Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Bugs Keyboard of PGP-Using Alleged Mafioso

michael posted more than 13 years ago | from the pretty-good-break-in dept.

Encryption 301

Sacrifice writes "The Philadelphia Inquirer reports on a criminal case which will challenge the authority of courts to permit FBI agents to surreptitiously plant keystroke-monitoring bugs, which are not regulated by current federal wiretap legislation. Also, David Sobel from EPIC notes that it is now a matter of record that the FBI can, and does, conduct surreptitious entries to counter the use of encryption (see FBI application for breakin and the court order granting permission)."

cancel ×

301 comments

Sorry! There are no comments related to the filter you selected.

Re:Get worked up! (1)

Anonymous Coward | more than 13 years ago | (#579057)

> It's a flipping shopping list. Who cares?

> This is America! You aren't going to be persecuted for harboring seditious ideas.

> Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Which America are you living in? 'Cause in my America, prosecutors use purchases of serial cables as evidence in hacker trials, and police crack down on every major public demonstration to prevent people from expressing views the government doesn't want to hear.

It's naive to say that if you haven't done anything illegal, you don't have anything to worry about. Even if you're innocent, having to defend yourself against accusations in court can cause you tremendous emotional trauma, disrupt your personal and work life, and cripple you financially with legal expenses.

er.. (1)

Anonymous Coward | more than 13 years ago | (#579059)

okay, so they bugged suspected criminals.

how is this wrong?

Re:What's wrong with pictures of children??? (1)

Anonymous Coward | more than 13 years ago | (#579065)

I am a member of a minority sexual orientation

You mispelled "perverse".

Re:Calm Down! (1)

Anonymous Coward | more than 13 years ago | (#579066)

> The FBI clearly explains they want the warrant to get the guy's password, not so they can read his love notes.
> This is no different than the FBI drilling the lock to a safety deposit box with a search warrant, if you ask me.

If he's using PGP, then yes, it is quite different. A passphrase does more than just allow someone to decrypt messages. It establishes their identity in messages that they sign and send to others. If the FBI can install a keystroke logger on his computer, then they can grab the private keyring as well--and from there, they can impersonate him.

This could might end up being their undoing--IANAL, but it seems to me that simply possessing the passphrase makes it tainted evidence. Since the suspect is no longer the only person who knows it, from that point on, it can't be proven that any message signed with his private key and passphrase actually came from him. But the possibility of overzealous law enforcement agents manufacturing evidence still worries me.

Re:What's wrong with pictures of children??? (1)

Anonymous Coward | more than 13 years ago | (#579069)

you are a criminal, ergo there is a high degree of likelyhood you are a linux user. You are the third pedophile linux user I have met this week, and I only met 3, therefore all linux users are criminals and pedophiles.

I think you should be effectively castrated by the directed application of hot grits.

Re:Calm Down! (1)

psychosis (2579) | more than 13 years ago | (#579074)

Agree. Please realize that there is not a whole lot of difference here between a law enforcement agency putting a legal tap on your phone line at the switch, and putting a legal listening device in the room where the phone is. this way, if the suspect is using voice encryption, the tap is being performed BEFORE the encryption "layer".
And, for the conspiracy theorists out there, there is something called "INTELLIGENCE OVERSIGHT" that you should be very, very aware of. It prevents the collection of information that could be used for intelligence purposes on ANY U.S. CITIZEN without a legal judicial order to perform it for a specific purpose, between specific times, etc, etc. These things (as linked above) are pretty tough to get approved.
I'd be the first one to bring up Franklin's quote on having freedom vs. privacy, but, if you break the law with a car, you risk losing your driver's license; If you commit a crime and discuss it over the phone, you risk having a legal phone tap placed on your line; If you use computer software with predominantly benign uses (i.e. PGP) to hide evidence of criminal activity, you run the risk of losing that sheild to whatever means the law enforcement community can leverage without crossing the line of legality.
Realize that law enforcement has always had rights to mitigate a citizen's privacy AS LONG AS DUE PROCESS HAS BEEN FOLLOWED. This is an inherent requirement to do their job, and, knowing the restrictions placed on them, I think that almost all of the time that ethic is upheld. (There will always be screw-ups, but those responsible are held to their actions.)

Re:Okay- (1)

psychosis (2579) | more than 13 years ago | (#579075)

>>>>"The application for the authorization, submitted by Wigler, contended that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply."
>> Bullshit. The keystroke capturer is in the computer and the stuff is remotely downloaded to an FBI computer at a later time. Of course the original record lies in the keystroke capturer, but the copy or mirror is just as implicating.
Yep... Please realize that the supposition that the federal wiretap regulations were useless was made by the article author. The FBI DID get a wiretap order with a very specific intent - to bug the wires between his greasy fingers and the computer.
The way the author ran his quotes got pretty confusing, and I had to re-read it a few times to get it straight...

Re:er.. (1)

Troy Roberts (4682) | more than 13 years ago | (#579083)

Because they did not have to get the same sorts of permissions from the Justice Department as they would have had to get for a wire tap. But in essence they did the same thing as a wire tap, however, the wire tap laws only cover voice communications.

The point is that they can bug your computer much easier than they can bug your phone.

Should this be true?

Re:Calm Down! (1)

seichert (8292) | more than 13 years ago | (#579087)

Now, I know that a lot of people around here are going to go off and start screaming about having your rights violated, but the fact of the matter is that the FBI had a court order here! They had every right to tap this guy's computer.

To be clear , they met the constitutional requirement to search and or seize this man's property. To say they have "every right" is a bit strong as we do not know what this individual is suspected of. Perhaps he is guilty of circumventing the DMCA and this is yet another law that many do not believe in.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

Many laws are unjust. Many laws give government powers not allowed in the constitution. Making it harder for the FBI to enforce these laws sounds like a good idea to me. In doing so I will have to bare the risk that it makes it easier for real criminals (murders, rapists, thieves) to get away with their crimes. Remember that you are your first and last line of defense. Don't rely on the FBI or local police to protect you from violent criminals.

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

Honestly, the latter. I value my own rights and my own privacy over catching criminals. I believe there is a famous historical phrase about trading freedom for security (i.e. you will end up with neither if you do).
Stuart Eichert

Re:What's wrong with pictures of children??? (1)

nmarshall (33189) | more than 13 years ago | (#579107)

damn, /. needs a "+1 werd but rational" mod rating...

i could of moded you up, but your off topic...

while i will support your right to think as you do.but as an parent i wish here in the US ppl were more open to help those that need it. and yes as a parent i think you could use some help, but only if you what not to be that what you say you are.

IMHO ppl need sex bots, thus we all will be "saved" from harming others.

also PLEASE tell the other pedophile, homosexuals, etc, to STOP posting there pics in my usenet group! if i was looking for sex.with.young.chicks i would look there not in
alt.sex.cthulhu
not that i read alt.sex.cthulhu

much...


nmarshall

The law is that which it boldly asserted and plausibly maintained..

Re:There Has To Be A Way (1)

Snowfox (34467) | more than 13 years ago | (#579109)

There has to be a way to implement some manner of encryption between the keyboard and the OS, in which the keyboard mapping is jumbled and re-constructed via a random mapping once it reaches the OS. I'm no hardware expert but I would think some sort of device could act as an interface which the keyboard plugs into. Add some software to the PC and there you go.

If you're really that paranoid, carry a laptop, or at least carry your own keyboard with you. You could easily slip a Pfuca Happy Hacker keyboard [pfuca.com] in your briefcase.

This is worrysome. (1)

ff (35380) | more than 13 years ago | (#579110)

I think we should be fighting against any kind of grab for more rights that government agencies attempt.

More often than not, their interests are diametrically opposed to that of decent, freedom-loving people.

Isn't this illegal already? (1)

HerrNewton (39310) | more than 13 years ago | (#579111)

I thought search warrants had to be explicit in exactly what is being searched and possibly seized. Here, like Carnivore, it seems that a copy of everything is being seized. Like the article says, yea they'll get stuff on illegal gambling, but they'll also get personal correspondance, private documents, medical records, legitimate business documents, etc. are all captured by the device, documents which are arguably well outside of the FBI's need to know and would hardly constitute a specific search and seizure.

Or am I babbling? 4 hours of sleep in the last 48... finals nearing and all.

----

Re:Isn't this illegal already? (1)

HerrNewton (39310) | more than 13 years ago | (#579112)

Heh. And the funny thing is I don't even own a TV, nor do I watch TV...

----

Re:Its a lot harder on a laptop... (1)

HerrNewton (39310) | more than 13 years ago | (#579113)

one would more likely be able to always have a laptop in one's physical presence. Difficult to insert hardware under your nose.

----

Re:There Has To Be A Way (1)

HerrNewton (39310) | more than 13 years ago | (#579114)

What's a keyboard signal look like? An analog signal sent over a wire. We've got the technology to encrypt that, it's just a matter of encrypting it strongly enough so that it doesn't become the weak link in the chain. (ie one would PGP all your sensitive stuff and then put a plain text copy of your private key in a password protected zip archive.)

How complex would an analog key, something like an Enigma machine, need to be before it stopped being the weak link in the chain? And how would one tell the computer what the key is? Can't type it, after all, and using a mouse to type it leaves the mouse unencrypted...

----

Re:But even then... (1)

HerrNewton (39310) | more than 13 years ago | (#579115)

If someone breaks into the room whilst you're sleeping, would you not notice? Then again if they harass a college kid for looking at a site post crack and having books on BIND...

----

FBIEngineersAreWeenies (1)

jasha (42162) | more than 13 years ago | (#579116)

And, after countless manhours and taxpayer dollars, the FBI has been able to confirm that Scarfo's super-secret PGP passphrase is...

FBIEngineersAreWeenies

Re:mixed feelings... (1)

Kynes (45273) | more than 13 years ago | (#579118)

Because, as the article points out, this will likely establish new case law not because its mafia related but because the case will be put to test new means of surveilance for which no real law covers just yet.
IANAL, but that basically means that if this stands then the FBI/police can use the technology on just about anyone without any specific law ever being passed that gives them that particular right and it will stand up in court.

This means one of three things (1)

Greg Koenig (92609) | more than 13 years ago | (#579143)

Ignoring the aspect of FBI agents sneaking around and installing sneaky devices in peoples' keyboards, this means one of three things:

1. Nobody in the government (FBI, CIA, NSA) has the capability of easily decrypting PGP-encrypted files.

2. The FBI cannot easily decrypt PGP-encrypted files, but other government agencies (CIA, NSA) can but will not share.

3. The government can routinely decrypt PGP-encrypted files, but don't want to tip their hand to this ability. Therefore in order to explain how they have access to such encrypted files they have to install a device that could give them access to the files through a means other than decrypting them with sheer computing power.

Not electronic communication? (1)

Black Sabbath (118110) | more than 13 years ago | (#579165)

One thing that struck me as odd was the FBI's claim in their application for authorization that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply. Say what??? They mention in their application that they need to install "software, hardware and/or firmware". If this is the case, what kind of communication ARE they capturing? light beams? (fibre-optic tap?), thought waves?

The other thought that occurs is that this seems to be a case of the FBI doing what a lot of people who post to this forum claim as their "right". That is, to operate "beyond" (not necessarily "against") the law. ie since there is no specific law covering activity XYZ (notwithstanding specific laws covering similar activities), we can go ahead and do it. Any attempt to regulate or restrict activity XYZ is seen as an infringement of rights or an attempt at government/business/big-brother to restrict our freedoms.

It seems hypocritical to attack the FBI for taking advantage of a "hole" or "loop-hole" in the law (if that's what it is) when we all too often seek the same protection of the ability to take advantage of "loop-holes" in the law ourselves.

Just a thought.

Re:Calm Down! (1)

Ambush (120586) | more than 13 years ago | (#579167)

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list? The most valuable commodity I know of is information. - Michael Douglas as Gordon Gekko, Wall Street How ironic! First you indicate that personal information is no more valuable than a shopping list, then your .sig shouts about the value of information. Freedom has got to be more important than the illusion of safety.

Re:How incriminating can my keystrokes really be? (1)

mr_gerbik (122036) | more than 13 years ago | (#579168)

That may be true... but can it put me in jail?

by the way.. how did you tap my keyboard?!

Re:Get worked up! (1)

jallen02 (124384) | more than 13 years ago | (#579169)

So let me come in your house. Let me go look through your personal belongings, hell dont leave your door unlocked and put a sign that says, browse my house, I dont need privacy.

Its one thing to say "If you ahvent done anything illegal you have nothing to hide", And oh what a prty line that is, but it is so untrue. Some people are just private by nature, things are more meaningful and your security is protected by you maintaining your own personal privacy. So the what if it IS just a shopping list, its MY shopping list and not anyone elses, and I wish people would not be so willing to give up their freedoms people fought and died to preserve..

Jeremy

Re:How this seems to read to me.... (1)

gengee (124713) | more than 13 years ago | (#579170)

Blah. I wouldn't notice. At work, I sit at a desk with a wireless keyboard, wireless mouse, flatscreen LCD monitor, and all the innards hidden from me. So long as nothing abnormal were to happen, it would be unlikely that I would get out a flashlight and look for YAFBIDDFS (Yet another F.B.I.-Designed Device For Snooping).

signature smigmature

Re:Calm Down! (1)

gengee (124713) | more than 13 years ago | (#579171)

They had every right to tap this guy's computer.

Congratulations. You have frightened me. Have you ever heard the phrase "The right to be let alone?". While this was not explicitly stated in the articles of the US Constitution, I have trouble believing it was not meant to be inferred. The Supreme Court has said, as far back as 1834, the "defendant asks nothing -- wants nothing, but to be let alone until it can be shown that he has violated the rights of another." Wheaton v. Peters, 33 U.S. 591, 634 (1834).

Explain to me how it has been shown that any man has violated the rights of another before a trial. I could care less what the government suspects him of. Let a jury decide.

Warren and Brandeis understood this phrase to be a truth - As one could surmise from their famous dissenting argument in Olmstead v. U.S., 277 U.S. 438, 478 (1928) - The first wirtetapping case in the country - In which Warren uses the term. Through numerous U.S. Supreme Court decisions cited later in this article, this phrase has come to be associated with preventing invasions of the private sphere by the government.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

Boo-hoo. I call this FUD. Technology has not always been around. The government was not always able to so easily and woefully invade ones privacy. And quite frankly, I'm a little bit more afraid of the Government peaking in my windows, than I am of some low-level Mob member, trying to get me to play a game of poker.
signature smigmature

Private Conversation (1)

Gefiltefish (125066) | more than 13 years ago | (#579173)

Back in the day before digital communication, wiretapping, and listening devices I wonder what the authorities did to investigate and prosecute crime...

Two people who wanted to have a private conversation could just step aside or walk outside to have a completely privileged and private conversation.

While I would'nt suggest sliding back to some of the other pieces of the past, it still seems that people should be able to communicate with each other or (with this keystroke example) write completely private notes or whatever in their personal documents.

Do it yourself! (1)

Daniel Rutter (126873) | more than 13 years ago | (#579174)

Ah, another golden opportunity for me to plug my most recent review of a KeyGhost gadget, at www.dansdata.com/keyghost2.htm [dansdata.com] . If you've not read about this thing, and people who might want to spy on you for whatever reason have physical access to a workstation you use, you should. It's the most elegant mass-market hardware keylogger in existence at the moment. Takes a few seconds to install or remove, on anything with a PC-compatible keyboard.

No remote monitoring (they're working on that...), but it's simple, relatively cheap, and comes in various inconspicuous form factors. Distilled evil, in a small beige box.

Re:Could be much worse (1)

x-empt (127761) | more than 13 years ago | (#579175)

Fortunately Carnivore does help to lead investigators to people committing crimes by keeping logs of certain users/data. This is a Good Thing (tm) if the Carnivore beast does not log innocent civilian data.

I believe (and would hope) that the FBI should still be required to go through the courts before actually logging any data.

But I definately believe that this was NOT a violation of anyone's rights, so why was it included in the "Your Rights Online" section ?

Its a lot harder on a laptop... (1)

zaius (147422) | more than 13 years ago | (#579182)

One of the many reasons I use a laptop...

This will work itself out... (1)

Murellus (169500) | more than 13 years ago | (#579191)

I think we'd all agree that the FBI should be able to get wire taps, search warrants, or whatever as long as they go through the proper procedure and have a good cause. There is no real reason why this shouldn't carry over into the realm of the internet. The primary problem is that there will constantly be improvements in technology that allows people to be more secretive in what they do on the internet. At the same time, the FBI will be coming up with more and more ways to get around them. We aren't going to be able to have specific laws for each way that the FBI can monitor us or we won't be able to keep up. The courts are simply going to have to come up with some generalized guidelines for this type of thing.

Re:Calm Down! (1)

Fat Rat Bastard (170520) | more than 13 years ago | (#579193)

Lazarus Short - auto104604 at hushmail.com

Smell that??? That's irony.

My defense might be... (1)

xjosh (181149) | more than 13 years ago | (#579200)

Since a keystroke logging device cannot see any screen output or mouse actions, what is captured may not be what it seems.

How can someone reading the keystroke log be sure that it is "criminal data" rather than some really crappy abstract gangster fiction work. Can they be sure that "Whack Vinnie" is going into a to-do list rather than Word?

If that is true, then what bearing does the crappy fictional work have on this case? If what the government suspects to be the passphrase appears in that crappy fictional work, should they have not minimized it? Doesn't that make the passphrase essentially unusable?

I know it's a bit of a stretch, but the gist of what I'm saying is this: If the government sees only half (or less) of the picture, they cannot presume to know that what they are seeing is definately relevant to the case. Taken further, if the government cannot know that the material is relevant, then they cannot attempt to use parts of that material to build their case.

what does your keyboard weigh? (1)

referee (191944) | more than 13 years ago | (#579203)

"It weighs a few grams, and unless you . . . routinely weighed your keyboard, you'd never notice," he said

"I can't believe good security now involves weighing my keyboard." -Nicodermo Scarfo Face-o

Scary enough (1)

Ummite (195748) | more than 13 years ago | (#579204)

"Anything he typed on that keyboard - a letter to his lawyer, personal or medical records, legitimate business records - they got it all," said Donald Manno, Scarfo's longtime lawyer. "That's scary. It's dangerous," he said. We all know this. Wiretaping will always be litigious. But, I think in some case it's more than correct to use all technological ways to sentense someone, when real reasonnable doubts are in case, and I think it's one.

But even then... (1)

achurch (201270) | more than 13 years ago | (#579206)

If it's on your person, the FBI would have a very difficult time getting to it without your knowledge.

Who's going to watch over it while you're asleep? And how do you know they're not an FBI spy?

--
BACKNEXTFINISHCANCEL

Who cares if he was "Familia" or not... (1)

Zecho (206792) | more than 13 years ago | (#579208)

I for one don't want anyone screwing around with my machine, hell my wife doesn't even touch it. <disclaimer> Not that I have anything to hide really, and not that there are any illegal activities being committed with this machine. </disclaimer> I want my privacy. No matter how many Jimmy Hoffa's are buried in my basement!

(Note to FBI: there are no Jimmy Anybodys buried in my basement)

Re:Keyboards with Smartcard slots? (1)

Technician (215283) | more than 13 years ago | (#579214)

And what is your keyboard going to output on the connector that has the recording box?(firmware) Later, they just push "play" and the computer does not know there is no care in the keyboard slot. They have a record of the whole thing. I would not use an external attached reader except in a location where the computer had physical security and limited access for any secure stuff.

Re:What will your defense be... (1)

Technician (215283) | more than 13 years ago | (#579215)

What will your defense be when your captured keystroke password opens the previously captured encrypted file? They were specificaly looking for a password to a file they already captured.

OS independent (1)

Technician (215283) | more than 13 years ago | (#579216)

wow! That is not good. Even your boot up root password is not safe from this. Dual boot isn't safe.

Re:Plug and play keyboard sniffer (1)

Technician (215283) | more than 13 years ago | (#579217)

Change keys often! Emulate a code hopping device. Anything new captured would be useless on an old file they already have.

Re:How do you stop this? (1)

Technician (215283) | more than 13 years ago | (#579219)

Yes,

1 Good monitored alarm on the house

2 Locked desk

3 Handheld PC for other e-mail account.

4 Hidden datalogger on phone line and alarm sensors. Outgoing call from alarm (before reset) can be logged. A furnace "energy usage" meter is a good cover for a datalogger. The alarm company does not know your PIN after you change it. The alarm should trip before they can enter service mode. Wireless sensor in desk trips "other" silent local alarm and datalogger. Datalogger should display "number of cycles" and "time of last cycle". This will alert you if you were visisted since you left for work in the morning. Check and set both alarms everytime you go out and check the datalogger everytime you return. Monitoring companies are useless in the visited by FBI department.

Re:Its a lot harder on a laptop... (1)

Technician (215283) | more than 13 years ago | (#579220)

I noticed in the FBI request, they asked for a time extension as the target computer was not at the target location. It had been moved. This prevented them from installing the password capturing stuff. Physical security is important folks! If they can't touch it, they can't hack it!

Re:How do you stop this? (1)

Technician (215283) | more than 13 years ago | (#579221)

I prefer "warrenty void if removed stickers". Not the generic kind, but ones that tear apart and have a computer shop name on them. They can not be replaced by a generic as it would not be the same. One over a screw hole does the trick.

Re:but... (1)

radiashun (220050) | more than 13 years ago | (#579224)

Could it possibly be something like this? [slashdot.org]

Now I realize that this is a complete keyboard, but surely the FBI can reproduce the same type of hardware-based logging mechanism that this thing uses.

The one problem with this. (1)

bobwhitethegreat (223322) | more than 13 years ago | (#579228)

I do not see a problem with using this as a form of wiretap for criminals. Where I do see a problem is the fact that PGP has uses for digital signatures, etc. With something that could be potentially legally binding, etc (which talking on the phone is not), having your secret key/encrypted secret key coupled with passphrase allows someone to completely impersonate another. Messages could be posted from the other person, and everyone would see a valid digital signature. The FBI are known to make mistakes occasionally, they certainly need to aprehend the criminals. However, some things need to be placed in the way so that if there is a mistake made, they will continue to protect the citizens. The _possibility_ of a secret key being released can actually be quite devastating.

Re:How do you stop this? (1)

RandomPeon (230002) | more than 13 years ago | (#579232)

For the very paranoid, mark lines would also be helpful. Take a marker/pen and make a little mark where the parts of the case and keyboard meet up. You'll know if anyone opened it because the line won't match up anymore.

Read this in a book once, don't actually do it.

The bright side (1)

Elby 23 (234458) | more than 13 years ago | (#579233)

I think the bright side of this is that it shows that the FBI does not have the ability to break strong encryption.

Unless this is a massive FBI troll to make people BELIEVE that they don't have this ability, of course.

Or, maybe this is a conspiracy by the FBI to make people THINK they have the ability to crack encryption by making what appears to be an obvious move to convince everyone they DONT have the ability.

Yeah.

The did capture communications (1)

gte910h (239582) | more than 13 years ago | (#579235)

If they caught him writing an email that he sends, doesn't that count as communications?

Re:How incriminating can my keystrokes really be? (1)

zedaar (243633) | more than 13 years ago | (#579238)

Probably not, as he'd have them all bookmarked...

Re:There Has To Be A Way (1)

zedaar (243633) | more than 13 years ago | (#579239)

Encryption between the keyboard and the OS would be OK, I guess, but it depends how "close" to the keyboard the bug is.. If it's at the computer end, fine, but if the bug is in the keyboard itself... The keyboard has to recieve the keys you type in clear at some point before it could encrypt them and send them to the computer. You'd just have to learn to type in 1024 bit RSA to get around that one.

Re:Calm Down! (1)

dasunt (249686) | more than 13 years ago | (#579241)

tewwetruggur writes: So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

Its a fine line we tread these days between our rights, and the powers we give the government. I'm not sure about you, but I wouldn't want my privacy invaded just because I *might* be involved with the mob, terrorists, or child pornographers. To get a search warrent and/or a wiretap, the police have to go through a judge, which (theoretically) provides a check against abuse. Otherwise, what prevents law enforcement from monitoring everyone to prevent crime? Human beings need their privacy, I wouldn't like my entire life to be examined by another human being, and I'm pretty sure you don't either. Sure, stricter laws will catch more criminals, but the same laws will infringe on the rights of non-criminals.

I believe there is something seriously flawed about a system of law and order that assumes everyone is a criminal. The default assumption of law enforcement should be that everyone is a law-abiding citizen, and they should have to show evidence to the contrary before they can invade an individual's right to privacy.

Just my $.02

Okay- (1)

perdida (251676) | more than 13 years ago | (#579242)

For starters, IANAL. All paragraphs in quotes are taken from the Inquirer piece

"A wiretap or room bug also would have required authorization from the Attorney General's Office as well as court approval, defense lawyers say. And it would have required investigators to "minimize" - not record or listen to - conversations unrelated to the focus of the investigation."

The FBI, as discussed in Carnivore controversy, often ignores possible precedent laws (in this case woretap) when there is a new technology. If the previous law's spirit remains true, the FBI violates the law by having a record of all conversations. Depending on what the computer is used for, they may be violating the privacy of customers and family members, so the good evidence they gather may be inadmissible in court if the previous laws are proven to hold even partially true.

"The application for the authorization, submitted by Wigler, contended that as "there will be no wire, oral or electronic communications captured," federal wiretap laws did not apply."

Bullshit. The keystroke capturer is in the computer and the stuff is remotely downloaded to an FBI computer at a later time. Of course the original record lies in the keystroke capturer, but the copy or mirror is just as implicating.

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered."

If THIS decision is held up, it will place different freedom levels on "speech" and "data," in which data will be considered open and available to any search and unprotected by freedom of speech or privacy laws.

"Typically, information from the device would be downloaded from a remote location, he said, and the downloading process could take seconds to minutes. The result would be a "mirror" of whatever was tapped into the keyboard."

Let's say the mobster discovers the downloading process and shuts off his machine. Do a team of FBI agents pound his door open at that point?

CORRECTION: IL-legal (1)

perdida (251676) | more than 13 years ago | (#579243)

"FBI attorney: The suspect uses something called PGP, which prevents us from viewing his email and, combined with other evidence we have gathered while surveiling him, constitutes probable cause that he is using his computer for legal activity."

should read IL-legal activity, of course. :)

Is this ignorance, and on whose behalf?? (1)

noz (253073) | more than 13 years ago | (#579246)

> "Tommy, I want you to go down to the store..." > "And rob out the shopkeeper, Godfather?" > "No you stupid idiot! I want you to close down our network and check for check for holes!" > "But Godfather, we're encrypting all of our traffic...??" And who's breaking the law here? The Mafioso, or the Feds??

mixed feelings... (1)

tewwetruggur (253319) | more than 13 years ago | (#579248)

Yes, the whole Big Brother stuff is pretty damn creepy...

On the other hand, we're talking about a mafia bookie... like I should feel sorry for 'em?

Not.

Just keep the damn horse heads out of my bed, thank-you.

Re:Calm Down! (1)

tewwetruggur (253319) | more than 13 years ago | (#579249)

Man... you almost seem too level headed...

What I think too many of the rights-violation-screamers seem to forget is context... strip away the technology issues and just look at the FBI fighting crime... compare this case to what the Hoover administration was know for... hell, this FBI is all warm and fuzzy compared to the "good old days"... you want your righs violated - I can think of a lot of ways we could all be a LOT worse off...

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

'nuff said

Re: Your Sig (1)

Petrophile (253809) | more than 13 years ago | (#579250)

It's a real good ol'fashioned pants-shitting laugh riot. Oh god, my side hurts from rolling on the floor laughing my big fat uncle-fucking ass off.

Wake up call? (1)

os2fan (254461) | more than 13 years ago | (#579252)

The wake-up call is not that the spooks are trying it, but that it can be done. Since the law enforcement officers has to convince the judge that what they did is right, there is this protection from then.

But that does not stop others ....

Re:Wake up call? (1)

os2fan (254461) | more than 13 years ago | (#579253)

The point is that the technology exists, and that ASIO (or FBI or whatever) are not the only ones who may want to snoop.

We are seeing the leading edge of what is now large scale computer snooping, eg Carnivore.

Eventually, a lot of crunching external data may become legit, like SETI@home is. It's not that far off that we'll start seeing `commercial in confidence' snooping.

Also, you don't need to nail the person on the collected data, all you need to do is alert that this person is worth watching, and nail on some legal-to-collect thing.

And being companies, there is little around the commercial in confidence stuff, and even less if there is a one-way ID system. [eg file `os2fan' contains no references to file `votegeek', but file `votegeek' contains commentry on `os2fan'.

Scary, hey.

Re:(Not So) Easy Answer (1)

Timmaay! (254812) | more than 13 years ago | (#579255)

BUT... Would that not give the authorities more reason to use keystroke-loggers and other such technology?? If they have to wade through a (possibly) nightmarish brute-force attack just to get the grocery list you sent to your spouse, they'll end up doing one of two things if they want to find out what you're sending:

  • Get better hardware to do the brute-forcing in a more timely fashion.
  • Fight for judicial, congressional, and executive approval to the use of keystroke-loggers, etc. because they need access to the encrypted data.

While I don't believe that we should all completely switch to encrypted communication, I do believe that there is a need for it. As such, the only way to avoid having every encrypted message decrypted by "big brother" is to provide enough other encrypted traffic (jokes, random chatter, etc.) along with it to make their jobs more difficult, but yet still feasible under the current laws we have.

Hard to decipher keystrokes (2)

Anonymous Coward | more than 13 years ago | (#579260)

[Judge] And what are these pages of mysterious keystrokes I see on the transcript?

[FBI] Your honor, our best cryptographers have struggled with this for 5 months, using elaborate supercomputer analysis, and couldn't crack the code. It must be an incredibly well-crafted keystroke encoding, requiring extreme training to use at the speed it was typed.

[Judge] Defendant, can you tell us what it is?

[Hacker] Yeah sure, I was playing Quake for 3 hours.

Re:Calm Down! (2)

FiNaLe (4289) | more than 13 years ago | (#579266)

Who types their shopping list anyway?

Perhaps into the palm desktop to sync, but just to print out, I mean, come on... And if you can sit down and type it in one sitting do you really need the list?

Plug and play keyboard sniffer (2)

hrath (5792) | more than 13 years ago | (#579268)

In case you ever have the legitimate need for logging keystrokes you can purchase a plug and play device at www.keyghost.com [keyghost.com] . This device connects between the keyboard and computer and looks like a small keyboard adapter. They also sell versions where the device is integrated inside a keyboard. It can later be unplugged, activated via a password and then replay the keystrokes.

I don't condone the use of such a tool, but people should be aware that this stuff is readily available.

regards,

Heiko

Re:There Has To Be A Way (2)

Seumas (6865) | more than 13 years ago | (#579269)

Actually, I work from home so neither my laptop nor any of my computers are ever out of my site other than the few hours per week that I'm out of the house.

Of course, another cool tool would be something that would generate random crap when your computer is idle so that when the little bug tries to upload data to its home -- all they get is about 80 words and 1,999,980 random keystrokes.
---
seumas.com

Spies in sandcastles shouldn't throw waterballoons (2)

Graymalkin (13732) | more than 13 years ago | (#579273)

Here's a tip for those interested in really keeping your shit secret. Secure communications are a start but don't counteract things that are purely physics problems. Computers are noisy little RF emitters and with the right equipment you can pick up these RF emanations and translate them into data. To keep the FBI and others away from your computer use a laptop and keep the fucking thing with you all the fucking time. Encrypt all the data on it and keep the keys with your lawyer (have him keep them as part of attourney-client privilages). Besides keeping everything encrypted, keep everything encoded. Speak in code and write in code, codes that are indistinguishible from noise. Once you turn your computer on, do so inside of a shielded room and connect things together with shielded cabling. Monitor all lines coming into your house and keep records of attenuation. A quick search of google about TEMPEST, Van Eck phreaking, or electronic surveilance can provide you with lots of info to defeat eavsdropping. Tell the J. Edgar's to go fuck themselves.

Thoughts... (2)

KFury (19522) | more than 13 years ago | (#579275)

  • Use keycaps to mouse out all your ilicit messages
  • If they intercept your PGP passphrase, all the encrypted communications they've intercepted already can now be decoded.
  • I bet you could rig up a pgp keyboard, but then they'd just put actuators under the keys themselves.
  • Use a Bluetooth keyboard with encryption, and keep the keyboard under your control at all times.
  • Use a laptop (see above)

Kevin Fox

And yet more reason --- (2)

HerrNewton (39310) | more than 13 years ago | (#579287)

To use a laptop which can be kept in your physical presence at all time. If one was going to do something illegal and needed to keep records which would clearly attest to the illegal thing, wouldn't you want to keep a close eye on those records? ie, a laptop or a palmtop? If it's on your person, the FBI would have a very difficult time getting to it without your knowledge.

----

Re:er.. (2)

Kwikymart (90332) | more than 13 years ago | (#579300)

Well, that is a huge problem. When a judge or somebody gives the ok for a search warrant (ie, sneak in) he may not understand all the circumstances. Face it, judges probably know dick all about what is right or wrong on the internet. All they can do is horribly apply what they know to each circumstance they come upon. I wouldnt be suprised if they just start handing out search warrants left and right just because they dont understand what they are really doing.

eg1 )

FBI wants a search warrant. They tell the judge the current situation that Mr. S. Kiddie was found talking about hacking utils that were used in some major .com corporation crack . The judge would then authorize the search warrant because there is reasonable and probable grounds that he was the one that did.

How is this different from being suspected to have a gun that matches the description / make of the one that shot some guy? This person probably linked somewhat to the case, say, a neighbour or friend of the family? How, from a judges perspective, is this different from having the weapon "cracking util", and the link to the case "being one of those pesky internet hackers".

When a judge applies his knowlege and the constitution to something that was complety foreign during the time its conseption, there is bound to be a disrepencies here or there. Its simply just another situation where law is being misapplied to something that it was never thought to be under the juristiction at the time.

(excuse me bad speling plus gramar)

Why they need your keystokes (2)

Nonesuch (90847) | more than 13 years ago | (#579301)

The suspect uses PGP. Like many other cryptographic systems, his email, stored messages, and other information the FBI would like to use for evidence are stored encrypted.

The FBI could obtain a search warrant for his computer and email messages, but this would only get them the encrypted messages, and the encrypted version of his decryption key.

The ability to "wiretap" his keyboard is the only way (short of torture, or taking several years to brute force the key) to obtain the "passphrase" that unlocks his encryption key, turning all of that meaningless random data into human-readable incriminating evidence.

Personally, I tear apart my PC every week or so (not solely from paranoia), and I think I'd notice any extra little boxes on the keyboard port.

Between that and keeping the machine in my hidden copper mesh closet with filtered DC-power and fiber-optic ethernet under 24-hour gaurd by a specially bred pack of mute doberman attack dogs, I'd say I'm fairly safe.

Just remember- always ground your faraday cage to a cold water pipe!4

Re:Calm Down! (2)

acecccp (102351) | more than 13 years ago | (#579304)

The fact that the only thing of value to the FBI from my keystrokes might be my shopping list is irrelevant. The same argument can be used in stating that people should have no problem with government agencies monitoring everything they do for no reason at all.

I'm not trying to say that FBI having the ability to monitor people's keystrokes is a bad thing though. It is only a minor expansion to its already existing powers, most of which are in my opinion, necessary.

It is however, dangerous to use this type of thinking when deciding on an issue like letting someone take away people's rights.

How incriminating can my keystrokes really be? (2)

mr_gerbik (122036) | more than 13 years ago | (#579305)

One problem that arises here, for the FBI at least, is that most of the time they will only get half of the story. Sure, they can read my keystrokes.. but what good is that when my keystrokes are "p i n e" to check my mail from my mob boss. As long as I reply with "yes, I will deliver the goods" rather than "yes, I will kill your wife" I'll be in good shape. For any smart criminal, I would think it would be standard practice to speak with in a non incriminating manner. Besides, I wouldn't expect my computer to be any safer than my phone, especially if I was a novice who doesn't know how to cover my "digital ass".

-gerbik

Re:Get worked up! (2)

aozilla (133143) | more than 13 years ago | (#579308)

Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.

Are you saying you've never done anything illegal?

Re:Why they need your keystokes (2)

aozilla (133143) | more than 13 years ago | (#579309)

Unless he was smart, and stored his encrypted key on a disk or (probably credit card sized) cd. Then the passphrase won't do them any good, will it?

Re:Calm Down! (2)

shepd (155729) | more than 13 years ago | (#579312)

>Calm Down!

Totally agreed. The FBI clearly explains they want the warrant to get the guy's password, not so they can read his love notes. This is no different than the FBI drilling the lock to a safety deposit box with a search warrant, if you ask me.

Which brings me to my next point:

>Which is more important.. ...or protecting yourself from having some FBI bureaucrat reading over your shopping list?

That is wrong, IMHO. For the same reasons it is wrong for an FBI agent to abuse his power to check out the family jewels in my safety deposit box for his amusement. Search warrants aren't to spy on items that make no litigious sense (and a shopping list is not good evidence unless it includes copious amounts of fertilizer and gasoline). They are to gather evidence against serious criminals.

I think there's a fine [undefined] line between protection and spying. Breaking the law defines that line.

Just my 2 cents.

Re:Calm Down! (2)

Fat Rat Bastard (170520) | more than 13 years ago | (#579316)

So, it's pretty clear that in the end, government nosiness is a good thing. Think about it.

Of course it is. Look at the old Soviet Union. The Soviets prided themselves on having cities that were safe enough for women to walk around alone at night.

I think the police should have the right to enter your property at any time they see fit without a court order. That way we can rid this country of drugs, child pornography, weapons, "subversive" materials. After all, you shouldn't have anything to worry about if you haven't committed a crime.

How this seems to read to me.... (2)

AudioPunk (202103) | more than 13 years ago | (#579319)

Correct me if I'm wrong here, but here's how this reads to me.

FBI request : There's this bad mafia guy. We've got reasonable proof that he's doing Bad Things (tm). Instead of a phone tap, we'd like to do a computer tap to collect enough information to get him.
Court order : Yup, he's bad. Go get 'em.

That doesn't seem too crazy. What seems almost silly is that they ask for permission to install software, HARDWARE, and FIRMWARE?!?! Ok, anyone who can't tell well enough that someone has been messsing around with their boxen physically and put in new hardware shouldn't consider themselves very sneaky and need to get out of the Bad Things (tm) business. I mean it's like coming home and having a new random ceiling fan appear in your living room with a silver orb in the middle instead of a light globe(think mall security) and a mic for a pull cord. Duh!

As long as the FBI still have to get court orders that need to show reasonable proof you're doing something bad, I don't see privacy issues getting too bad. It's just when they're allowed to have manufacturers install hardware to transmit everything you do to a data base to try an filter out what illegal activity might be going on (be wary those adopting wireless LANs)that I'll get somewhat worried.

Wire Tapping vs. Key Stroke Monitoring (2)

BobTheWonderchicken (209244) | more than 13 years ago | (#579320)

I consider often the stuff on my computer more precious than what I would say in a phone call. The work on my computer is much better thought out than a phone call and therefore could be much more incriminating.
I think that key-stoke monitoring needs to be at least as protected as wire-tapping by laws.

Well now, this is interesting... (2)

bhalvors (236837) | more than 13 years ago | (#579321)

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered." So, they agents had a valid order from a judge of competent jurisdiction, so in their minds, what they were doing was legal. OK. Fine. The interesting bit, as I see it, is that in essence what they acquired was a non-expiring search warrant on a persons computer. That is a really neat trick. And you all thought that hacking *nix was cool, hacking the law, now thats a feat! Seriously though, as I understand it, don't the fibbies have to leave a copy of the warrant at the scene? If so, wouldn't it have been wise to read it? If so, then would'nt it have been even wiser to hire a geek to check out your system, and "flush" everything (except your bookmaking files of course!). Just a thought.

Re:Calm Down! (2)

Lazarus Short (248042) | more than 13 years ago | (#579322)

Actually, the Hoover administration got something of a bad rap. Admittedly, it's somewhat arguable that they did get a bit overzealous at times, but those were generally isolated incidents, blown way out of proportion by the "yellow journalism" that was so prevalent at the time.

What's more, I saw some very interesting statistics just the other day (Of course, I can't find the link now!), that showed a very dramatic reduction in certain types of violent crimes that began shortly after Hoover took charge, and ended again just as he left. So, it's pretty clear that in the end, government nosiness is a good thing. Think about it.

--

Re:Get worked up! (2)

Lazarus Short (248042) | more than 13 years ago | (#579323)

I think you're serious, so here's my answer: It is more important to me to protect myself from having FBI agents (not bureaucrats, agents)
They may be "agents" in name, but that doesn't mean they're not bureaucrats in reality. Honestly, you think the guys that took down the Montana Freemen or those cult memebers in Waco are the same guys who sit in a lab deciphering the output of little elecronic devices? Really.
reading my shopping list,
It's a flipping shopping list. Who cares?
my political manifestos,
This is America! You aren't going to be persecuted for harboring seditious ideas.
my notes on how to protect myself from script kiddies (proof positive that I'm a hacker, after all),
Again, you're being paranoid. If you haven't done anything illegal, you have nothing to hide.
and my (probably) fictional account of Dubya and Jim Baker exchanging bodily fluids (not intended for publication).
Well, now, that could be libelous... but again, if you don't acutally publish it, you're perfectly safe.
The FBI has proven that it is not above using its power for political purposes.
Details instead of vague accusations, please?
If the FBI were not free to violate the 4th amendment, we wouldn't have anarchy -- we'd simply have a tolerable FBI. Do you really believe they'd have (your words) no power if they had to respect the 4th amendment?
Read the Fscking article, man! They did respect the 4th amendment. They had a court order!

--

Re:Calm Down! -- Carnivore & Other FBI Stories (3)

Anonymous Coward | more than 13 years ago | (#579324)

I don't think you are aware of the FBI's history with repect to monitoring its citizens. An example of recent events was shown on Monday night's 60 Minutes. [cbsnews.com] Two citizen's are in jail right now because of 24 hour FBI monitoring allowed by the law (when the law is misapplied). The FBI went to great lengths to misapply the law.

"notable for its lack of evidence" [washington...center.org]

"a secret court made up of anonymous judges" [mediafilter.org]

"secret permission can be obtained to break in and tape conversations without Fourth Amendment guarantees" [shepherd-express.com]

In this example, the FBI had a court order -- a secret court order -- giving them every right to tap these guys' lives.

Your slippery slope argument of total anarchy resulting from the FBI not being allowed to invade the privacy of U.S. citiznes is ridiculous.

I am a lot more concerned about the FBI reading my personal files and deciding I'm a criminal and the consequences of that than any "mafioso", child pornographer, or terrorist. Unlike the latter group of "criminal" elements, the FBI is actually in a position of power such that it can destroy my life if the FBI so chooses.

There Has To Be A Way (3)

Seumas (6865) | more than 13 years ago | (#579327)

There has to be a way to implement some manner of encryption between the keyboard and the OS, in which the keyboard mapping is jumbled and re-constructed via a random mapping once it reaches the OS. I'm no hardware expert but I would think some sort of device could act as an interface which the keyboard plugs into. Add some software to the PC and there you go.

Just a thought. Maybe it's a dumb one.
---
seumas.com

Re:Calm Down! (My Shopping List) (3)

Mick D. (89018) | more than 13 years ago | (#579333)

eggs

kitchen timer

matches

flashbulbs

batteries

kerosene

glass bottles(emptied milk or juice bottles will due)

tubing

several feet of wiring

anarchist's cookbook

(Begin Rant)Whether these things are for a science project or some nut with half a brain it is their right to WRITE IT in private without some other nut with the other half of the brain breaking the door down when a VegiOmniCarniWhateverBot starts blaring "Danger Will Robinson, Danger Will Robinson!"(End Rant)

The Public Key Keyboard (3)

Nonesuch (90847) | more than 13 years ago | (#579334)

I'm not sure if it's a solution, but it certainly is possible to implement a cryptographic keyboard.

When I read stories such as this one, a saying common in the security industry immediately comes to mind:

Physical access trumps all.

If the "attacker" (in this case, the FBI) can obtain physical access to your system, just about any protection can be broken. Perhaps with a laptop that you keep on your person at all times, you might be able to feel secure, assuming you can trust the operating system, the laptop manufacturer, the CPU and auxillary chip production plants, and the original chip designers.

Stare too long into the abyss of paranoia, and the abyss starts to stare back...

Re:Calm Down! (3)

Nonesuch (90847) | more than 13 years ago | (#579335)

If you use computer software with predominantly benign uses (i.e. PGP) to hide evidence of criminal activity, you run the risk of losing that sheild to whatever means the law enforcement community can leverage without crossing the line of legality.

Realize that law enforcement has always had rights to mitigate a citizen's privacy AS LONG AS DUE PROCESS HAS BEEN FOLLOWED. This is an inherent requirement to do their job, and, knowing the restrictions placed on them, I think that almost all of the time that ethic is upheld. (There will always be screw-ups, but those responsible are held to their actions.)

One interesting question is, how far can they go to "mitigate a citizen's privacy"? This case shows that they can go so far as to "bug" my keyboard to obtain my PGP passphrase.

How much longer before they follow the lead of the U.K. and have the ability to imprision me for refusing to provide my cryptographic key.

Where does the 4th amendment end and the 5th amendment begin?

Re:You are naive. (3)

aozilla (133143) | more than 13 years ago | (#579337)

Besides, I bet there's not one person reading this who hasn't done anything illegal. Let's forget for a moment traffic offenses and focuse on criminal ones. Did you ever smoke before you were 18? Drink before you were 21? Use an illegal drug? Sneak into a movie theatre without paying? Eat a grape in the supermarket? Commit a drive-by shooting? Did you pay for Netscape after the trial period? How about Winzip? How about winamp, before AOL made it free? Do you own any mp3s that you haven't gotten permission from the copyright owner for? Ever make a copy of a videotape without permission from the copyright owner? Did you ever use RSA for commercial purposes (such as at work) before the patent expired without paying? Did you put in your real information when you obtained a licence to use Real Player? Ever participate in a super bowl pool? Ever install a copy of software you weren't legally licensed to install (including shareware after the trial period had expired)? Have you ever mutilated a U.S. coin? Do you report all items that you've bought over the internet or in another state but not paid sales tax on your state income tax? Have you ever fudged a number on any of your income taxes?

Have you ever knowingly allowed someone to do any of these things, and therefore been guilty as a co-conspiritor?

Now, assuming that you have done at least one of these things, should you have gone to jail? On the other hand, if you haven't done any of these things, and think you've never done anything illegal in your life (including knowingly allowing others to do illegal things), I'd like to hear from you.

Cutting edge? (3)

baldeep (213585) | more than 13 years ago | (#579342)

Since when is a microcontroller and a battery cutting edge? I want to know what about this keystroke recorder is so freakin' high tech that they can't even talk about it.

Calm Down! (3)

Lazarus Short (248042) | more than 13 years ago | (#579343)

Now, I know that a lot of people around here are going to go off and start screaming about having your rights violated, but the fact of the matter is that the FBI had a court order here! They had every right to tap this guy's computer.

If the FBI couldn't do things like this, they'd have no power to enforce the laws of this country, we'd have total anarchy, and having someone monitor your keystrokes would be the least of your problems!

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

--

Keystroke taps get EVERY keystroke, even pre-^H (4)

isaac (2852) | more than 13 years ago | (#579344)

Remember kids, your keystroke logger records EVERY keystroke. Typed out a phrase that might be a little too strong, but then thought better and erased it? Logged. No opportunity for revision, as soon as you press the key the FIRST time, the event is recorded, even if it was never saved to a file/sent in email/sent in chat.

You could type "I accept suitcases full of cash in exchange for contraband" at a random and inappropriate time, and it would be logged, even though your sentiment was not reflected in any saved file or communication.

Creepy, when you think about it. How many times have I thought better of saying something in chat or email, for fear of it being interpreted the wrong way, and erased it before sending? More than a few times, anyways. If my employer or my gov't had tapped those messages at the keystroke level, I might as well have sent them the moment I typed them. Ugh.

-Isaac

This is GOOD news for crypto enthusiasts (4)

Daffy Duck (17350) | more than 13 years ago | (#579345)

It seems to me that this tale shoots down the government's primary argument for trying to restrict the public's use of cryptography. Their battle cry has been "we must be given the crypto keys, otherwise we won't be able to conduct the sort of wiretaps we've gotten used to". But as this story demonstrates, they can still conduct wiretaps the same way they always have - by physically going out and tapping some wires. Bravo, FBI boys!

You are naive. (4)

Nonesuch (90847) | more than 13 years ago | (#579347)

It's not just a question of whether you have done anything illegal.

Perhaps you hold political opinions that are unpopular with the current administration. Maybe you have your local mayor upset at you for campaigning against him last election. Maybe you are a journalist who has published stories that upset the FBI. Perhaps your ex-girlfriend has taken a job in the local field office.

Get the wrong people mad at you, and you too may find out that government agents have added some tiny components to your computer...

When the sources for your news stories are found dead from a "self inflicted" park in Washington

When you lose every project you bid on to competitors who underbid you by exactly 3%

When the conservative christian boss of your same-sex lover "somehow" gets a copy of your last mash note.

When somebody says "If you aren't guilty of any crimes, you have nothing to fear", remember it's not question of whether you are guilty of crimes against the law, it's not a question of paranoia. The question is, have you committed a crime against somebody else's god, have you done anything that somebody else wishes was against the law, is there anybody who would benefit from hrting you?

If the answer is "yes" to any of the above, then you do have something to fear from this sort of "wiretap" activity.

So, whatsamatter with you? (4)

www.sorehands.com (142825) | more than 13 years ago | (#579348)

As one person mentioned, a court order was done to permit this.

The article missed one important point -- they were intercepting communications!. Even though it's from keyboard to computer, it's still communications over a wire (unless via a IR port). If it's software instead of a hardware unit, it is still intercepting the keyboard messages as it gets passed through the message queue (and windows). And if it was not authorized, it would be a federal crime of unathorized access to a computer.

Re:Calm Down! (4)

slashfucker (259972) | more than 13 years ago | (#579349)

i hope you're not serious, because you mangled the FUCK out of that quote. There is a great deal of confusion about who said that quotation, and how. The main consensus is that it was either Ben Franklin or Thomas Jefferson. Here are a few examples from around the net of how people attribute that quote:

Benjamin Franklin
"Those who would sacrifice liberty for safety deserve neither"
"Those who would sacrifice essential liberty for temporary safety deserve neither."
"Those that would sacrifice liberty to obtain a little temporary safety deserve neither liberty nor safety"
"Those who will sacrifice vigilance for liberty deserve neither."
"Those who would sacrifice essential liberties for a little temporary safety deserve neither liberty nor safety."
"Those who would sacrifice liberty for security deserve neither liberty nor security."

Thomas Jefferson
"Those who would sacrifice Freedom to gain Security, will not have, nor do they deserve, either."
"Those who are willing to sacrifice freedom for safety, deserve neither."
"A man that would sacrifice his freedom for security deserves neither."
"Those who would sacrifice a little freedom in exchange for security will have neither."

So who actually said it? Drum Roll please...

Charles Louis de Secundat, the Baron of Montesquieu, or Montesquieu for short. In 1774, the ideological father of the Constitution wrote:

"A man that would sacrifice his freedom for security deserves neither.
The God who gave us life gave us liberty at the same time."
-Montesquieu, The Rights of British America
So you are all obviously a bunch of cunts.

Love,Slashfucker

(Not So) Easy Answer (5)

Seumas (6865) | more than 13 years ago | (#579350)

Everyone should be using encryption for as much as they possibly can. When it is realized that 99.999 percent of decrypted information is fluff and noise, it'll be too much of an effort to process every bit of encrypted data. Otherwise, encrypting selectively is just like holding up a giant flag saying "read this!".

Of course, it's more difficult when 99 percent of the people you communicate with do not -- either because of lack of initiative, understanding or capability, use encryption and wouldn't know or care what to do with the encrypted information you send them.
---
seumas.com

Get worked up! (5)

geophile (16995) | more than 13 years ago | (#579351)

So ask yourself, which is more important to you, seeing mob bosses, terrorists, and child pornographers get caught before they can hurt anybody, or protecting yourself from having some FBI bureaucrat reading over your shopping list?

I think you're serious, so here's my answer: It is more important to me to protect myself from having FBI agents (not bureaucrats, agents) reading my shopping list, my political manifestos, my notes on how to protect myself from script kiddies (proof positive that I'm a hacker, after all), and my (probably) fictional account of Dubya and Jim Baker exchanging bodily fluids (not intended for publication).

The FBI has proven that it is not above using its power for political purposes.

If the FBI were not free to violate the 4th amendment, we wouldn't have anarchy -- we'd simply have a tolerable FBI. Do you really believe they'd have (your words) no power if they had to respect the 4th amendment?

Could be much worse (5)

CaptainCarrot (84625) | more than 13 years ago | (#579352)

I'm far more comfortable with this sort of approach, where a single individual is monitored after law enforcement officials go through appropriate due process, than I could ever be with something like Carnivore which, with a slip of the configuration file, can indiscriminately intercept communications from anyone on the network.

This isn't really any different than what the FBI goes through to put a tap on the telephone line. When they're going after organized crime, this sort of thing is both necessary and proper -- as long as it is governed by due process of law and nobody's privacy is needlessly invaded.

Please Read "Why You Should Use Encryption" (5)

goingware (85213) | more than 13 years ago | (#579353)

While I guess this goes to show that it's not unbreakable (do you keep your laptop in a safe at night?) I think in general it gives good motivation for why you should read my page:

Why You Should Use Encryption [goingware.com]

In the article, I try to discuss in as approachable and as convincing a way as I can why everyone, even your mom, even your kids should use cryptography.


Michael D. Crawford
GoingWare Inc

Re:Get worked up! (5)

GMontag451 (230904) | more than 13 years ago | (#579355)

This is America! You aren't going to be persecuted for harboring seditious ideas.

Someone doesn't know his history very well. Every time this country has been in conflict with another country in the past 100 years or so, people with anti-government sentiments, or even people with backgrounds that might lead to anti-government sentiment have been rounded up and put into prison, internment camps, etc.

Witness the most recent example, internment camps for the Japanese and Italians during world war 2. This was the cause of a direct exectuive order! Or how about all the people arrested during WWI and the period right after for being communist. There was even a law passed by Congress saying they could! Look up the Alien and Sedition Acts.

So next time you just blindly assume that because we are in America, we actually have rights and crap, think a little harder.

PGP = probable cause? (5)

perdida (251676) | more than 13 years ago | (#579356)

The SCARIEST part of the whole thing is:

FBI attorney: The suspect uses something called PGP, which prevents us from viewing his email and, combined with other evidence we have gathered while surveiling him, constitutes probable cause that he is using his computer for legal activity.

Judge: Okay, go get 'im.

Software does not equal intent. Not with PGP, not with Napster, etc.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>