Legal Challenge to FBI's Keystroke Sniffing

Factomatic writes: The "Associated Press is reporting that lawyers for" an alleged "Mafia boss who used PGP will argue on Mon. Jul. 30 that keystroke logging is an illegal wiretap after the FBI bugged his computer to get his password to decrypt his files. The case has major implications for privacy rights and other electronic surveillance techniques like Carnivore. The Electronic Privacy Information Center (EPIC) has put the case documents online." Meanwhile, a spending bill proposes a $7 million increase in the FBI's budget for defeating encryption (and stego).

Re:they DIDN'T have a judge's approval!

So before people start flapping their mouths bout how this mafia probably got what he deserved, the agents didn't have a court order to do this.

They had a search warrant. The distinctin is a technical one, as they indicate that the "bug" did not transmit anything. It doesn't heed to usual wiretapping SOP, as it was placed on the PC in one warranted search, and the data was picked up at another. As such, the agents did not have the ability to choose not to intercept unrelated data, as they would in a standard wiretap (they have to cease listening after 1 minute if there is nothing relevant to the case said, and wait 1 hour before resuming listening, or something like that). Maybe it's easier to think about it like this: what if the FBI got a warrant, broke in while he wasn't there, stole the key to his safety deposit box, made a copy of it, and replaced it without him knowing. It's just different in that they had to come back later to pick up the copy of the key. They aren't relying on any communications intercepted by the key-capture to make their case, only his password, like his safety-deposit box key.

Re:they DIDN'T have a judge's approval!

While the case will probably turn on a technical distinction, it ought to turn on a much more philosophical one.

What is the primary difference between a search and a wiretap? Why do we more evidence before a judge can authorize a wiretap than before he/she can authorize a search?

1) A search is a one-time event, whereas a wiretap represents ongoing surveilence. As such, a search tends to capture a small amount of private, transitory data (i.e. conversations, web cache, etc) while a wiretap tends to capture and catalog a large amount of this sort of information. This is a much greater invasion of privacy.
2) A search captures narrowly tailored information, whereas a wiretap casts a very wide net. A search warrent that authorized the authorities to look for root kits on your machine ought not allow them to page through your Quicken data. (I realize that the standards for searching a hard drive haven't yet caught up to the standards that apply to the physical realm, but I'm making a philosophical argument.) A wiretap wouldn't permit that level of distinction.
3) A search does not require, or generally permit, surreptitious entry. Police officers come to your door, announce that they have a search warrent, and enter. When someone searches your home, they have to provide you with a receipt of the items taken. Everything is done very much out in the open. A wiretap, on the other hand, requires that the police don't alert anyone to their entry when they install the bug. The open nature of the search provides a suspect with context that may be useful should he have to exercise his Constitutional right to confront his accuser at trial. In addition, it provides a useful check on government power since it permits outsiders to analyze the pattern and practice of searches to determine whether there's an abuse of power. The FBI could get away with a lot of abuses by wiretapping civil rights organizers in the 60's than they could not have had they done repeated physical searches.

Using the "if it looks like a duck, walks like a duck, and quacks like a duck" rule, I would submit that the FBI make a wire tap in this case.

Re:This is going to make me unpopular but...

Agreed up to a point. Law enforcement has a legitimate interest in monitoring the communications of a very limited, very deserving subset of people. This type of activity - implantation of hardware bugs - is, in my opinion, an adequate balance between the individual right to privacy and the government's need to investigate crime. It permits law-abiding citizens and criminals alike to use crypto, and prohibits driftnet operations in which everyone's communications are sniffed; law enforcement must have a sufficiently compelling interest in someone's communications to enter their home or office and physically plant the bug.

The problem in this specific case is that the FBI had a search warrant, not a wiretap authorization. There's a distinct difference: the suspect knows that his home or office has been searched when a search warrant is acted upon. In the case of a wiretap, the suspect necessarily knows nothing.

What we have here is law enforcement gaining authorization for one type of activity - a search of a premises - and undertaking in another. I agree that keystroke logging is a valid investigative technique, but there needs to be a legal structure set up to make sure that it's not abused, as, I believe, it was in this case.

Re:they DIDN'T have a judge's approval!

I'm not sure if there is a precedent judging whether keylogging is a wiretap or a search, but common sense says it is a wiretap.

True, therefore I predict that the legal system will decide that it is a search.

Re:they DIDN'T have a judge's approval!

The really strange thing here is that they had enough to get a search warrant (during the execution of which they allegedly placed a hardware or software bug in the guy's computer) but either didn't have enough to obtain an authorization for a wiretap (in which case one wonders how they had enough for a search warrant) or they just decided not to bother.

You don't have to be in favor of the existance of the mafia to be bothered by this.

Disclosal of methods...

The reason the methods are important is that if the way this device works is similar enough to a wiretap, then it will be considered one. Without knowing anything about how the device works, the court can't make any kind of a ruling as to whether it's a tap or not. While I understand the FBI would prefer to keep the information hidden because it would make it harder to circumvent, it is necessary for and relevant to this case.

Re:Who has the right to privacy?

The FBI in this case sought legal rights to survey the activities of an alledged mobster. The FBI had reason to survey this person's activities and obtained the legal authroization plant a deveice of some kind.

Um, no they didn't; that's the whole point of this alleged mobster's suit.

They had a search warrant, which allowed the FBI to search for currently existing evidence. Scarfo's suit charges that in order to place whatever device they used, they needed a wiretap order, which has a stronger standard to meet.

Jay (=

Re:they DIDN'T have a judge's approval!

But searching someone's safety deposit box would also require a warrant, which would be separate from the warrant to search someone's home. I don't think your analogy is correct.

There is a distinction between hard copy communications which are physical objects that may be searched with a search warrant, and immaterial communications (electronic or just voice) which are by definition transitory and don't hang around to be searched. IMHO, if he had anything written down they could have taken it when they searched, but leaving a device which effectively converts a transitory communication (password keystrokes) into a permanent piece of evidence (keystrokes stored in a bug) is effectively a wiretap, rather than a search of physical property that the mafioso already had. The agents had to do something to convert his communications into physical form so they could take it with a search, and in doing so they stepped over the line into wiretap land.

Your argument has ludicrous consequences, because you could use it to do essentially any wiretap with just a search warrant - just place miniature voice recorders in all the phones, wait a week, come back again and harvest the tapes, and see what you got. I don't think that's consistent with the spirit of the law, which expects law enforcement to get a separate wiretap warrant for intercepting communications.

Remember: it's a "Microsoft virus", not an "email virus",

Also at the BBC

For those of you interested, the BBC also has an article [bbc.co.uk] on the same subject.

Re:Good

> I also don't support a government that believes in wholesale destruction of the constitution to fulfill their agenda.

What chaps me about law enforcement is that every time a new technology comes out they assume that the constitution doesn't apply to it, and they walk on our constitutional freedoms until the courts reaffirm the constitution. Can't they see that the phrases "secure in their persons and property" and "unreasonable search and seizure" don't have anything to do with what technology is involved?

IMO, "zero tolerance" should start with the lawmakers and law enforcers. How can they expect us to behave when they don't?

--

Re:Hrm ...

I don't think anyone who uses their authority 'thinks' they're misusing it. Even J Edger probably thought he was in the clear when he dug up dirt on the powerful to protect his position, or when he spied on political organizations he disagreed with. Today, few would agree with his actions.

Re:Good and bad aspects

One thing which stands out about this is that the FBI guys didn't get a wiretap order. This is obviously not a good thing. IIRC, they got a search warrant, and assummed (wrongly IMHO) that the warrant included the right to search his computer

There's a reasonable case that a search warrant for documents includes a search of the current contents of the target's computer. However, the keystroke sniffer, placed for the purpose of making it possible to monitor future communications, clearly falls into the "wiretap" category rather than the "search" category.

(The reason the two are different, and the latter requires a higher standard, is that a search can be executed in the presence of the suspect. This serves as a deterrent against illegal expansion of the search into a fishing expedition. Wiretaps, obviously, cannot be known to the suspect until after the fact, which makes them more open to abuse.)
/.

The FBI will use this to fight encryption

This guy will probably have his case thrown out of court because agents, without a wiretap order, recorded a suspect's computer keystrokes which the FBI will then spin to make their point that common citizens should not have strong encryption. They will then push for one legal encryption scheme that they have a backdoor password to (deja-vu anyone?)

This falls perfectly into the government's propoganda that only criminals use encryption. Why is it that more of us don't use PGP for all of our emails? I would happily use it if any of my friends actually had public keys. We can't fight these fights unless we all pull together.

Re:So simple its scary

The one thing I've always wondered about biometrics, is what happens when somebody steals a copy of your finger prints or a digital picture of your retna?

It's easy enough to generate a new passphrase or digital key, but swapping fingerprintes must be a bugger of an operation.

Re:So simple its scary

why waste all those NSA CPU cycles tryin gto crack it - just grab teh passphrase

That's the way to go...

All cryptography expert will tell you that the best way to break encryption is by attacking the protocol. What most people forget, is that entering a secret (the passphrase in this case) is part of the protocol. It is so much easier to attack this part of the protocol than to attack other parts.

However I did not know that an agent was allowed to modify the scene when doing a search warrant. I always (maybe wrongly) though that search warrant were done to gather information based on what's present. Not to allow an agent to add spoofing devices without your knowledge.

they DIDN'T have a judge's approval!

From the article: agents, without a wiretap order, recorded a suspect's computer keystrokes.

So before people start flapping their mouths bout how this mafia probably got what he deserved, the agents didn't have a court order to do this. Think about it. If FBI agents have enough "probably cause" and figure they should tap your computer cause you're under suspicision of doing something illegal, and they don't even have to go see a judge to approve it, then your privacy and civil rights have gone right out the window.

Re:they DIDN'T have a judge's approval!

What i wonder is, if the FBI doesn't find anything once they enter my house with a search warrent, could they leave a camera behind in hopes of taping me doing something illegal. I would hope that goes beyond the 'resonable search' the 4th amendment protects. Does anyone one know how much freedom the FBI has to bug people, especially when a search doesn't turn up evidence?

The Speed Trap analogy

It's like this... a search is a single shot event... much like a parked State Trooper on the highway. You watch for him, slow down, and all is well. Everyone accepts this as a way of making revenue for the agencies, and a reasonable trade off in keeping drunks down to a low roar.

A wiretap (or in this case some other form of bug) is like having the police put a monitor in your car, monitoring your speed and location until they come and pick it up.

If you know the police are watching, you act accordingly. Would you really want to get a ticket for every single time you went more than the posted limit? Would you want to live in a country that allowed it?

The bill of rights is a restraint on government, because it's better to let ten guilty men go free than to wrongly convict one innocent man.

The bias against the persons involved is irrelevant, innocent until proven guilty. The bug was illegal.

--Mike--

Re:they DIDN'T have a judge's approval!

> they have to cease listening after 1 minute if there is nothing relevant to the case said, and wait 1 hour before resuming listening, or something like that)

Does this mean that if you spend one minute talking about the weather, how are the wifes and the kids, etc. you get one wiretap-free hour of talking "business"?

Re:So simple its scary

Compromising the passphrase is always easier. I'm sure that you could extract the passphrase from just about anyone given a couple of hours and a pair of needle nosed pliers. It's pretty easy to ignore those inconvienent laws against that sort of thing, too, especially if your suspect is thought to be a domestic terrorist or a copyright infringer.

Re:Who has the right to privacy?

Forgive me for being too ultra paranoid.

We are currently in very dangerous times. Every action by our government must be highly scrutinized to make sure it is in the best intrests of the populous.

Yes, this guy's a mobster. The courts will ultimately decide his guilt. Maybe it's fine that this guy goes away.

Is the FBI right to do this without permission of an advisory? Absolutely not.

The FBI is not autonomous, neither is our government. Both need oversight. Our constitution provides a means to oversee our government namely in checks and balances as well as elections. In a last resort we have the right to choose a new government as a government derives its authority by the consent of the governed.

If we choose to not fight each and every small battle for our privacy and rights, later we will not have the option as the war will be lost.

Re:Is my DNA protected by the DMCA

No, because neither god nor you own your DNA. Specific DNA sequences can and have been patented by whatever drug company first discovers them. Ignoring of course the fact that its a discovery, not an invention, but hey the USPTO is wacky like that. For example, theres a certain gene that will tell wether or not you have a predisposition towards certain types of breast cancer. In order to test to see if you have that gene, you have to pay a drug company a royalty, because they have a patent on that gene. If anything, the drug companies can sue God for patent infringement.

Re:Tapping LCDs?

In short, no. Do a search on TEMPEST or Van Eck Phreaking for more info, but the pixels switching on and off in an LCD screen will generate EM radiation too. In fact, I've even heard of people picking up data straight from the printed circuits on graphic cards and turning it into a useable display, so you don't even need the target machine to have a screen. Creepy, eh?

Basically, there's 3 good ways to overcome this that I'm aware of:

1. Make sure your display is gibberish. Unfortunately this makes it kinda difficult to use : )
2. Set up something to broadcast a load of EM white noise to drown-out the signal from your machine.
3. Only use your machine from inside a big thick metal box (to block the signal), and make sure that you take a portable power supply in there with you (signals can even propagate down the power supply cable).

Yes, it's time to be paranoid.

Re:methods for keystroke logging?

Or encase it in concrete. [slashdot.org]

Police moral decay?

This weeks edition of The Economist [economist.com] has several stories surveying illegal drugs [economist.com]. The story relevant here is the one on Collateral Damage [economist.com], which begins

The most conspicuous victim of the war on drugs has been justice, especially in America, ...

The attack on drugs has led to an erosion of civil liberties and an encroachment of the state that alarms liberals on America's right as well as the old hippies of the left. At the Cato Institute, a right-wing think-tank in Washington, DC, Timothy Lynch is dismayed by the way the war on drugs seems to be corrupting police forces. ...

Civil liberties ... suffer because there is usually no complaining witness in a drugs case: both buyer and seller want the transaction to take place. The police, says Mr Lynch, therefore need to rely on informants, wire-taps and undercover tactics that are not normally used in other crimes. The result is "a cancer in our courtrooms", as he puts it, that proponents of America's drugs war rarely acknowledge as one of the costs of prohibition.

Gradually, the police get accustomed to using these "undercover tactics" even when doing so violates civil liberties. And then they use those tactics in more and more investigations, whether it is legal to do so or not--like (perhaps) keystroke sniffing. And of course, they claim that the end result justifies the means. Clearly, Justice is the loser.

I'm not sure that I agree with all this, but it's an interesting perspective.

Re:they DIDN'T have a judge's approval!

Re:they DIDN'T have a judge's approval!
Yes they did. See for yourself.

From the document linked:

The seizure and retrival of key related information and encrypted file(s) ordered pursuant to this order do not involove captured communications protected under title 18, United States Code, Sections 2510 et seq..

This would indicate to me that this was an illegal wiretap. I'm not sure if there is a precedent judging whether keylogging is a wiretap or a search, but common sense says it is a wiretap.


Enigma

Re:they DIDN'T have a judge's approval!

Yes they did. See for yourself. [epic.org]

-

This is going to make me unpopular but...

...I actually think this is a good thing.

We've been told for years that encryption must be controlled because it gives Bad Guys the power to evade law enforcement in a way that was not possible using traditional means of telecommunications. This arrest puts lie to that claim. You can have publicly-available encryption without disrupting law enforcement's existing ability to conduct court-ordered surveillance.

I know some of you have a beef with court-ordered surveillance, and that's cool. But if you don't, then how is this case any different from surreptitious voice recording?

-

Re:This is going to make me unpopular but...

Uh, because the court didn't order any surveillance?

The court order is here [epic.org]. It grants permission to:

...search for and seize key related information from Nicodermo S. Scarfo's computer in the TARGET LOCATION

by deploying recovery methods which will allow the Government to read and interpret data that was previously seized pursuant to a search warrant on January 15, 1999, as well as those to be seized under this present Court Order. (Emphasis mine.)

It seems from this that the judge indeed intended for a device to be used to get the private key. Scarfo's lawyers are just trying to argue that he should have specifically said "wiretap" if the device actually transmitted information. It's lawyerly semantics.

-

Re:they DIDN'T have a judge's approval!

The court order, however, did authorize the FBI to "install and leave behind software, firmware, and/or hardware equipment which will monitor the inputted data entered on Nicodemo S. Scarfo's computer by recording the key-related information as they are entered." from [philly.com] http://inq.philly.com/content/inquirer/2000/12/04/ front_page/JMOB04.htm

You can get the device they used for US$139

The device they probably used is available commercially at Keyghost [keyghost.com]When was the last time you checked how your keyboard is plugged in?

Re:Sad day

Explain about being flagged? How do you know? How would someone else know? Did you simply assess yourself as a risk? Any good links on the subject?


The Lottery:

Sad day

It's a sad day when the Gov't throws you in jail for breaking the encryption that "protects" a copyrighted work, but openly funds and encourages the development of technolgies that violate the privacy of it's Citizens.

So simple its scary

I've known people who think PGP is invincable - I try to tell them otherwise. But the way teh FBI pulled this off is genius - why waste all those NSA CPU cycles tryin gto crack it - just grab teh passphrase. Of course, with biometric stuff getting so cheap, soon typed passphrases may only be part of the puzzle and even then the FI will somehow manage to succeed.

This is clearly a case of wiretapping though. My keystrokes are the same a talking (to me anyway, IANAL) so if they need a court order to bug my house, they damn well better need one to bug my keyboard.

Time to start putting tiny pieces of tape or those warranty type stickers on my keyboard and PC :) Can't be too paranoid ;)

Re:Good

"But in the US it seems the means justify ends - letting someone known to be a serial killer free just because some inspector or police made a mistake."

That, of course is not a good thing. But everyone makes mistakes, even the most skilled.

The reason why the law HAS to be what it is so that police who WILLFULLY violate the law do not get to use that illegal evidence to prosecute someone.

It's unfortunate, but the only way to prevent jailing INNOCENT people because of the actions of rogue law enforcement is to increase the chance of freeing the guilty. And the kicker is, the more power you give the jackboots, the more likely you are going to jail more innocents than guilty.

This comes because under the US Constitution, there is a PRESUMPTION of innocence. It's the burden of the state to prove guilt, and they should not be allowed to use evidence obatined illegally.

Re:Good

"This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free."

Don't hold your breath. The FBI has a long and distinguished history of breaking the law, and I've yet to see a FBI agent be punished for what they've done, unless it's spying.

FBI agent Lou Horouchi participated in a cold blooded murder, that of Vicki Weaver and her baby, yet wasn't even prosecuted. In fact, he and his fellow jackboots got awards and promotions. Hell, the FBI jackboot who is persecuting Sklyarov is up to become HEAD of the FBI!

Which is why we need the courts to defend the Constitution. While I'm all for putting mobsters away, the ENDS DO NOT JUSTIFY THE MEANS. To advocate that is to advocate lawlessness and anarchy.

The only way the FBI will stop violating the Constitution is to lose cases against people they violate.

This is why under US law, evidence obtained illegally is NOT evidence in the eye of the courts, this is ultimately the ONLY check and balance that will provide incentive for law enforcement to obey the law.

Good

I don't by any means support organized crime. I also don't support a government that is both allowed to and willing to use loopholes in the system to drum up evidence against somebody. I also don't support a government that believes in wholesale destruction of the constitution to fulfill their agenda.

There are legitimate needs for a wiretap, and there are checks in place that are supposed to prevent abuse. Calling the process "wiretap" was shortsighted but unfortunately the name sticks. Whether you're spying using a phone tap, concealed microphones, a pair of binoculars or some as yet discovered/revealed technology you're accomplishing the same thing. This particular event needs to be punished, and unfortunately in this case it means a guilty person goes free. Still, that is much better than a court case which ends up squashing citizens rights due to precident.

Tech-savvy Feds

Like it or not, the Feds are probably the most tech-savvy of all the world's law enforcement agencies. Also, with propoer procedures, including obtaining a search warrant, most of these procedures are legal.

You should be aware though that the US Supreme Court appears to be taking the issue of high tech's effects on privacy very seriously. In Kyllo v. United States, 121 S. Ct. 2038 (2001) (available on LexisOne [lexisone.com] - free registration required) the USSC held that the police's use of a thermal imaging unit to detect the use of heat lamps to grow marijuana inside the defendant's home violated the 4th Amendment's prohibition on unreasonable searches and seizures.

I predict that the USSC will continue to take privacy matters very seriously as technology progresses.

They can sniff all they want...

They can sniff my keyboard all they want. Although I don't know why they'd want to. I mean, it just smells like pizza and jergens lotion.

Re:they DIDN'T have a judge's approval!

Straw man.

By your argument, the FBI could place a tape recorder in my house during one warranted search and pick it up during another. Same principle, and that would be an illegal wiretap.