[ISN] FBI device sets off alarms

From: InfoSec News (isnat_private)
Date: Tue Sep 04 2001 - 02:20:33 PDT

  • Next message: InfoSec News: "[ISN] Scan of the Month - September"

    Forwarded by: Patrick Oonk <patrickat_private>
    
    http://www.usatoday.com/usatonline/20010830/3589336s.htm
    
    Friday, in a New Jersey courtroom, the FBI is scheduled to deliver a
    secret report detailing a new way it uses to spy on American citizens
    behind their backs.
    
    The dispute is technical, involving a way to track a computer's every
    keystroke. The defendant is unsympathetic, the son of a convicted
    Philadelphia mob boss who stands accused of running a loan-sharking
    and gambling business.
    
    But a decision in favor of the FBI's secrecy stance would have
    far-reaching consequences -- not only putting regular users' Internet
    privacy at risk, but also setting a precedent that could allow the FBI
    to act with impunity in future disputes over newly devised
    surveillance methods.
    
    The issue arose after agents, armed with a judge's OK, installed the
    FBI's new keystroke-monitoring device on the computer of Nicodemo S.
    Scarfo Jr., thereby obtaining the password needed to track information
    on gambling and loan operations.
    
    Now Scarfo's lawyers contend that because the technology resembles a
    wiretap, Scarfo's constitutional rights were violated by the FBI's
    failure to obtain the more strictly regulated judicial review that
    wiretaps require.
    
    Are they right? No one knows. The FBI is hiding behind a claim of
    national security and refusing to release information showing how its
    keystroke tracker works. Instead, the agency will reveal its new toy
    only to the judge presiding over the trial. He will then approve a
    summary for use by the defense, which will also be ordered to keep
    that document secret.
    
    It is possible, even likely, that there is nothing threatening about
    the FBI's new ''key logger'' technology. Similar hardware and software
    tools are publicly available and have been used openly by the FBI in
    other cases. But that can't be determined without a techno-savvy
    outside review with full access to the device.
    
    The FBI opposes any such review, whether by independent experts or the
    defense in this case, claiming that public knowledge of the device
    would allow criminals to adapt their behavior. That's one cost of
    fighting crime in an open society. What's more, an outside review
    could benefit the FBI, too. Last year, outsiders reviewed the FBI's
    e-mail-snooper Carnivore and found flaws that hindered the program's
    use.
    
    The FBI's record on computer-related privacy issues leaves little
    reason to believe that the agency can make reasonable choices without
    scrutiny.
    
    In 1994, the FBI lobbied to have a backdoor installed in every
    computer in the nation, to give agents automatic access once they got
    a judge's permission. The plan was dropped only after the National
    Academy of Sciences determined it would make all computers more
    vulnerable to hackers. Last year, the FBI misled Congress and the
    public about the reliability and security of Carnivore, in an effort
    to head off outside review.
    
    The FBI is right to use advanced technology to fight sophisticated
    criminals. But the FBI is wrong to insist that it should decide on its
    own how to move forward in a way that protects the public's privacy
    rights.Today's debate: Privacy rights Use of keystroke technology to
    nab suspect raises privacy issues.
    
    
    -- 
     Patrick Oonk - PO1-6BONE - E: patrickat_private - www.pine.nl/~patrick
     Pine Internet  -  PAT31337-RIPE  -   Hushmail: p.oonkat_private
     T: +31-70-3111010  -   F: +31-70-3111011   -  http://security.nl
     PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934
     Excuse of the day: High nuclear activity in your area.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 07:44:05 PDT