[ISN] Feds: Spy Tool Is a Secret

From: InfoSec News (isnat_private)
Date: Wed Aug 08 2001 - 01:35:10 PDT

  • Next message: InfoSec News: "[ISN] Stuph for 8.8.01"

    By Declan McCullagh 
    2:00 a.m. Aug. 7, 2001 PDT  
    The U.S. government has invoked national security to argue that
    details of a new electronic surveillance technique must remain secret.
    Justice Department attorneys told a federal judge overseeing the
    prosecution of an alleged mobster that public disclosure of a
    classified keystroke logger would imperil ongoing investigations of
    "foreign intelligence agents" and endanger the lives of U.S. agents.
    In court documents (PDF) filed Friday, the Justice Department claims
    that such stringent secrecy is necessary to prevent "hostile
    intelligence officers" from employing "counter-surveillance tactics to
    thwart law enforcement."
    U.S. District Judge Nicholas Politan heard arguments last Monday in
    the prosecution of Nicodemo S. Scarfo, the alleged mastermind of a
    loan shark operation in New Jersey. Politan asked both sides to submit
    additional briefs before he decided whether or not to order the feds
    to disclose details about their keystroke logging device, which
    captured Scarfo's PGP passphrase.
    Politan has barred attorneys in the case from talking to reporters.
    Donald Kerr, the director of the FBI's lab, said in an affidavit filed
    Friday that "there are only a limited number of effective techniques
    available to the FBI to cope with encrypted data, one of which is the
    'key logger system.'" He said that if criminals find out how the
    logger works, they can readily circumvent it.
    The feds believe so strongly in keeping this information secret that
    they've said they may invoke the Classified Information Procedures Act
    if necessary. The 1980 law says that the government may say that
    evidence requires "protection against unauthorized disclosure for
    reasons of national security."
    If that happens, not only are observers barred from the courtroom, but
    the trial could move to a classified location. Federal regulations say
    that if a courtroom is not sufficiently secure, "the court shall
    designate the facilities of another United States Government agency"
    as the location for the trial.
    But the FBI's Kerr said that CIPA's extreme procedures aren't good
    enough. Says Kerr: "Even disclosure under the protection of the court
    ... cannot guarantee that the technique will not be compromised.... To
    assume otherwise may well lead to the compromise of criminal and
    national security investigations, and, in some cases, threaten the
    lives of FBI or other government agency personnel."
    Scarfo allegedly used PGP to encode his confidential and incriminating
    business data. With a judge's approval, FBI agents repeatedly sneaked
    into Scarfo's business to plant a keystroke sniffer -- it could be
    either software or hardware -- and monitor its output.
    During last Monday's hearing, Judge Politan wondered aloud how the law
    should treat the keyboard tap.
    Was it akin, Politan wondered, to a telephone wiretap, regulated by
    the federal law known as Title III? Perhaps it was a general search of
    the sort loathed by the colonists at the time of the American
    Revolution and thereafter outlawed by the Fourth Amendment? Or was it,
    as the government argued, just like cops rummaging around someone's
    home or office with a search warrant in hand?
    The difference is crucial: If Politan rules that the FBI's keystroke
    monitor is a wiretap, the evidence may have to be discarded and Scarfo
    would be more likely to walk free. That's because wiretaps must follow
    strict rules -- such as minimizing information that's recorded -- that
    the FBI's technique didn't.
    "If no court has yet assessed the legality of this technique, it seems
    clear that Scarfo should be entitled to make that inquiry," says David
    Sobel, general counsel of the Electronic Privacy Information Center.
    "Whether or not this was the equivalent of a wiretap is a central
    question -- how can that be answered without knowing how this worked
    and what it was capable of capturing?"
    For its part, the defense argues (PDF) that without public disclosure,
    judges will be giving their "approval to secret entries which do
    nothing less than spy on the citizen so targeted."
    Another thing that's suspicious, says the defense, is that the log
    from the program ended as soon as it shows Scarfo's PGP passphrase:
    "The odds of someone subject to a 60-day period of observation via
    keystroke recording providing what was sought on the very last typed
    entries are alarmingly high."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 05:06:03 PDT