FBI May Use Keystroke-Recording Device Without Wiretap Order ::: Turns out that Pretty Good Privacy ain’t so good if the FBI has you in their sights. Nicodemo Scarfo Jr. is an allged crime boss who was indicted in June, 2000 for loan-sharking and gambling charges.
What makes the case interesting is that the government obtained the information implicating Scarfo by installing a key logging system on his computer to trap his PGP passphrase. Once armed with the passphrase, the FBI was able to decrypt the incriminating documents.
The order that came down from the US District Court on 12/26 (Merry Christmas, Nic!) was that the FBI did not violate the Federal Wiretap Act in capturing this information. The FBI was able to invoke the Classified Information Procedures Act to prevent disclosure of how the key logger system worked. The judge held an in camera (i.e., private) discussion to determine the legitimacy of the FBI’s claim, and then ruled that the CIPA applied. (And why isn’t this a wiretap? The FBI claims that their classified key logger only captures information when the computer isn’t transmitting information over a wire, so that the wiretap act doesn’t apply. Don’t you love the law? Makes that Steve Jackson Games case even more prophetic, doesn’t it?)
Back in ’96 when I was editor in chief of the Richmond Journal of Law & Technology, we published an article by Greg Sergienko about self-incrimination and cryptographic keys. It was a good article, but dealt with what seemed to be the obvious risk at the time: the government forcing the individual to turn over the key. What’s obvious now is that the government has easier ways of getting at the key… rendering the use of encryption just a little less secure.
If you’re interested in the Scarfo case, there’s a good bit of information at EPIC’s site here.