US: FBI Software Records Each Keystroke
The FBI is planning to give away computer software. All you have to do to get some is make the bureau think you're involved in crime.
The software is called Magic Lantern, and along with the Justice Department's greatly expanded powers, it's making civil libertarians nervous.
Magic Lantern is a program that records each keystroke made on a target computer and transmits that data to the bureau. The FBI doesn't even have to go to the computer's location because Magic Lantern can install itself, just like a Trojan-horse computer virus. And like a Trojan horse, it disguises itself as a benign code.
The FBI has acknowledged Magic Lantern's existence but little more. The program is intended to sidestep one of the most difficult eavesdropping hurdles: encryption.
Encrypted e-mail is almost impossible to decipher without a key, a small computer file that unscrambles the code. Without the key, encrypted e-mail is gibberish. The key, in turn, is protected by a password.
Magic Lantern apparently doesn't try to decrypt e-mail. Instead, it records the characters as they're typed. With it, the bureau can obtain a suspect's password and then the encryption key.
Encrypted e-mail has bedeviled the FBI for years.
Its first attempt to get around the problem was a device that recorded keystrokes, called a key logger. But unlike Magic Lantern, the device required an agent to sneak into a suspect's home or office to install it on a computer.
While few people argue that such devices can be invaluable in national-security cases, some contend that their use in other types of cases is inevitable.
In fact, evidence developed with a keystroke-logging device already has been used in the trial of suspected Philadelphia mobster Nicodemo Scarfo.
The recently passed USA Patriot Act gives the Justice Department much more freedom to record e-mail information. One provision can force a judge to issue an order for recording the addresses to which a suspect sends messages and from which the suspect gets messages - if a prosecutor files papers certifying that e-mail is relevant to an investigation.
Privacy advocates argue the law is far too open to interpretation.
"What is relevant?" asked David Sobel, general counsel to the Electronic Privacy Information Center in Washington. "Anything could be relevant."
- 192 Technology & Telecommunications