Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Tried To Defeat Encryption 10 Years Ago, Files Show (nytimes.com)

Posted by msmash on from the how-it-all-began dept.

An anonymous reader shares a NYTimes article: In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable. So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group's computers to help get around the encryption. That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency's recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround. The Trail Mix records also reveal what is believed to be the first example of the F.B.I. remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap. 'This was the first time that the Department of Justice had ever approved such an intercept of this type,' an F.B.I. agent wrote in a 2005 document summing up the case.

72 comments

  1. This isn't "getting around the encryption" by xxxJonBoyxxx · · Score: 5, Insightful

    "Getting around the encryption" should be "intercepting data before it got encrypted or stealing passcodes with keylogging" or some-such.

    >> They persuaded a judge to let them remotely, and secretly, install software on the group's computers to help get around the encryption

    I really have no problem with this. Here, the FBI went through a legal process to get permission to monitor a suspect to look for specific messages. This is a lot different than law enforcement grabbing all data passing through an area and then fishing around in people's private business for suspicious or embarrassing activity.

    1. Re:This isn't "getting around the encryption" by fustakrakich · · Score: 3, Informative

      "legal process" = rubber stamp

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:This isn't "getting around the encryption" by zx75 · · Score: 2

      Maybe - but it was both limited in scope and targeted based on probable cause (however flimsy the probable might have been). It's better than mass surveillance and does not attempt to bludgeon corporations into violating customer privacy and security using the legal system.

      --
      This is not a sig.
    3. Re:This isn't "getting around the encryption" by fustakrakich · · Score: 2

      The legal system is toothless and corrupt. You are not going to ever prevent "mass surveillance". It's just too easy to do and cover up. We all know it's happening and expanding and resistance is nil. The only option left is to make sure it goes both ways, that we watch over the state the same way they want to watch us. When powerful people and institutions lose their privacy, they might become a bit more cautious on how information is used against a person.

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:This isn't "getting around the encryption" by JoeMerchant · · Score: 1

      So, would you be O.K. with the FBI convincing Microsoft to install an ECHELON front end on every Windows 10 PC? I mean, it would only copy your entire hard drive to their servers if it found certain keywords they were looking for...

    5. Re:This isn't "getting around the encryption" by Anonymous Coward · · Score: 0

      Here, the FBI went through a legal process.

      Meaning simply that instead of directly violating the Constitution themselves, the FBI let the judge do it.

    6. Re:This isn't "getting around the encryption" by Anonymous Coward · · Score: 0

      Windows 10 already has all that.

      smh

    7. Re:This isn't "getting around the encryption" by Tharkkun · · Score: 1

      The legal system is toothless and corrupt. You are not going to ever prevent "mass surveillance". It's just too easy to do and cover up. We all know it's happening and expanding and resistance is nil. The only option left is to make sure it goes both ways, that we watch over the state the same way they want to watch us. When powerful people and institutions lose their privacy, they might become a bit more cautious on how information is used against a person.

      It's basically a wiretap except with software. If they have reason to believe this person was breaking the law you can get a wiretap approved but you need evidence to do so.

    8. Re:This isn't "getting around the encryption" by fustakrakich · · Score: 1

      You only need to construct evidence to do so. Happens all the time.

      --
      “He’s not deformed, he’s just drunk!”
    9. Re:This isn't "getting around the encryption" by Anonymous Coward · · Score: 0

      ECHELON is old-fashioned SIGINT, you ninny. What would it be doing on an average PC?

    10. Re:This isn't "getting around the encryption" by allo · · Score: 1

      Placing a software for this is a no go. Because when i got the FBI malware on my pc, it could just place evidence. So any evidence found on the pc should be invalid in court.

  2. When will we learn? by Anonymous Coward · · Score: 0

    It is never right to do the wrong thing (install malware) to do the right thing (clear or gather evidence against a suspect).

    1. Re:When will we learn? by Anonymous Coward · · Score: 0

      Buncha freaking newbs, this shit has been going on FOREVER

      And, the fact of the matter is that NONE of you are competent enough to understand if encryption is strong or weak, hell PKI was invented by government security researchers, why would you think that they did not already leave back doors available to themselves.

      The lot of you running around wetting your pants is just plain funny, and what exactly are you trying to protect? dickpics?

    2. Re:When will we learn? by Pseudonymous+Powers · · Score: 1

      The lot of you running around wetting your pants is just plain funny, and what exactly are you trying to protect? dickpics?

      Yeah, seriously, all these dumb whiny incontinent idgits blathering about the "Constitution" and the "Fourth Amendment" and "due process" and "rule of law" and "inalienable human rights". Newbs, right? Just shut up already, nobody cares.

    3. Re:When will we learn? by Anonymous Coward · · Score: 0

      Going to court and obtaining a search warrant, or working under the proscriptions of laws like Patriot Act are in accordance with due process and the Consitution, until the Supreme Court rules otherwise, you ignorant fuckwit

    4. Re:When will we learn? by Pseudonymous+Powers · · Score: 1

      Going to court and obtaining a search warrant, or working under the proscriptions of laws like Patriot Act are in accordance with due process and the Consitution, until the Supreme Court rules otherwise, you ignorant fuckwit

      Going to court and obtaining a search warrant is definitely Constitutional, no argument there. That's like, a direct quote, or something.

      The Patriot Act I'm not so sure about. That's kind of like saying "quartering soldiers in someone's private residence is Constitutional until the Supreme Court rules otherwise". If your law is just the text of an existing amendment followed by the words "unless we really feel like it", I'm not likely to be very receptive to urgings to wait and see what SCOTUS has to say about it before making my own judgement.

    5. Re:When will we learn? by Anonymous Coward · · Score: 0

      No, it is not like, "quartering soldiers in someone's private residence is...", because that involved a foreign government which did not allow the people who were being forced to quarter soldiers to have any say in the matter.

      Nowadays we have duly elected representatives who act, on some level, in the interest of their electorate. (yeah, whole 'nother argument there). They pass laws, which make the actions of the people following those laws "legal", until such time that the law is invalidated by act of Congress, vote of the People or ruling by the SCOTUS. So, yes following the letter of the Patriot Act would be legal until the law is changed by one of the mentioned methods.

      Be clear in how you present your arguments, throwing out some unsupportable crap just makes your entire cause look stupid.

  3. First time the DOJ "approved" by fustakrakich · · Score: 1

    That doesn't mean it's the first time they did this.

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:First time the DOJ "approved" by Anonymous Coward · · Score: 0

      I doubt this is the first time any government branch approved of something like this. Encryption has been around far longer than 10 years ago. This article is nothing but click bait for people unaware of the history of encryption.

  4. FSVO "defeating" by gwolf · · Score: 1, Insightful

    Encryption (even more in such general terms, not even mentioning which algorithm or basic representing problem) has not been and cannot be "defeated" as such. It can be circumvented. And, besides some weak cryptosystems that have been proposed and found lacking after analysis (i.e. the knapsacks implementation), the only "useful" general attacks on cryptography are attacks on the implementation: Circumventing cryptography rather than breaking it.

    1. Re:FSVO "defeating" by Anonymous Coward · · Score: 0

      Backdoors abound.

      Vpro/AMT, and whatever AMD calls it.

      No to mention software backdoors such as systemd.

    2. Re:FSVO "defeating" by Hognoxious · · Score: 1

      Encryption (even more in such general terms, not even mentioning which algorithm or basic representing problem) has not been and cannot be "defeated" as such.

      What would you say Alan Turing did to the huns' enigma?

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    3. Re:FSVO "defeating" by gwolf · · Score: 1

      brute-forcing is not defeating. Building a computer that can outperform any previously existing architecture is not defeating. The Enigma still works, given its security parameter. RSA at 384 bits was enough in 1995, but is brute-forceable today - It does not mean it is broken, only that it's too weak.

  5. Those eco-terrorists! by Opportunist · · Score: 1

    Of course there was every reason to break out the big guns here! Encryption, shmencryption, privacy shmyracy, but where could we end up if we couldn't test on animals anymore!

    That's clearly a matter of national security, if not survival of our culture or even the human race altogether!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Those eco-terrorists! by Anonymous Coward · · Score: 0

      An organized group was conspiring to commit property crimes. Law enforcement should let it go because you agree with the group's aims?

    2. Re:Those eco-terrorists! by Opportunist · · Score: 2

      I don't even agree with their goals. I actually don't care. But you REALLY think it's ok to violate and any all privacy laws for what is essentially nothing more than a bunch of vandals?

      Could we at least wait for crime that MIGHT somehow actually affect people negatively before we get casual with police simply breaking into anyone's home to install spying equipment?

      Maybe I'm reacting a wee bit sensitive because such practices were the staple of the Stasi when dealing with "subversive elements". And frankly, I don't need that shit, if anything good should come out of that crap, we should learn that such regimes don't last.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Those eco-terrorists! by Anonymous Coward · · Score: 0

      Just because it's legal to test on animals doesn't mean it's right. It used to be legal to own slaves in the U.S.A. but we stopped doing that.

    4. Re:Those eco-terrorists! by Anonymous Coward · · Score: 0

      So your answer is, yes, law enforcement should let it go?

  6. Really a remote install? by ArchieBunker · · Score: 1

    How did the FBI remotely install anything? Were they sitting on undocumented exploits and tricked the user? Or did they just physically break into the residence and install something?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:Really a remote install? by Anonymous Coward · · Score: 0

      Physically breaking into the residence to install something isn't really remote installation... :-)

  7. Partial credit by s.petry · · Score: 3, Insightful

    Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping. First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

    Wiretapping is legal and has some moral uses. We can correctly state that the person maintains the assumption of innocence while they are being wiretapped. Installing software to spy requires the assumption of guilt, and provides the means for the actors to create evidence.

    The loss of ethics and morality in the agency makes them a gestapo, not a public police force. I'm sure that is the intent of this, and literally thousands of other cases within the last several years. It's the Government against the public, until the public takes back the Government.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Partial credit by Anonymous Coward · · Score: 0

      >>First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act.

      You really crack me up, as if any law passed by Congress would not provide exemptions for our own LE

      Where do you get these childish notions?

    2. Re:Partial credit by JoeMerchant · · Score: 1

      Police break numerous laws in the act of law enforcement every day, right up to and including murder.

      Computer hacking, while illegal, could be seen as a reasonable form of intelligence gathering, in some cases.

    3. Re:Partial credit by Registered+Coward+v2 · · Score: 4, Informative

      Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping.

      They had a warrant to install the software so it no different than a wiretap other than the point of collection.

      First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

      Data and keystroke logging software is not illegal, nor is creating such software. Software to report the results of such activity is not illegal either.

      Simply put, your assertions of illegal and criminal activity is incorrect.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    4. Re:Partial credit by Frank+Burly · · Score: 1

      What makes software illegal?
      How does installing malware require a presumption of guilt?
      What is "a gestapo?"

    5. Re:Partial credit by s.petry · · Score: 1

      Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping.

      They had a warrant to install the software so it no different than a wiretap other than the point of collection.

      The only moral equivalency is in the receipt of a warrant, not the action the warrant supports. If i take what you said to it's extreme, as long as an agent got a warrant to kill someone it's fine. They had a warrant.

      First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

      Data and keystroke logging software is not illegal, nor is creating such software. Software to report the results of such activity is not illegal either.

      Simply put, your assertions of illegal and criminal activity is incorrect.

      I find it very improbable that you are both completely ignorant and spouting lies unintentionally. Here is a test for you. Do what you just claimed is not illegal on a public computer. Make sure you wave to the camera and show them your ID. Let us know how it feels to plea bargain down to 2-5 years in Prison, if you can get it down that far. Just yesterday a reporter got 24 months for giving a username and password to someone.

      Maybe you wish to clarify your statement and change your claim to be "not illegal for the Government to do since they write the rules and can change the rules at will.". Which is the ethical part I previously said is a problem.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    6. Re:Partial credit by Anonymous Coward · · Score: 0

      until the public takes back the Government.

      The public never had the government, in America's case. It was implemented from the get-go as a constitutional republic with an electoral college, so that people felt like they could control the government with votes when really they just got to exercise the illusion of choice over a well-groomed set of candidates that all represent the interests of the wealthy (rather than the many).

      Even if the public completely wiped out the entire government, and built a new one consisting solely of non-wealthy people who promise that their loyalties are to the many and not to the rich, corruption would set in the moment the acceptance speech was finished.

      There is no "taking back" of governance. Governance is, always has been, and always will be, a necessary evil,

    7. Re:Partial credit by DriveDog · · Score: 1

      "...loss of..."?

      Hard to say that. When did Hoover become chief? His name's still on the HQ building. That alone tends to support "never had".

    8. Re:Partial credit by Anonymous Coward · · Score: 0

      If keyloggers were illegal, MS would be shut down since 10 has a keylogger and ever Windows version before 10 had a function available to enable keylogging by anyone.

    9. Re:Partial credit by Tharkkun · · Score: 1

      Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping. First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

      Wiretapping is legal and has some moral uses. We can correctly state that the person maintains the assumption of innocence while they are being wiretapped. Installing software to spy requires the assumption of guilt, and provides the means for the actors to create evidence.

      The loss of ethics and morality in the agency makes them a gestapo, not a public police force. I'm sure that is the intent of this, and literally thousands of other cases within the last several years. It's the Government against the public, until the public takes back the Government.

      Just because it isn't wiretapping in the legacy meaning of the word doesn't mean it isn't software based wiretapping. Installing remote software and using a keylogger is the same thing.

    10. Re:Partial credit by Anonymous Coward · · Score: 0

      So... whatever you think should be illegal is illegal? Because that is not, in fact, the case.

      Yes, warrants do allow them to do things the public can't do, like break into people's houses. They always have allowed things the general public is not allowed to do. Yes, they are sometimes abused. They exist so that the cops have to ask for permission first and so that this permission is a matter of public record, because we do in most places have the ability to vote to recall at least some bad judges for making bad decisions.

      There are limits to what can be warranted (search warrants let them SEARCH particular places & people, not kill anyone).

      What is illegal is using keyloggers without permission. I'm free to use it on my friend's computer (with permission), or my own computers. They have permission from a court. So your rant is simply a poorly-informed screed that reveals ignorance about how warrants work.

    11. Re:Partial credit by Registered+Coward+v2 · · Score: 1

      The only moral equivalency is in the receipt of a warrant, not the action the warrant supports. If i take what you said to it's extreme, as long as an agent got a warrant to kill someone it's fine. They had a warrant.

      Your extreme example is silly. Warrants are issued by courts to allow police to gather evidence, and bringing a ridiculous straw man doesn't change that.

      I find it very improbable that you are both completely ignorant and spouting lies unintentionally. Here is a test for you. Do what you just claimed is not illegal on a public computer. Make sure you wave to the camera and show them your ID. Let us know how it feels to plea bargain down to 2-5 years in Prison, if you can get it down that far. Just yesterday a reporter got 24 months for giving a username and password to someone.

      Maybe you wish to clarify your statement and change your claim to be "not illegal for the Government to do since they write the rules and can change the rules at will.". Which is the ethical part I previously said is a problem.

      Merely being illegal in one set of circumstances doesn't mean it's per se illegal. I can install all the key loggers I want on computers I own, and us the data how I see fit; allow though ethically I should let someone who is using the computer know I am doing it I may not have to do so legally. Either way, developing, owning an during a key logger is perfectly legal. I may not be able to install one on someone else's computer without their permission, but the act of installing it with their permission is perfectly legal.

      You are using bad examples and arguments to try to make an ethical case.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    12. Re:Partial credit by s.petry · · Score: 1

      My example uses _YOUR_ logic! According to your statement, the FBI can break into your computer (crime), install illegal software (another crime), and log all of your activities (outside of the scope of the warrant, so another crime), and they can do so because they had a warrant.

      I agree the logic is silly, and that is the point of showing the extremes of _your logic_.

      Pretty cool how you claim that it's not illegal after change the wording to specify "on computers I own", where in the case and point being discussed the FBI did this on computers they DID NOT own. Oh, and go ahead and install keyloggers on computers you own that other people can access. If you don't believe your wife can not have you prosecuted.. you are hilariously ignorant. It varies from jurisdiction to jurisdiction, but in most you will be guilty of violating Federal wiretapping laws.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    13. Re:Partial credit by Registered+Coward+v2 · · Score: 1

      My example uses _YOUR_ logic! According to your statement, the FBI can break into your computer (crime), install illegal software (another crime), and log all of your activities (outside of the scope of the warrant, so another crime), and they can do so because they had a warrant.

      I agree the logic is silly, and that is the point of showing the extremes of _your logic_.

      Pretty cool how you claim that it's not illegal after change the wording to specify "on computers I own", where in the case and point being discussed the FBI did this on computers they DID NOT own. Oh, and go ahead and install keyloggers on computers you own that other people can access. If you don't believe your wife can not have you prosecuted.. you are hilariously ignorant. It varies from jurisdiction to jurisdiction, but in most you will be guilty of violating Federal wiretapping laws.

      Thye had a warrant to install and collect the information, just like a wiretap. I'm nit sure where you get it was illegal because they didn't own the computer but that is what wiretaps warrants are for - to listen in to a suspect's conversation. Whether or not the FBI owned the computer is irrelevant, as is your rant that key loggers are illegal. As for violating Federal Wiretap logs, Federal courts have ruled it was not a violation. See: http://jolt.law.harvard.edu/di... As for state laws, those vary but Federal law does not vary from jurisdiction to jurisdiction it is a Federal law, not local. As for installing on your computer and using it to record keystrokes, those state cases were lawsuits not prosecution as you stated. In one case that was prosecuted key logger software was installed on somebody else's computer by his roommates; which is clearly different than installing it on your own; or under a court issued warrant. In short, you know not what of what you speak.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    14. Re:Partial credit by Dutch+Gun · · Score: 1

      Whether or not it's legal for a private citizen to install a wiretap is completely beside the point, which is that it's a law-enforcement agency that's doing this with a properly obtained warrant. These are NOT crimes for the government - only for private citizens. It would be absurd for official investigators to be bound by exactly the same rules as citizens, as citizens are obviously not charged with investigating and uncovering evidence to be used in a court of law. The warrant system is there in order to safeguard against abuses and provide oversight of this exceptional and dangerous power. And yes, obviously the government writes the rules and can change the rules at will. That's what our government does - it's called the legislative process. At the same time, there are checks and balances against writing any rule or law - the court system and ultimately the US Constitution.

      Obviously, there are many cases of abuse and over-reach by law enforcement, and we need to call it out when we see it. I just don't see an issue here - to me, this is exactly how the system should be working. Law enforcement need investigate and collect evidence against suspected individuals within the framework of the rules and laws we've established that help to protect individual liberties, while at the same time still allowing law enforcement to do their job, which is to go after individuals and organizations that break the law of the land. It's not a perfect system, because we're dealing with humans and human nature here, but in general, the process seems to work reasonably well. Or at least, we presumably haven't figured out a better system yet.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    15. Re:Partial credit by s.petry · · Score: 1

      You don't seem to understand what a warrant is. A warrant does not change the law and make the illegal legal. A warrant is a stay of prosecution, so that an officer can perform an act which is illegal without fear of prosecution. Hacking is illegal, and a warrant does not magically make it legal. It simply means that within the parameters of the Warrant the officers will not be charged with the breaking the law.

      That said, do you believe that the judge understood what the FBI was really requesting? Do you believe that the FBI was honest in their request? Do you really believe that the FBI maintained the boundaries of the Warrant given the evidence? Read it, the answers are No, No, and No.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    16. Re:Partial credit by s.petry · · Score: 1

      See this: https://slashdot.org/comments....

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    17. Re:Partial credit by Registered+Coward+v2 · · Score: 1

      You clearly have no clue so further discussion is a waste of time. HAND

      --
      I'm a consultant - I convert gibberish into cash-flow.
    18. Re:Partial credit by s.petry · · Score: 1

      Too funny. When you get proven to be wrong, run away mad. Immaturity across the board, grats on that.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    19. Re:Partial credit by Hognoxious · · Score: 1

      You don't seem to understand what a warrant is. A warrant does not change the law and make the illegal legal.

      In general? No. In a specific case? Of course it does.

      If I go and bundle someone into a car and take him away that's kidnapping. If a policeman does it and has an arrest warrant for that person it isn't. Because that's what a warrant is for and why it exists.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    20. Re:Partial credit by s.petry · · Score: 1

      Sure, search warrant != arrest warrant != bench warrant. But, in the case of an arrest warrant the police are not kidnapping someone, they have a specific name and set of rules for "custody" and use that terminology very intentionally. Just like a bank withdraw is not robbery, even though both actions take money out of a bank.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    21. Re:Partial credit by Anonymous Coward · · Score: 0

      No people just recognize that you are a troll with no facts to back up your opinion, it would be like trying to introduce Evolution to a Creationist preaching on a street corner, a complete waste of time

    22. Re:Partial credit by Ryanrule · · Score: 1

      what is "illegal software"?

    23. Re:Partial credit by Anonymous Coward · · Score: 0

      Vote Trump he's going to fire the FBI

    24. Re:Partial credit by Sabriel · · Score: 1

      "They had a warrant to install the software so it no different than a wiretap other than the point of collection."

      The difference is that a wiretap on the line between Ada and Bob doesn't have root.

      Or to use a Third Amendment analogy, it's the difference between sending a uniformed soldier up the telegraph pole to listen to someone's morse, and quartering an invisible soldier in that someone's house (where the soldier can easily forge the owner's morse).

    25. Re:Partial credit by Registered+Coward+v2 · · Score: 1

      "They had a warrant to install the software so it no different than a wiretap other than the point of collection."

      The difference is that a wiretap on the line between Ada and Bob doesn't have root.

      Actually both have the same root access as it allows a third party to capture all communications sent by the device, in one case a phone and another a keyboard. The technology used to collect the information is not important, what is is the information collected.

      Or to use a Third Amendment analogy, it's the difference between sending a uniformed soldier up the telegraph pole to listen to someone's morse, and quartering an invisible soldier in that someone's house (where the soldier can easily forge the owner's morse).

      An interesting, but flawed analogy. First of all, someone tapping a telegraph line can forge the sender's morse and possibly with practice even their fist. More to the point, where you attach a tap has nothing to do with quartering soldiers in time of peace or war. You could tap a phone at the source as well or simply bug a room to the same effect without raising a 3rd amendment concern.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    26. Re:Partial credit by Sabriel · · Score: 1

      A wiretap warrant involves government access to a public/regulated utility. A software warrant involves government access to a private residence. The former is a matter of "hi, we're the government, we have a warrant to tap line XYZ"; the latter is a matter of "let's sneak this into a citizen's private effects, on their private property, with only us in the know". And by "doesn't have root", I mean it can't create whatever false forensic trail you want within said citizen's private effects. If you insert your tap/backdoor/soldier in the middle, it can pretend to be one or the other or even both, but (1) if Ada and Bob are using proper encryption it can't fool both and might not fool either, and (2) encryption or no encryption, if a third party - e.g. a technical expert for the defence - audits Ada's and Bob's machines they'll figure out something fishy is going on. If you've got root on either person's machine, however, you can plant incriminating evidence that can be a lot harder or even impossible to show as fake no matter how good the defence's technical experts are, especially if you're a state actor with a state's resources to get the job done.

      "More to the point, where you attach a tap has nothing to do with quartering soldiers in time of peace or war."

      I do realise the Third isn't applicable for a number of technical legal reasons (and despite them all I'd argue it should be, but good luck with that, self) but please consider as a rhetorical exercise: /what/ is a soldier, and /why/ is it unconstitutional to quarter a soldier in any house?

    27. Re:Partial credit by Registered+Coward+v2 · · Score: 1

      A wiretap warrant involves government access to a public/regulated utility. A software warrant involves government access to a private residence. The former is a matter of "hi, we're the government, we have a warrant to tap line XYZ"; the latter is a matter of "let's sneak this into a citizen's private effects, on their private property, with only us in the know".

      They are allowed to "sneak this into a citizen's private effects, on their private property, with only us in the know" as long as they have a warrant. They can, for example, attach a GPS device to a vehicle to track it with a proper warrant. Whether they should be allowed to do that is a reasonable question, but so far SCOTUS has said it is OK.

      And by "doesn't have root", I mean it can't create whatever false forensic trail you want within said citizen's private effects. If you insert your tap/backdoor/soldier in the middle, it can pretend to be one or the other or even both,

      The issue here is a key logger, not a backdoor that allows root access to the system. I agree there needs to be a strong chain of custody to ensure someone hasn't added or modified the data collected, just as with any other evidence.

      but (1) if Ada and Bob are using proper encryption it can't fool both and might not fool either, and (2) encryption or no encryption, if a third party - e.g. a technical expert for the defence - audits Ada's and Bob's machines they'll figure out something fishy is going on. If you've got root on either person's machine, however, you can plant incriminating evidence that can be a lot harder or even impossible to show as fake no matter how good the defence's technical experts are, especially if you're a state actor with a state's resources to get the job done.

      That's why it is important to have a good chain of custody to prevent evidence tampering. To the root vs key logger issue, I think it is important that the methodology used to gather evidence be brought out in court so the judge / jury can decide on the facts presented. For example, if I were on a jury I'd be much more likely to accept that key logger collected data with a proper chain of custody is supports the prosecution than if a machine was actually rooted. If it was rooted, I'd be much more open to a defense argument that evidence could be fabricated or placed there by others with access than the accused, thus raising reasonable doubt as to guilt.

      However, as cryptography becomes stronger and widely used law enforcement needs to change their approach to gathering evidence and what methods they can and should use needs to be part of the public debate over privacy.

      "More to the point, where you attach a tap has nothing to do with quartering soldiers in time of peace or war."

      I do realise the Third isn't applicable for a number of technical legal reasons (and despite them all I'd argue it should be, but good luck with that, self) but please consider as a rhetorical exercise: /what/ is a soldier, and /why/ is it unconstitutional to quarter a soldier in any house?

      Yea, I figured as much and I'm sure many law review articles could be written over what exactly constitutes a soldier. You could argue the a key logger uses resources and thus imparts a cost to the homeowner and is a state actor and thus a soldier, or you could make a strict constructionist argument the framers intended it to mean a living person who serves in the armed forces and thus a key logger is not a soldier. Further, since ether government has defined intrusion into computer systems by foreign governments potentially as acts of war have they accepted the concept that a program is a "soldier" I ask rhetorically?

      --
      I'm a consultant - I convert gibberish into cash-flow.
  8. Wtf by Anonymous Coward · · Score: 0

    Wtf is this? The world's central source for what the FBI is doing? Every fucking day, numerous stories on the FBI, encryption and Apple. We fucking got it. The government needs your nude MMS messages in order to fight terrorist. Let it go. Please. Everyone is sick of this shit... The FBI this, the FBI that. It's really getting old. Isn't there ANY tech news other than what the FBI is having for breakfast? This just in! Someone from the FBI pooped!

    1. Re:Wtf by Anonymous Coward · · Score: 0

      Everyone is sick of this shit... The FBI this, the FBI that. It's really getting old. Isn't there ANY tech news other than what the FBI is having for breakfast?

      If it weren't for the tech sites covering encryption and government wrongdoing, it might not be public at all. Reporting on most mass media sites is slim. You may be sick of hearing about the topic, but you speak for nobody but yourself. If you aren't interested in a story, don't read it, and, most certainly, don't comment on it.

  9. Err, what? by wonkey_monkey · · Score: 3, Insightful

    FBI Tried To Defeat Encryption 10 Years Ago, Files Show

    They're probably trying to defeat encryption of some kind or another every single day.

    --
    systemd is Roko's Basilisk.
    1. Re:Err, what? by Anonymous Coward · · Score: 0

      Yeah. They've probably been dealing with encoded messages since their inception. If they couldn't crack a code, they probably just planted spies or bought off stool pigeons. Nowadays, the entire DOJ is their fucken stool pigeon...

  10. heh by Anonymous Coward · · Score: 0

    Actually I think this is fine and ok. And TBH beautiful. They used encryption but they didn't change their windoze. Of course FBI raped their asses. Next time use a proper OS, pick one from this list: distrowatch.com

  11. This is what the third amendment was about. by Ungrounded+Lightning · · Score: 1

    The third amendment was about this:

    No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.

    The practice of quartering troops in the homes in the occupied area wasn't just a matter of using up their resources to support the army. The troops served as spies against the citizens, hearing their conversations, going through their papers when they weren't looking, and so on, then reporting back to their superiors.

    Imagine how having a live-in military spy would affect the ability of members of a family to participate in any activity in opposition to the desires of their current rulers - no matter how benign.

    Spyware is exactly the same thing, at the electronic level: A software (rather than meatware) agent of the government, housed in the victim's premises, spying on all his activities, reading all his personal records and communications, reporting them all to its government controllers, and consuming his resources (disk space, RAM space, processor time, network bandwidth), to do so, and support his "life" in the process.

    So it seems to me that a case could be made that the Third Amendment prohibits government installation of spyware on private-sector computers, except during war - and then only under terms explicitly and publicly set out in law - and in a manner visible an obvious to the target.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  12. Do Not Allow This! by JimSadler · · Score: 2

    All too often we see people in high places entrusted with power turn into criminals. When spying tools are allowed whether it be decryption or wire taps or keylogging there is a huge problem. Those tactics can be used for all kinds of illegal reasons and be completely covert. Suppose you have developed a product that shows tremendous potential and some jerk in government peeks into your communications and then passes information to a third party to steal your ideas. Or suppose that some creep is seriously attracted to your wife or daughter and tries to get information to leverage her into servicing him? The problem is that tools developed for law enforcement will always tend to leak out and be misused. The threat from crime and terror nuts may be less than the threat of government run wild.

  13. what about chain-of-custody? by SkyLeach · · Score: 2

    If the government has write access to the computers without the suspects knowing then how can they prove chain-of-custody?

    forensics requires that once storage is confiscated it is read-only copied and then the original is stored with a hash to prove it hasn't been altered while only the copy is researched.

    In cases like this the government's word is the only proof that they aren't manufacturing evidence to take down groups that are making waves.

    --
    My $0.02 will always be worth more than your â0.02, so :-p
    1. Re:what about chain-of-custody? by Anonymous Coward · · Score: 0

      > In cases like this the government's word is the only proof that they aren't manufacturing evidence to take down groups that are making waves.

      Even chain of custody has this limitation.

      How do you know that the chain is valid? You have to take their word for it.

      How do you know that someone in the chain didnt alter the evidence? You have to take their word for it.

      How do you know that your read-only copy stored with a hash was valid? You have to take their word for it.

      NUH UH! I CAN VERIFY THE HASH!

      Uh-huh... assuming that they didnt alter it before generating the hash. Otherwise you just verified the altered data...

  14. How it should be done... by BlueCoder · · Score: 1

    One case and it went before a judge. (Homefully not FISA).

    They judge believed they had cause. It's called a warrant and due process.

    Hopefully the judge limited what information they could collect.

    What would be even better is if there were dedicated specialist teams to collect that information such that they aren't rewarded or motivated by any potential conviction.

  15. Multiple uses in 2003 by Anonymous Coward · · Score: 0

    FBI exploited my desktop through aol aim 0day (Linux version) in mid 2003 after i hacked a big voter database in Missouri. I was not arrested, but yea they 0wned my boxes.

  16. Thankyou! FBI by Anonymous Coward · · Score: 0

    How dare animals have any rights!

  17. A Clever Workaround...heh by Anonymous Coward · · Score: 0

    A virus, trojan, malware, a backdoor. Legit

  18. one off case athusued by a jduge by johncandale · · Score: 1

    one off case athusued by a judge. As long as they get a warrant for every case, specifying each computer or person, it's fine. Blanket warrents and no warrents are illegal