by David Corn
The FBI who?
The FBI who is working on a way to gain remote access to all you type on your computer so we won't have to say 'knock, knock' in the future.
In mid-December, the FBI made a startling announcement that received scant attention. A spokesman for the bureau acknowledged it was developing a controversial Internet spying software -- code-named Magic Lantern -- that supposedly can surreptitiously enter an individual's personal computer, record every keystroke and zap all this data back to the G-men and G-women. Presto, the data-snoops at the bureau would have the target's computer passwords, the texts and addresses of all the emails written by him or her (even those angry emails drafted but never sent), a record of all the Internet traveling he or she did, copies of snail-mail correspondence, the contents of any diary kept, to-do lists, on-line banking information, memos, you-name-it --anything typed into the computer, even if it were immediately deleted or trashed.
For weeks, rumors of this computer-search software had been buzzing throughout tech circles. In November, MSNBC first reported FBI was developing a computer "virus" that would install "keylogging software" on a suspect's machine. But the bureau would neither confirm nor deny. Several software companies were asked by reporters if they were cooperating with the FBI by rigging their anti-virus detection programs to ignore Magic Lantern. Some firms offered conflicting replies; eventually all said they were not in league with the government. Then finally a FBI official named Paul Bresson publicly confirmed Magic Lantern was no illusion. "It's a workbench project" that has not yet been used, he told Reuters. And that was all he would reveal.
Magic Lantern would not entail a dramatic technological advance. As zdnet.com notes, "several hacking tools, the two most popular being Back Orifice and SubSeven, allow full control over a remote PC infected by the program, including keystroke logging." Still, it is a momentous law enforcement advance.
The software was born out of FBI frustration. In recent years, the electronic eavesdroppers of the bureau have been bedeviled by widely-available encryption programs. If the FBI gets a warrant to intercept the Internet communications of a suspect, it is screwed if that data has been encrypted, for the bureau does not have the resources to crack this sort of code. It would be much easier to obtain the passwords used by a target and with those in hand de-encrypt the information. In at least one known case, the feds, using a search warrant, gained physical access to the computer of an alleged loan shark and gangster who had utilized encryption to scramble information on his hard drive. The bureau planted keystroke-detection technology on the computer, uncovered his password and collected evidence against him. (In court, the FBI adamantly refused to disclose the specifics of its keystroke-snatching technology.) Magic Lantern would replace the need for a black-bag job. Instead of agents breaking into a home or office to attach a keystroke logger, the software would creep in, perhaps via an email that seems to come from a friend, and silently penetrate the computer.
With Magic Lantern, the FBI would move beyond its controversial Carnivore system, which is installed at an Internet service provider, reviews the data stream and picks out email and web visits of specific account holders. Carnivore is like a policeman at a speed trap watching for suspected speeders. Magic Lantern is a cop who sneaks into the backseat of the car of a suspect and, unbeknown to the driver, rides along.
So there's a problem with this? Possibly. Magic Lantern could too easily lead to overly broad searches. Though its grail may be encryption passwords, agents will be able to snag anything typed on a keyboard. (The FBI in the days of old used to love to obtain the discarded typewriter ribbons of suspected criminals or commies. With the ribbons in hand, the bureau could read whatever had been written on the suspect's typewriter.) Viewers of The Sopranos might recall the episodes in which FBI agents wiretapped Tony's home. As is often the case, they were not allowed to record everything that went on in the house. The FBI team could only roll tape when it was clear T. was talking about illicit enterprises. That is because wiretaps are supposed to be narrowly aimed, not used like a Hoover (pun intended). Magic Lantern could end up being much too powerful a snoop.
"Because the tool involves covert installation of software on someone's PC with no physical intervention, it could conceivably allow law enforcement to circumvent wiretapping restrictions,"Alex Salkever writes on Business Week Online. David Sobel, general counsel for the Electronic Privacy Information Center complains, "We don't know what this is capable of." Will this software be open-source? asks Lee Tien, a senior attorney for the Electronic Frontier Foundation. If it is not, the public will not have a clear picture of its capabilites. (Don't bet on the FBI opening such a potent weapon to scrutiny.) The public may not even know when Magic Lantern is up and running, assuming the bureau's high tech wizards succeed. Perhaps it already is. And here's a scary thought: what if Magic Lantern fell into the wrong hands? Or what if the FBI's development and use of a particular software helped or encouraged corporations, individuals, or other governments (say, Beijing) to produce and exploit similar software? Who knows who will be slipping in and out of your computer.
In the Ashcroft era, it is easy to lose sight of a fundamental principle: not every government invasion of privacy has to be accepted, even if the government claims each one is a necessary tool for fighting the "evil ones." But when a war is under way, civil liberties tend to be trumped by national security concerns, real or imagined. For those who fret about Magic Lantern, the trendline is not encouraging. The USA Patriot Act, quickly passed by Congress in October, included a provision that made it easier for the FBI to unleash Carnivore. The legislation allows agents to install it without petitioning a judge for a warrant, as long as they get an okay from a U.S. or state attorney general,
In a 1967 decision, the Supreme Court observed that "by its very nature eavesdropping involves an intrusion on privacy that is broad in scope" and that "few threats to liberty exist which are greater than those posed by the use of eavesdropping devices." Which means it is a government power to be used sparingly, as a last resort, and with extensive oversight. If Magic Lantern does become operational, tough regulations ought to be imposed. Judges should be tightfisted in signing warrants allowing the FBI to dispatch the software. If a warrant is signed, the snoopers should have to report to the judge often and provide full updates on how Magic Lantern is being used and what it is collecting. The target ought to be notified his or her computer has been penetrated shortly after the investigation ends.
But because government wiretapping is a subject shrouded in great secrecy, it is usually difficult for the public to tell whether or not the rules governing it are being followed assiduously. When Attorney General John Ashcroft appeared at a Dec. 6 hearing of the Senate Judiciary Committee, Senator Maria Cantwell, a Democrat from Washington state, raised the subject of Magic Lantern. She noted that under the USA Patriot Act it was indeed possible Magic Lantern-like software could be employed in too sweeping a manner. She asked if Ashcroft would agree to meet four times a year with legislators to discuss how the government was utilizing intercept technologies like Carnivore and Magic Lantern. Ashcroft offered a noncommittal reply: "I welcome the opportunity for the [Justice] Department to work with you toward these objectives." In other words, yeah, right.
Lee Tien has a good idea along these lines. He suggests there be "some kind of powerful independent counsel (like a police Internal Affairs department) that watches all this surveillance." Magic Lantern, he says, "goes far beyond tapping a line. Those of us who use computers have a lot of our lives on them. You use your computer to read, to think with. It's our virtual home, very much an extension of self." The government should invade this turf only in the most dire circumstances.
In that 1967 Supreme Court decision, the justices said it is conceivable a surveillance technology could be so risky, from a constitutional perspective, that the Fourth Amendment would prohibit the government from taking advantage of it. That's never happened, but Magic Lantern is a close candidate. This software would give the government the power to enter your most private space and record everything you write. With a war on -- so to speak -- Magic Lantern is not shining brightly on many radar screens. But it is a step toward Big Brotherhood that warrants reflection and debate before this software magic becomes mundane.
David Corn is the Washington editor of The Nation and a regular AlterNet contributor.