Slashdot Mirror
Judge Upholds FBI Keyboard Sniffing
mshiltonj writes: "Wired is reporting that keyboard sniffing can be used to catch "mobsters." I feel safer already. You can read the ruling. Here's a snippet: "This case presents an interesting issue of first impression dealing with the ever-present tension between individual privacy and liberty rights and law enforcement's use of new and advanced technology to vigorously investigate criminal activity. It appears that no district court in the country has addressed a similar issue. Of course, the matter takes on added importance in light of recent events and potential national security implications." Translation: Don't deny us this tool or you'll be blamed for us not catching terrorists." See also an Infoworld article. We have several previous stories on the Scarfo case.
I'm sure others will notice this, but how exactly does the installation of the sniffer take place? Since there is no warrant, and only a court order, do the authorities have the legal backing to "break and enter" a computer to install the sniffer? Is a computer awarded the same rights as a physical place (i.e. apt, home, etc...)?.
Also, if the sniffer is sent as a trojan'd email or program, could this lead to entrapment defenses based on the enticement used in the delivery method?
"Moving through the masses like a fish through water." syrup
Please read the article.
Previously, the FBI had to get a wiretap order, under Title III, which has to be signed by the Attorney General or the Deputy. In this case, the FBI was able to gather their evidence using only a search warrant, which any judge can issue.
The FBI's argument was that because the device only intercepted intra-computer communication (i.e. from the keyboard to the CPU) and not computer to computer communications, those communications are not protected by the Wiretap statute (18 USC 2518).
The real danger here lies in how wiretapping is shifting from being an activity you need to actively monitor via an external resource, and is becoming a self-contained object you drop into the suspect's house and fetch later. The latter you only need a court order. The former you need a full warrant.
Until a judge figures out that loggers and tappers are basically the same thing with two different methods of planting and unplanting, this ruling will stick, unfortunately. And once voice recorders are small enough to be plantable devices without any active collection needed (or video recorders, or combination video and audio and keystroke and data packet sniffer and so on) then little black boxes can sneak into anyone's home on thin suspicion.
The FBI still had to obtain a search warrant. That means they have to go before a judge and show that there is probable cause (i.e. enough information available to convince a reasonable person) to believe that such a search will yield evidence of a crime. The FBI can't just do this willy-nilly. They have to get a judge's approval first.
The US has the concept of the citizen/soldier. Basically, the average citizen is required, when called, to provide for the common defense.
While police are not the military, they are still providing for that common defense. Why should anything be reserved to a government agency, and kep away from the people at alarge? Isn't this a government of the people, by the people, for the people? A lifetime membership oin the public beauraucracy [sorry for my spelling] is a frightening thing.
I'm starting to think the ancient Athenians had it right.
Public service there was should be involuntary, random , and short.
I am a former Military officer, so no need to tell me about military secrets and stuff like that. Far more of our offensive ability comes from our advanced manufacturing power than scientific advances on the US has. I've served my time, and have now returned to the (server) farm.
Open Source Identity Management: FreeIPA.org
contrary to /. belief. It specifically states that law enforcement needs a search warrant before searching your property or person. Now since they didn't have tcp/ip or telephones in those days it's up to the court system to update the meaning of our constitution as times and technology changes. That's how it has always worked. If you're a suspect and a search warrant is issued our law enforcement agencies have been able to search your property for the last few hundred years.
Come on. There is absolutely nothing wrong with this. This is exactly how police surveillance should happen. A court order is still required. It is difficult to do on a large scale, at least when a physical key logger is used. It does not require people to use broken encryption. The problem starts when people are forbidden from verifying the integrity of their own computers.
bb
The FBI's argument was that because the device only intercepted intra-computer communication (i.e. from the keyboard to the CPU) and not computer to computer communications, those communications are not protected by the Wiretap statute (18 USC 2518 [cornell.edu]).
Which is kinda like saying they can put a bug directly in your phone, because then it's only recording what's going from your mouth to the microphone, not phone to phone, and thus not a wiretap.
Granted, in a computer not all keystrokes are going to be transfered over the network, but how can you, the observing FBI agent, know which are which until you look at all of them? I can't see how you could possibly avoid looking at information (like a typed email) that should be require a wiretap order.
But then again, I'm too jaded and cynical to work up much anger when the FBI makes a grab for a little more power. One day my children will wake up and find themselves in a police state where you are born free until an officer of the law says otherwise, and no one will be able to understand how it happened because they won't notice that it has.
The enemies of Democracy are
Here's the relavent part of the decision:
"Acting pursuant to federal search warrants, the F.B.I. on January 15, 1999, entered Scarfo and Paolercio's business office, Merchant Services of Essex County, to search for evidence of an illegal gambling and loansharking operation. During their search of Merchant Services, the F.B.I. came across a personal computer and attempted to access its various files. They were unable to gain entry to an encrypted file named ?Factors.?
Suspecting the ?Factors? file contained evidence of an illegal gambling and loansharking operation, the F.B.I. returned to the location and, pursuant to two search warrants, installed what is known as a ?Key Logger System? (?KLS?) on the computer and/or computer keyboard in order to decipher the passphrase to the encrypted file, thereby gaining entry to the file."
Note that the FBI has a warrent for the first entry, and returned with new warrents to install the KLS. I'm as paranoid as the next guy about government intrusion (hence my Libertynews.org website) but the FBI followed the rules here. And as detailed in previous articles they actually bent over backwards to make sure the KLS did not record any of his online keystrokes.
This is the kind of thing that civil libertarians should be applauding, proper use of warrents and use of technology to limit the scope of thier intrusion.
Remember Lexington Green!
In order to combat this, the FBI designed their keylogger to go innactive while the modem was connected. I still have some lingering questions about this. E-mail is asynchronous. With many e-mail services (Eudora, Outlook, and AOL), the underlying software lets you compose e-mail offline and store it to disk, automatically transferring it at a later date. Personally, I compose a lot of my e-mail when my computer is offline -- these days, I spend half my time on airplanes, it is when I get the most e-mail written, I sync when I land at the next destination.
Another worrisome trend is that the hearings were "ex parte in camera" -- meaning in the judges private chambers without the presence of defense attornies. The FBI claims the details must remain a secret for national security reasons. The defense attornies are only provided a sanitized summary of the keylogging features, not the full details. This is worrisome because it prevents the public from understanding the details of what is really going on. As we saw in the Carnivore case, the FBI was free to define its own boundaries. For example, when Carnivore grabs e-mail summaries, I would interpret the court order as allowing capture of only the SMTP "envelope" containing the TO/FROM addresses -- the FBI interprets this as capturing the full e-mail headers. I think this is a gross violation of civil liberties, but there is no way to challenge this. Likewise, the keylogger details may show similar gross violations of civil liberties, but the FBI hides behind its cloak of "national security".
The thing is, there are no important details to keylogging. You can go to http://www.keyghost.com for your own hardware-based keylogger, or you can download numerous keyloggers off the Internet. There are some difficult problems. For example, PGP 6.0 introduced a keyboard driver that intercepts your keystrokes: when you type your password, this driver routes them around Windows. Thus, while it appears that you are typing in a dialog box, this is only an illusion. Standard software keyloggers for Windows will not capture the passwords. (This is why PGP 6 doesn't work well with Win2k -- it doesn't have the power management features, so it prevents Win2k from going into "suspend/hibernate" mode).
Anyway, I'll be posting some more detailed analysis later this month on my personal website. In addition, I'm providing a $10,000 bounty for anybody PC containing an "interesting" keylogger -- maybe one from the mafia doing industrial espionage, maybe one from the FBI, I don't care. I'll be posting the full details to my website (http://www.robertgraham.com).
B r o w s e t o a w e b p a g e w i t h l o t s o f w o r d s o n i t a n d t h e n c u t a n d p a s t e e a c h l e t t e r y o u n e e d.
Kind thoughts do not change the world