Interesting People mailing list archives
IP: more on Hentoff: The FBI's Magic Lantern
From: Dave Farber <dave () farber net>
Date: Sat, 25 May 2002 13:41:01 -0400
------ Forwarded Message From: "Ted Bridis" <tbridis () ap org> Date: Sat, 25 May 2002 12:03:44 -0400 To: <farber () cis upenn edu> Subject: Re: Hentoff: The FBI's Magic Lantern
... and plant the Magic Lantern on your computer. It's also known as the
"sniffer keystroke logger."<< Hentoff mixes up the FBI's "KLS," or "Key-Logger System," which is a combination of proprietary hardware and software for keystroke logging and was used in the Scarfo gambling & loan-sharking prosecution in New Jersey to obtain Scarfo's encryption passphrase, and Magic Lantern, which is software-only and is being designed at FBI labs with help from an outside contractor so that it can be injected into the target's computer remotely and allow the FBI to monitor your computer use from afar. The mysterious document cited by Hentoff, dated May 8, 1999, involved the KLS (not Magic Lantern) in the Scarfo case, and EPIC posted it online last year: http://www2.epic.org/crypto/scarfo/application_5_99.pdf KLS operates very similarly to Keyghost, a commercial product available from a firm in New Zealand and reportedly used by the Secret Service and Naval Criminal Investigative Service, though its software is much more sophisticated. According to the FBI, the KLS can distinguish, for example, when a target is offline to capture keystrokes (when a search warrant probably suffices), from when a target is online (when capturing keystrokes might require a judge's approval of a full Title 3 wiretap warrant). The FBI has said in court documents that KLS essentially turns itself off when a modem connection is made (but has not addressed what happens for "always-on" broadband connections). Scarfo, who pleaded guilty, was allegedly using PGP to encrypt locally-stored data files, not e-mails in transit, so ostensibly there was no need to capture his typing online. It's unclear to a lot of experts exactly which type of warrant might be required for the use of Magic Lantern (which makes it so intriguing to investigate) but this certainly would *not* invoke the sneak-and-peak provisions of the Patriot Act, which Hentoff cites, since Magic Lantern unlike the KLS doesn't require physical access to a target's computer either to implant the technology nor recover what's already been recorded. (I broke the story about the use by the FBI of its Carnivore system while a reporter for The Wall Street Journal, and have written extensively for the AP about wiretap and surveillance issues. I currently cover the FBI and Justice Department). ----- Original Message ----- From: "Dave Farber" <dave () farber net> To: "ip" <ip-sub-1 () majordomo pobox com> Sent: Friday, May 24, 2002 11:10 PM Subject: IP: Hentoff: The FBI's Magic Lantern
------ Forwarded Message Subject: Hentoff: The FBI's Magic Lantern The Jim Dempsey referred to in Hentoff's piece was a House staffer in the early '90s and once, without saying anything, pointed me to a public document (transcript of testimony before a House Committee), missed by other jounalists, which containes an admission by the Secret Service that it was monitoring bulletin boards and IRC channels.From the Village Voice --http://www.villagevoice.com/issues/0222/hentoff.php The FBI's Magic Lantern Ashcroft Can Be in Your Computer by Nat Hentoff Before being confirmed for the Supreme Court, Louis Brandeis was known as the People's Lawyer because he was pro-labor and fought monopolies and trusts. It took months before the Senate agreed to put this "Radical" on the court as the first Jew in its history. Brandeis was particularly passionate about the right to privacy, and one of his dissents on that issue foresaw the Bush-Ashcroft administration's ominous assaults on that right. In 1928, the first wiretapping case, Olmstead v. U.S., came before the Court. A majority of Brandeis's brethren ruled that wiretapping a phone without a warrant did not violate the Fourth and Fifth Amendments because the taps were planted outside the home. Brandeis, who was widely read and suspicious of government's overreaching tentacles, wrote prophetically that "in the application of a constitution, our contemplation cannot be only of what has been, but of what may be. The progress of science in furnishing the government with means of espionage is not likely to stop with wiretapping. Ways may some day be developed by which the government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home. . . . Can it be that the Constitution affords no protection against such invasions of individual security?" Brandeis could not anticipate the advent of the computer and the Internet, but his prophecy has come true. Already, as Reuters reported last December 12, the FBI has asked "Internet service providers to install technology in their networks that allows officials to secretly read e-mails of criminal investigation targets." That molestation of privacy was called "Carnivore." But the FBI has developed an even more insidious device to obtain "the most intimate occurrences of the home"and office. Beware of "The Magic Lantern." Under the "sneak and peek" provision of the USA Patriot Act, pushed through Congress by John Ashcroft, the FBI, with a warrant, can break into your home and office when you're not there and, on the first trip, look around. They can examine your hard drive, snatch files, and plant the Magic Lantern on your computer. It's also known as the "sniffer keystroke logger." Jim Dempsey, deputy director of the Washington-based Center for Democracy and Technology, tells me that you have to be remarkably computer-savvy to detect the presence of the Magic Lantern in some crevice in your computer. Once installed, the Magic Lantern creates a record of every time you press a key on the computer. It's all saved in plain text, and during the FBI's next secret visit to your home or office, that information is downloaded as the agents also pick up whatever other records and papers they find of interest. Dempsey, who has been my guide to increasingly invasive technology for years, points out that this new version of J. Edgar Hoover's "black bag jobs" is not subject to the "sunset" clause of the USA Patriot Act, which requires Congress to review in four years much of the rest of that law to see if Ashcroft went too far in dismantling the Constitution. These legal break-ins, including the use of the Magic Lantern, are not limited to investigations of terrorism but are now part of regular criminal investigations. By the way, in case you might be just musing at the computertyping in thoughts or theories you don't intend to sendthe Magic Lantern will capture those strokes, too. Under previous law, the FBI had to let you know right away when they've made these uninvited visits in your absence, and tell you what they've taken. The agents may have gone to the wrong address, which is not unheard of, or gotten a bad lead, or manifestly exceeded their authority. On being given swift notice of the FBI's burglaries, you could quickly challenge the search. But under the USA Patriot Act, the FBI can go to a judge and get permission for a "delayed notice" of up to 90 days. Moreover, during this open-ended Justice Department war on terrorism, the FBI can keep going to court for further "delayed notices," since part of these secret searches may ostensibly be concerned with terrorism. And, Jim Dempsey notes, if they don't find anything the first and second times, they can keep breaking into your home or office until they come across a smoking gun. Eventually, they'll have to tell you they've been there. But Justice Brandeis predicted that the government one day would be able to remove private materials without physically having to go into your home or office. Well, never underestimate the capacity of advancing technology to further diminish what little is left of your privacy. Reuters also has reported that the Magic Lantern would allow "the agency [the FBI] to plant a Trojan horse keystroke logger on a target's PC by sending a computer virus over the Internet, rather than require physical access to the computer as is now the case." The Reuters December 12 story quotes the FBI as claiming the Magic Lantern "is a workbench project" that has not yet been deployed. But I have a copy of a May 8, 1999, application to a United States District Court in New Jersey from a U.S. Attorney in that state at the time, Faith Hochberg. It authorizes a "surreptitious entry" to search and seize "encryption key related pass phrases from [a] computer by installing a specialized computer program . . . which will allow the Government to read and interpret data that was previously seized pursuant to a search warrant." The application also asks permission for the FBI or its delegated entities to enter the location "surreptitiously, covertly, and by breaking and entering, if necessary"and "as many times as may be necessary to install, maintain and remove the software, firmware or hardware." So a precursor of the Magic Lantern was in use back then under Clinton's FBI and it is Jim Dempsey's belief, and mine, that the state-of-the-art Magic Lantern is now in the field, among us. The FBI already told Reuters in December that it uses keystroke loggers. So beware of what you stroke. "When you come to the fork in the road, take it" - L.P. Berra "Always make new mistakes" -- Esther Dyson "Be precise in the use of words and expect precision from others" - Pierre Abelard John F. McMullen johnmac () acm org ICQ: 4368412 Fax: (603) 288-8440 johnmac () cyberspace org http://www.westnet.com/~observer ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: more on Hentoff: The FBI's Magic Lantern Dave Farber (May 25)