FBI device sets off alarms

[InfoSec News <isn () c4i org>]

Forwarded by: Patrick Oonk <patrick () pine nl>

http://www.usatoday.com/usatonline/20010830/3589336s.htm

Friday, in a New Jersey courtroom, the FBI is scheduled to deliver a
secret report detailing a new way it uses to spy on American citizens
behind their backs.

The dispute is technical, involving a way to track a computer's every
keystroke. The defendant is unsympathetic, the son of a convicted
Philadelphia mob boss who stands accused of running a loan-sharking
and gambling business.

But a decision in favor of the FBI's secrecy stance would have
far-reaching consequences -- not only putting regular users' Internet
privacy at risk, but also setting a precedent that could allow the FBI
to act with impunity in future disputes over newly devised
surveillance methods.

The issue arose after agents, armed with a judge's OK, installed the
FBI's new keystroke-monitoring device on the computer of Nicodemo S.
Scarfo Jr., thereby obtaining the password needed to track information
on gambling and loan operations.

Now Scarfo's lawyers contend that because the technology resembles a
wiretap, Scarfo's constitutional rights were violated by the FBI's
failure to obtain the more strictly regulated judicial review that
wiretaps require.

Are they right? No one knows. The FBI is hiding behind a claim of
national security and refusing to release information showing how its
keystroke tracker works. Instead, the agency will reveal its new toy
only to the judge presiding over the trial. He will then approve a
summary for use by the defense, which will also be ordered to keep
that document secret.

It is possible, even likely, that there is nothing threatening about
the FBI's new ''key logger'' technology. Similar hardware and software
tools are publicly available and have been used openly by the FBI in
other cases. But that can't be determined without a techno-savvy
outside review with full access to the device.

The FBI opposes any such review, whether by independent experts or the
defense in this case, claiming that public knowledge of the device
would allow criminals to adapt their behavior. That's one cost of
fighting crime in an open society. What's more, an outside review
could benefit the FBI, too. Last year, outsiders reviewed the FBI's
e-mail-snooper Carnivore and found flaws that hindered the program's
use.

The FBI's record on computer-related privacy issues leaves little
reason to believe that the agency can make reasonable choices without
scrutiny.

In 1994, the FBI lobbied to have a backdoor installed in every
computer in the nation, to give agents automatic access once they got
a judge's permission. The plan was dropped only after the National
Academy of Sciences determined it would make all computers more
vulnerable to hackers. Last year, the FBI misled Congress and the
public about the reliability and security of Carnivore, in an effort
to head off outside review.

The FBI is right to use advanced technology to fight sophisticated
criminals. But the FBI is wrong to insist that it should decide on its
own how to move forward in a way that protects the public's privacy
rights.Today's debate: Privacy rights Use of keystroke technology to
nab suspect raises privacy issues.


-- 
 Patrick Oonk - PO1-6BONE - E: patrick () pine nl - www.pine.nl/~patrick
 Pine Internet  -  PAT31337-RIPE  -   Hushmail: p.oonk () my security nl
 T: +31-70-3111010  -   F: +31-70-3111011   -  http://security.nl
 PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934
 Excuse of the day: High nuclear activity in your area.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.