FBI Confirms Magic Lantern Existence 461
The_THOMAS (and many others) writes: "A day after major
anti-virus firms waffle on their support for 'Magic Lantern', and nine days
after Thomas C Greene of The Register tried to throw cold
water on it's existence,
the FBI Confirms
the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"
Is FBI working together with the software companys (Score:1, Insightful)
Not a great idea (Score:3, Insightful)
Viruses spread because each time a user is infected they spread the infection to an average of more than one user. Most viruses die very quickly. Of the thousands launched each day only a handfull infect more than a few hundred sites. The probability of infecting a particular machine is actually quite low. It is going to take rather more effort to spread the trojan payload than the FBI expect.
Simply sending out random spam and hoping the target opens an executable that installs the trojan is not likely to work. A more likely means of succeeding is to attach the trojan to a downloaded executable.
A much easier solution with lower downside risk is simply to install a good old fashioned room mike or to use CRT radiation to snoop on the screen.
Re:Why do people get riddled with fear? (Score:2, Insightful)
I respectfully disagree.
It doesn't matter what you do, it matters what they can credibly claim you did. That's the threat. If the FBI were to accuse me in court of having written Goner, for instance, which judge is going to believe me? Any single techno-geek can't deny an allegation if it's strongly put.
The risk here is that the FBI gain more credibility to make accusations. That's it really. That credibility is a threat in itself.
Personally I don't have much to hide, because it's all posted on websites somewhere...
- Malx
Not an easy task (Score:2, Insightful)
The super-paranoid will be safe from Magic Lantern because they probably don't upgrade software often and they probably patch security holes themselves. But for the rest of us who want to *use* our computers, this is an enormous problem.
df
Re:"Magic Lantern" Defense? (Score:2, Insightful)
The problem is that we have a government that is becoming increasingly oppresive. All three branches of our government are basically for sale to the highest bidder. We have lawmakers and people in positions of power who don't really care about the Constitution.
The government has locked people away for nothing more than expressing opinions in the past. I don't want the FBI knocking down my door because they read an email I wrote saying that I disagree with John Ashcroft's latest violations of the Constitution.
Re:Hackers Beware (Score:2, Insightful)
And rude people and dog owners... please, if you don't like your freedoms, then just pretend you're in prison. But don't volunteer away my rights. To me it sounds like you definitely are "one for violating our freedoms."
Re:"Magic Lantern" Defense? (Score:1, Insightful)
Yeah, it's pretty much exactly the same. That's why I would do both those things. Cops will often try to bluster their way into your home because they don't have enough evidence to get a warrant, and they know it, but they hope you don't. In that case, telling them to shove off means quite a bit less hassle for you.
That's aside from all that Constitutional-rights stuff.
Tragedy (Score:2, Insightful)
What does this currently threaten? It is only through this avenue that I believe IP/Patent laws can or ever will be reformed. I certainly hope they do, so I don't have to explain to my grandchildren why knowledge and human creation built for thousands of years, their Birthright, the first creation of man that had no scarcity, enough for anyone willing to see, was caged and locked away only to be available to the richest, or at worst lost forever.
This is a direct attack to the defenses the people have against their rulers.
Yeah. Right ... (Score:3, Insightful)
And in 1968, the Hugues Glomar Explorer was looking for nodules on the pacific floor ...
Seriously though, how plausible do you think the following scenario is :
McAfee receptionist : Hello gentlemen, how can I direct you ?
Men in black : [showing their IDs] We work for the department of Homeland security. We need to speak to the CEO at once. You also are not to mention our visit to anyone by measure of national security.
MR : [picking up the phone] Mr. Sampath, important visitors for you.
Srivats Sampath : What can I do for you folks ?
MIB : Your company is under strict orders from the FBI and the department of Homeland security to provide appropriate backdoors in the software it produces. These backdoors are confidential-defense and must be revealed to the following persons only : [list of persons]. Any of you or your employees who have knowledge of these backdoors who reveals the existence of the backdoors will be detained and judged by a military court. Any question ?
SS : [going into brown alert] Yes yes Mister, anything you say. Have a good day Sir.
SS : [later, talking to the PR guy] John, write the following press annoucement and send it immediately to PRNewsWire : McAfee will NOT NEVER EVER UNDER ANY CIRCUMSTANCES NOT ON YOUR LIFE install any backdoor ever in our software. Never ever. Promise.
You think I'm paranoid ? Heck yes I am. The above is a bad fiction, and if nothing else, it certainly shows that I have no knowledge of who does what in the government, but my point is : none of these anti-viruses are open-source, how the hell are we supposed to know they're saying the truth ? especially nowaday, can you really trust anybody even remotely involved in computer security to tell you the truth ? Well, I'm taking the easy way out of that dilemma and I'm sticking to "alternative operating systems" that don't require proprietary anti-virus softwares in the first place, and that are known not to contain backdoors as long as the user administers the box properly.
Re:They can get us Linux users too (Score:1, Insightful)
Getting around Magic Lantern (Score:5, Insightful)
Whee. (Score:5, Insightful)
If someone puts a trojan or virus on your machine to spy on you, it's "cyberterrorism."
If the government puts a trojan or virus on your machine to spy on you, it's "domestic security."
Tell you what... (Score:3, Insightful)
If, after all that, you come back and say "It made no difference. I had nothing to hide" then I'll believe you. No cheating by self-censorship allowed.
'Till then I bet you're just like everyone else -- you have at least one skeleton in the closet.
Remember, the FBI are people too. What interests the mailman that's in those baggies interests an FBI agent just as much. The only difference is that the mailman is under special orders not to read your mail.
Not scared of magic carnivores..... (Score:2, Insightful)
Does anyone really think that Magic lantern, or carnivore, or any other media whore flavor of the week is a truely serious concern? Yes, there are possibilities for backdoors to fall "into the wrong hands" But just what do *you* stand to lose? A piece of your freedom? yeah, that is a legitimate concern, however, was that a freedom you really had?
Anyone who has had to deal with law enforcement with a computer-related incident loves nothing more than to howl about how woefully out of touch those in authority are. Then, when said groups make attempts at learning, the same folks go on half cocked screaming orwellian brave new world like lemmings.
the one argument that keeps coming up is "if you have nothing to hide why are you concerned?" Well, if you have nothing to hide, odds are you'll never have to deal with software like this in the first place. they still need a warrent, they still need a reason to target you. There's a reason search warrents aren't mentioned in 1984.....
Is there a signifcant risk to freedom at stake with recent legislation? There could be. Is there a dedicated group of individuals that want to run around screaming "brown-shirted nazi jackboot black helicopter Orwellian thought crime brave new thugs!" at the first mention of the FBI? Yeah. Any government agency concerned with the safety of the populace is going to end up on the wrong end of popular opinion anyway.......
Re:"Magic Lantern" Defense? (Score:5, Insightful)
Maybe I enjoy surfing porno websites. Maybe I work for a Fortune 100 company and have trade secrets on my computer. Maybe I'm secretly gay and that fact could be gleaned from my online habits. Or, hell, maybe I run the world's biggest cocaine trafficking ring over the internet. (Obligatory disclaimer, all of these situations are bogus.) It doesn't matter what I'm doing; without a warrant, the government has no more of a right to come in my house or my computer than a bum off the street.
The problem I see with Magic Lantern, vis a vis conventional searches, is that the potential for abuse is far too great. When the FBI raids a house, it's rather obvious. Maybe the person is at home, or the neighbors see it going down, etc. Makes it pretty difficult for them to just bust in any old house they want, without a warrant; and makes it pretty embarassing if they happen to screw up and raid the wrong house. This is (at least in my mind) a fairly good check and balance to ensure that the FBI isn't raiding houses on a whim.
What happens, though, if they bungle and put Magic Lantern on the wrong person's computer? It's a valid threat; if fucking bomb coordinates can be transposed, so can a suspect's IP address. What if Magic Lantern winds up on your computer or mine, even though we aren't doing anything illegal? There are no neighbors to see it happening, there is no embarassing story on CNN about the snafu, but before I know it, those corporate trade secrets on my computer are now in the government's hands. (IIRC, it was objection to exactly this type of risk that got France in a mess when they banned encryption.)If there are terrorists at the mall, I at least have the choice to stay home and avoid them.
Shaun
Re:They can get us Linux users too (Score:5, Insightful)
Of course, I wonder just how far the Fibbies will actually go in doing this. Most criminals are stupid. Hell, al Qaeda stood out like a sore thumb, it's just that most modern Americans have had their senses so dulled by television and government schools that nothing makes them paranoid anymore....
Sure, our hero slapped something together that dropped a back door in nothing flat. How many guys that smart are going to go work for what Uncle Sugar pays? How many of the ones that are smart enough actually know something about Linux?
And then there's the question of sheer manpower. Sure, they can tap your data, but who's going to go thru all that crap? They simply don't have THAT many Beowulf clusters....
If I was Ashcroft, I'd settle for netting all the Windows users, and worry about all those other OS's if and when I had a specific hard target. Once they hard-target you, you're a goner anyway; if they can't get what they want by giving you a Windows virus, they're just gonna come bust your door down. Meanwhile, I think most of us non-Windows users are relatively safe from any fishing expeditions the Fed might want to do on our hard drives.
And so it is that the umpteen zillion different distros of Linux becomes one of its advantages....
Besides, Red Hat has already let on that it's not going to play ball; remember that early release of a security patch (was it wu-ftpd?) that caused the flap a few weeks back? I think Bob Young and company had a lot of balls for doing that; it shows that his loyalty is to his users, and not to some calbal in some smoky chat room... I hope and pray and offer virgin sacrifices that it stays that way. Of course, there's also OpenBSD; Theo, cagey bastard that he is (and I *like* cagey bastards in these situations), isn't going to play cloak and dagger with *anyone*. I figure if anyone *tried* he'd raise six kinds of hell.
Bottom line, folks, there are more of us than there are of Them; they can't get to us all. And try and remember, if they do try to get to you, your first obligation is to escape and warn the rest of us. We have to hang together... lest we all hang separately.
Re:"Welcome to a Brave New World!" (Score:1, Insightful)
Or is the phrase simply being used by someone who merely thinks he knows what he's talking about? Ah.
Think for a minute (Score:5, Insightful)
It's the networked computer-version of a phone wiretap.
In both cases, permission to use either information-collecting method has to be authorized first by a court-order. From the article [news.excite.com]:
When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."
...which is legalspeak for "Yeah, as long as wiretaps require court orders, so does Magic Lantern."
I can't believe the number of posts comparing the introduction of Magic Lantern to a civil liberties meltdown getting +1 Insightfuls. They're about as insightful as the patriotic idiots who'd allow government agencies unchecked freedom to invade private citizens' lives in the name of antiterrorism.
The citizens of the US have a responsibility to watch over the actions of its government, to serve as a check against the growth of abuse of power. Melodramatic statements like "Welcome to a Brave New World!" and knee-jerk antigovernment statements like "Trust the FBI to abuse this the minute they get it" merely serve to marginalize and decrease the credibility of those that speak out against government agencies becoming too unfettered.
Am I afraid that Magic Lantern may someday be abused? Well, yeah, but I'm a lot more frightened by the potential abuse of "old-fashioned" things like the aforementioned wiretaps and unwarranted searches and seizures than I am of the FBI emailing me an easily detectable and easily deletable script or executable virus. Magic Lantern doesn't strike me as a shadowy menace so much as the amateurish nature of a government agency still in the first steps of dealing with a wired world.
The key to preventing abuse by the FBI and other agencies is not by depriving it of tools to work with, such as wiretaps or Magic Lantern, but to ensure that adequate oversight exists and continues to do so in the future. Spending time and energy protecting and advocating the transparency and accountability of the FBI is infinitely more effective, and more likely to work, than seeking to deprive the FBI of intelligence-gathering tools to work with.
Re:They can get us Linux users too (Score:3, Insightful)
It's an American idea, an American problem and based on American laws... and you are enforcing it on the rest of the world
What's left to us rest-of-the-world-westeners is to stop buying US software because otherwise we risk that our secrets will be sold to American businesses by the CIA/FBI gang... as it has happened before on numerous occassions where European companies (Siemens, for instance) suddenly lost deals in the middle east. Not enough that they eversdrop on our mobile phone communications (Echolon), now they bug our software...
An analogy (Score:5, Insightful)
In both cases:
Writing letters to your representatives and starting petitions about strengthening the oversight mechanisms over the FBI makes a lot more sense, just like the FBI using other methods to gather intelligence on criminals makes more sense than banning strong encryption.
Re:Getting around Magic Lantern (Score:3, Insightful)
I'm violated and I can't fight back. (Score:5, Insightful)
I am Australian. I use American antivirus software. There is no indication that Symantec or McAfee are going to protect their Australian consumers from the American government.
Most of this discussion has centred on the FBI invading domestic computers. I am more concerned, not personally, but ethically as a global citizen, with the CIA or another US body using this technique to invade my country's rights.
I have no recompense, short of diplomatic channels, or through whatever (uberexpensive) international anti-espionage laws , at stopping this.
Magic Lantern is a very blunt intelligence instrument. Right now (and the irony is NOT lost on me) all I have to be thankful for is that my sychophantic Prime Minister has been licking Dubwya's scrotum so much lately that Australians are probably far down the list of suitable intelligence targets.
Re:They can get us Linux users too (Score:2, Insightful)
Actually, in this case it is safer to actually always trust Microsoft. The reason is simple, if you always trust Microsoft and you get an executable signed with the fraud verisign signature, you will be asked if you want to run this file signed by Microsoft corporation. Now you should know that you always trust Microsoft, and therefore you shouldn't be asked if you want to run a file signed by Msoft. However, if you don't always trust msoft, it won't surprise you when you're asked if you want to run a file signed by them.
The funny thing is... (Score:3, Insightful)
We know this because even the Congressional leadership didn't know about them, as evidenced by the hearings certain privacy-conscious sons of liberty among them demanded once Carnivore became known. The fact is the executive branch does most of what it does without any Congressional approval at all. Or what would you call President Bush's fiat about using military tribunals, an order which the Legislative branch did not authorize and, though most support it, almost all complain that they weren't even consulted.
You're quite naive if you believe this nation still operates as the Constitution intended it to. Instead of the Legislative branch setting things into motion through passing laws, the Executive branch carrying those laws out, and the Judicial branch overturning laws when necessary and interpreting them in just ways, it now works like this:
The Executive branch sets things into motion by executive order and abuse of over-broadened discretion; the Legislative branch quite rarely then puts the Executive back in its place by passing laws to curb its abuses, but much more often is too busy setting other abuses into motion through its own powers, such as CDA, COPA, DMCA, SSSCA, etc., which generally serve to magnify and reinforce the abuses of the Executive branch; meanwhile the Judicial branch occasionally slaps down a particular abusive law or executive practice only to be largely ignored and "worked around" by those other two branches who just keep hawking the same old abuses of liberty under new bills of sale, ceaselessly, since the actions of the Judicial have no bearing at all on what the Legislative and Executive branches have the power to do--write the same policy up into different words and all of a sudden it's a new law or executive order, which has to be nullified by a Court again through the same long and painful process, even though it's essentially the same abuse. Not that the Judicial branch can be trusted to defend liberty much better than the other two, though--cf. the insane decision upholding anti-sodomy laws by the High Court in *Bowers v. Hardwick*, which boils down to "your right to privacy doesn't include the right to go against mainstream moral teachings." Read the text of the decision--it actually uses the word "morality," as if the Judicial branch is there to enforce subjective Christian moral concepts rather than invoke objective attempts at justice.
To put it simply, the FBI has a Congressional mandate to arrest people for breaking laws, but it does not have a Congressional mandate to do whatever it wants and invent any methods of snooping it wants while investigating people it desires to arrest. The unfortunate part is that the Legislative branch is too busy violating our other rights and taking corporate perks to ever use its power to restrain the FBI by law, while the Judicial branch is so slow and addlepated that multitudes of people will have the FBI's Orwellian thoughtcrime-control toys unleashed on them before it ever decides to uphold or invalidate these invasions. Not that we can trust it to make the right decision anyway, considering that it won't even let me lick my adult and consenting wife or girlfriend's pussy in private.
Thomas Jefferson was right, my friends--"An elective despotism was not the government we fought for."
How does this affect non-us users? (Score:2, Insightful)
Re:An analogy (Score:3, Insightful)
It grants no rights to government. There is a reason for that. Think about it.
Yes, it is a double standard, but that is the way our founding fathers made it, because they knew it was necessary.
State sponsored terrorism (Score:1, Insightful)
can the UK, german, franch, iraq, libien, cuban governements enforce also their backdoors in any AV-software?????
And does the German backdoor conflicts with the US-backdoor?
In stead of AV-software, it looks more like a toolkit for installing viri and backdoors (well looks more like a front gate to me) for any organisation who claims to be defending their version of "truth, freedom" , and their god-given-right to do what ever they like at the costs of other peoples rights and freedom....
I even wonder why i should pay for these products contaminated by state sponsored terrorists.
It should have been the other way round:
For the privilege that THEY can poke around on MY systems, i demand a paycheck from CIA, FBI, MI-5, MI-6, KGB, Deuxieme Bureau (who else want to contribute)......
Hackin' Hans
Re:What to do, what to do... (Score:5, Insightful)
What makes anyone think they won't do the same for the FBI? Simply put, they will.
The answer, of course, is free software. If we had a free software virus scanner/remover, that was completely open source, such tomfoolery would be impossible (so long as you knew how to read the code, or could get someone to do it for you, not that hard to do in the Linux community)
Open source=accountability.
This is why I'm concerned that this sort of thing will end up playing into Microsoft's hands, in getting an increasingly paranoid government, that is absolutely determined to outgun it's citizens in every aspect of life, to get free software made illegal..
Imagine it being ILLEGAL to posess a true open source operating system because it would be the legal equivalent of having a private nuclear bomb.
This is not so farfetched, as a networked computer that the government cannot monitor nor break into is as great a threat to our ever paranoid government AS a nuclear bomb in the hands of a private citizen. The precedent proof is in the fact that the government has made the ownership of weapons that would allow resistance to it illegal (had the same been true in 1776 the revolution would never have suceeded).
I think all who value freedom should oppose a government from being able to impose restrictions on citizens that it will never place on itself, IE, the fact that the GOVERNMENT is allowed to have strong encryption, unhackable (or so they think) computers, networks, etc, to hide information, but that private citizens should not.
How many crimes comitted by our government are hidden in encrypted files on government computers that will never EVER be discovered? Why should we trust a "justice system" that in the past decade has massacred more people without cause (Waco, Ruby Ridge) than at any point since the civil war?
Unlike the days of Woodward and Bernstein, it's likely our government's worst crimes aren't written on paper to find, they are stored encrypted in a computer somewhere. Which means, unless the citizens are allowed to install trojans to go on "fishing" expeditions through our government computers, we will never know.
But, as our government is saying to us, I'll say to them "if you've done nothing wrong, you have NOTHING to fear, right?"
In this, the government is non-partisan. Janet Reno presided over those aforementioned massacres, and John Ashcroft is pushing the current horror. All the more reason to abandon our one-party Demopublicans and vote Libertarian.
Re:Think for a minute (Score:3, Insightful)
When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."
Baloney. If that's what he meant, he would have said, "Yes". In fact, this is doubletalk for "no". The FBI wants to do this with only a warrant (easily obtained) instead of by seeking phone-tapping permission (much harder).
Brave New World? ( or 1984 ) (Score:5, Insightful)
Now, if they ( the ever ubiquitous "they" ) were putting drugs ( got soma? ) into the water, then it'd be more similar to BNW, but instead it's the Government furthering it's ability to monitor the activities of it's citizen's, which strikes me as much more Orewllian.
Okay, back to your regulary scheduled MS sucks/Linux rules/I hate Katz ranting.
Remember, "a gramme is better than a damn!" :)