Feds: Spy Tool Is a Secret

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/politics/0,1283,45851,00.html

By Declan McCullagh 
2:00 a.m. Aug. 7, 2001 PDT  
 
The U.S. government has invoked national security to argue that
details of a new electronic surveillance technique must remain secret.

Justice Department attorneys told a federal judge overseeing the
prosecution of an alleged mobster that public disclosure of a
classified keystroke logger would imperil ongoing investigations of
"foreign intelligence agents" and endanger the lives of U.S. agents.

In court documents (PDF) filed Friday, the Justice Department claims
that such stringent secrecy is necessary to prevent "hostile
intelligence officers" from employing "counter-surveillance tactics to
thwart law enforcement."

U.S. District Judge Nicholas Politan heard arguments last Monday in
the prosecution of Nicodemo S. Scarfo, the alleged mastermind of a
loan shark operation in New Jersey. Politan asked both sides to submit
additional briefs before he decided whether or not to order the feds
to disclose details about their keystroke logging device, which
captured Scarfo's PGP passphrase.

Politan has barred attorneys in the case from talking to reporters.

Donald Kerr, the director of the FBI's lab, said in an affidavit filed
Friday that "there are only a limited number of effective techniques
available to the FBI to cope with encrypted data, one of which is the
'key logger system.'" He said that if criminals find out how the
logger works, they can readily circumvent it.

The feds believe so strongly in keeping this information secret that
they've said they may invoke the Classified Information Procedures Act
if necessary. The 1980 law says that the government may say that
evidence requires "protection against unauthorized disclosure for
reasons of national security."

If that happens, not only are observers barred from the courtroom, but
the trial could move to a classified location. Federal regulations say
that if a courtroom is not sufficiently secure, "the court shall
designate the facilities of another United States Government agency"
as the location for the trial.

But the FBI's Kerr said that CIPA's extreme procedures aren't good
enough. Says Kerr: "Even disclosure under the protection of the court
... cannot guarantee that the technique will not be compromised.... To
assume otherwise may well lead to the compromise of criminal and
national security investigations, and, in some cases, threaten the
lives of FBI or other government agency personnel."

Scarfo allegedly used PGP to encode his confidential and incriminating
business data. With a judge's approval, FBI agents repeatedly sneaked
into Scarfo's business to plant a keystroke sniffer -- it could be
either software or hardware -- and monitor its output.

During last Monday's hearing, Judge Politan wondered aloud how the law
should treat the keyboard tap.

Was it akin, Politan wondered, to a telephone wiretap, regulated by
the federal law known as Title III? Perhaps it was a general search of
the sort loathed by the colonists at the time of the American
Revolution and thereafter outlawed by the Fourth Amendment? Or was it,
as the government argued, just like cops rummaging around someone's
home or office with a search warrant in hand?

The difference is crucial: If Politan rules that the FBI's keystroke
monitor is a wiretap, the evidence may have to be discarded and Scarfo
would be more likely to walk free. That's because wiretaps must follow
strict rules -- such as minimizing information that's recorded -- that
the FBI's technique didn't.

"If no court has yet assessed the legality of this technique, it seems
clear that Scarfo should be entitled to make that inquiry," says David
Sobel, general counsel of the Electronic Privacy Information Center.

"Whether or not this was the equivalent of a wiretap is a central
question -- how can that be answered without knowing how this worked
and what it was capable of capturing?"

For its part, the defense argues (PDF) that without public disclosure,
judges will be giving their "approval to secret entries which do
nothing less than spy on the citizen so targeted."

Another thing that's suspicious, says the defense, is that the log
from the program ended as soon as it shows Scarfo's PGP passphrase:
"The odds of someone subject to a 60-day period of observation via
keystroke recording providing what was sought on the very last typed
entries are alarmingly high."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.