“Computer Czar?” We don’t need no stinkin’ “Computer Czar!”

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

While Obama is pushing for a “Computer Czar” as the only means of saving the Internet, the FBI does not seem to have much of a problem. Declan McCullagh of CNET News, revisiting an item originally reported by Wired.com, reports that the FBI has used a variety of spyware for years which is not detected by anti-virus programs. Makers of anti-virus programs deny directly working with authorities according to a CNET survey.

They started using a program called “Magic Lantern.” Magic Lantern is keystroke logging software developed by the United States’ Federal Bureau of Investigation. It was first reported in a column by Bob Sullivan of MSNBC on 20 November 2001 and by Ted Bridis of the Associated Press. Over time they moved on to the Computer and Internet Protocol Address Verifier now in use.

An affidavit written by FBI Special Agent Norman Sanders at the time said that CIPAV is able to send “network-level messages” containing the target computer’s IP address, Ethernet MAC address, environment variables, the last-visited Web site, and other registry-type information including the name of the registered owner of the computer and the operating system’s serial number.

The software has been used against one suspect who used Microsoft’s Hotmail to send bomb and anthrax threats to an undercover government investigator; another demanded a payment of $10,000 a month to stop cutting cables; a third was an alleged European hitman who was soliciting for business from a Hushmail.com account. Another example of CIPAV’s use came in a March 2006 request to the FBI’s Cryptologic and Electronic Analysis Unit. It said a victim’s Hotmail account is controlled by a suspect who “is extorting the victim because the account had personal info in it. Subject wants victim to set up an e-gold.com account and transfer $10,000 there and then email the userid/pwd to the subject.”

Hushmail is an email service that allows transfer of encrypted messages on their servers. Hushmail’s policy is to not allow the use of the company servers for illegal activity. If confronted with an order from the Supreme Court of Canada, they will cooperate fully with authorities in any case.

While everyone can applaud the use of such devices to capture real law breakers, it does raise serious privacy issues. The Electronic Frontier Foundation has

…created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it.

The Ninth Circuit court has ruled in—United States vs. Forester—that IP addresses and the To/From fields in emails are the legal equivalent of dialed phone numbers and the government can get a court order to obtain them without showing probable cause as would be needed to search one’s house.

A footnote in the decision reads:

Surveillance techniques that enable the government to determine not only the IP addresses that a person accesses but also the uniform resource locators (URL) of the pages visited might be more constitutionally problematic. A URL, unlike an IP address, identifies the particular document within a website that a person views and thus reveals much more information about the person’s Internet activity. For instance, a surveillance technique that captures IP addresses would show only that a person visited the New York Times’ website at http://www.nytimes.com, whereas a technique that captures URLs would also divulge the particular articles the person viewed.

Will judges know when a police unit has started to obtain full URLs?

The government usually responds with If you are not doing anything wrong, why should you worry or We don’t care who is sleeping with whom (Although that last statement does not bear up in light of the fact that J. Edgar Hoover was known to use FBI resources against his political enemies and shared the information with his political friends).

Should Congress, perhaps, write legislation that would allow Federal agencies to use spyware only upon obtaining information of a crime by other means? Are these spyware programs weeding out “domestic terrorist” for the Department of Homeland Security who might write that they support the Tenth Amendment or they oppose abortion? It is known that this department is actively seeking people for their “Terrorist List” to prevent them from flying and, now, to prevent them from buying guns they are otherwise entitled to own.

Magic Lantern
First Wired.com story
Computer World

This entry was posted in Computer and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s