FBI ordered to reveal PC snooping technique
A federal court ordered the U.S. Department of Justice (DOJ) on Tuesday to reveal technology used to track the computer keystrokes of a suspect, in a case observers say has an impact on privacy in this era of IT surveillance.
In May of 1999, agents from the U.S. Federal Bureau of Investigation (FBI) snuck into the New Jersey office of Nicodemo S. Scarfo Jr., according to court records. They went not to tap his phone but to plant a device to track the tap of his fingers on his keyboard, recording the keystrokes to glean the password for an encrypted file, according to the records. The DOJ, working with the FBI, is charging Scarfo with racketeering, illegal gambling and loan sharking as a member of what they call a Mafia crime family.
When agents raided the computer system earlier, they discovered a file named "factors" which was protected with PGP (pretty good privacy) encryption, according to the records. Suspecting the file contained records of gambling debts to support their loan sharking investigation but unable to crack the encryption, agents installed the key logger to get the password as he typed. The cracked file became key evidence in their case.
What the court doesn't know is how the key logger system works. The government said national security prevents it from disclosing its methods but U.S. District Court Judge Nicholas H. Politan wants a better explanation. Politan called the printout of FBI's computer keystroke log "gobbledygook" and ordered the government on Tuesday to explain the technology used in the keystroke logger within the next 10 days.
The case has broad implications in the escalating debate about technology and privacy in the U.S. The government asserts that revealing the technology used to learn Scarfo's PGP password would endanger the lives of U.S. agents and hurt ongoing investigations of foreign intelligence agents. But a software designer says it's unlikely that a keystroke logging program itself contains especially sensitive technology.
"It's not rocket science ... I sure hope our tax dollars didn't go to their top scientists to spend all their time developing a keystroke logger," said Richard Eaton, president of WinWhatWhere Inc., a software company that makes keystroke logging tools. "They said the methodology is the security issue ... it could be the way the data is transmitted out of the system. I don't know if it was e-mailed out of there or what."
Court records describe the key logger system as "software, firmware, and/or hardware." Lawyers on both sides are under a court order not to speak publically about the case.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
