a pin before using it - too many guesses would permanently disable it.
I actually think the Scarfo case is a good thing. The logger was used in accordance with a court order, and the whole thing gives lie to the argument that we can't have readily available crypto because it makes the actual bad guys invulnerable to law enforcement.
-
Give me liberty or give me something of equal or lesser value from your glossy 32-page catalog.
Ah, the key difference.
Active communications (e.g. e-mail in transit) are protected by 18 USC 2518. Stored communications that you're talking about, such as e-mails you've received, chat logs, and the like, are protected under 18 USC 2703. The rules regarding these protections, also sometimes called the Electronic Communications Privacy Act (ECPA) are rather complicated and depend greatly on the type of information, how old it is, and where it's being stored.
The differences active and stored communications can be summed up this way: To intercept an active communication, the government must show probable cause that the interception will yield evidence of a crime. If a federal judge agrees, he will grant a wiretap order, or authority. To obtain stored communications (e.g. connection logs, billing records, stored e-mail, etc.), the government must present probable cause to a judge, who can grant either a search warrant or a court order (also called a 2703 order). The type of records being obtained determines whether a court order or search warrant is issued.