FBI Hacks Alleged Mobster -- PGP was not compromised.
http://www.wired.com/news/politics/0,1283,40541,00.html
FBI Hacks Alleged Mobster
2:00 a.m. Dec. 6, 2000 PST
WASHINGTON -- Nicodemo S. Scarfo, the son of Philadelphia's former mob
boss, was almost paranoid enough.
Scarfo, who has been charged with masterminding a mob-linked loan
sharking operation in New Jersey, reportedly used the popular PGP
encryption software to shield his computer's secrets from prying eyes.
But when the feds learned of Scarfo's security measures, they decided
to do something that would bypass even the best encryption software:
FBI agents sneaked into Scarfo's office in Belleville, New Jersey, on
May 10, 1999, and installed a keyboard-sniffing device to record his
password when he typed it in.
A seven-page court order authorized the FBI and cooperating local
police to break into Scarfo's first-floor "Merchant Services
of Essex County" office as many times as necessary to deploy,
maintain, and then remove "recovery methods which will capture
the necessary key-related information and encrypted files."
The case, which is awaiting trial, appears to be the first in which
the U.S. government used such aggressive surveillance techniques
during an investigation, and some legal observers say the FBI's
breaking-and-entering procedures go too far.
"I don't think it's constitutional," says David Sobel,
general counsel of the Electronic Privacy Information Center in
Washington, D.C. "This case has the potential to establish
some very important precedents on this issue."
Scarfo's prosecution comes at a time when the FBI's Carnivore
surveillance system is under increasingly heavy fire from privacy
groups, and the use of data-scrambling encryption products appears
to be growing. Last week, for instance, news leaked out about
Yahoo's encrypted Web-based e-mail service it introduced through
a deal with Zixit, a Dallas firm.
Scarfo has been charged with supervising "an illegal gambling
business" in violation of state and federal law and using
extortionate loan shark tactics, according to a three-count
indictment filed in federal court in June 2000. He has pleaded not
guilty.
"There's nothing that we can talk about or are at liberty to
talk about in the case," says Michael Drewniak, a spokesman
for the U.S. Attorney's office for the District of New Jersey.
Drewniak would not comment on the use of encryption, saying "we
do not discuss evidence."
The elder Scarfo, who once ran the Philadelphia mob that also
dominated the Atlantic City gambling racket, was imprisoned in 1991
on racketeering charges.
The spring 1999 investigation of the younger Scarfo, who is 35 years
old, may be what prompted the Clinton administration to recommend
changing federal law to allow police to conduct electronic "black
bag" jobs.
The idea first publicly surfaced in mid-1999, when the Justice
Department proposed legislation that would let police obtain
surreptitious warrants and "postpone" notifying the person
whose property they entered for 30 days.
After vocal objections from civil liberties groups, the administration
backed away from the controversial bill. In the final draft of the
Cyberspace Electronic Security Act submitted to Congress, the
secret-search portions had disappeared.
In January 2000, the Clinton administration seemed to change its mind.
"When criminals like drug dealers and terrorists use encryption
to conceal their communications, law enforcement must be able to
respond in a manner that will not thwart an investigation or tip off
a suspect," Attorney General Janet Reno and Deputy Defense
Secretary John Hamre wrote in a seven-page letter to Congress.
That letter, however, suggested the feds didn't need a new law -- and
would instead rely on "general authorities" when asking
judges to authorize black bag jobs. A related "secret search"
proposal resurfaced in May 2000 in a
Senate bankruptcy bill.
In the Scarfo case, the FBI in May 1999 asked for "authority to
search for and seize encryption-key-related pass phrases" from
his computer as well as "install and leave behind software,
firmware, and/or hardware equipment which will monitor the inputted
data entered on Nicodemo S. Scarfo's computer by recording the key
related information as they (sic) are entered."
Although the government has refused to release details, this
appears to indicate the FBI was using either a hardware device --
inserted into the keyboard or attached to the keyboard cable -- or
a software program that would quietly run in the background and
record keystrokes. With the PGP private key and Scarfo's secret
password, the government could then view whatever documents or
files he had encrypted and stored on his computer.
Ruling that "normal investigative procedures to decrypt the codes
and keys necessary to decipher the 'factors' encrypted computer file
have been tried and have failed," U.S. Magistrate Judge G.
Donald Haneke granted the FBI's request.
EPIC's Sobel suggested that Haneke did not, under federal law, have
the authority to grant such an order. "The interesting issue
is that they in those (court) documents specifically disclaim any
reliance on the wiretap statute," Sobel says. "If they're
on record saying this isn't communications -- and it isn't -- then
that extraordinary authority they have under the wiretap laws does
not apply."
"If we're now talking about expanding (black bag jobs) to every
case in which the government has an interest where the subject is
using a computer and encryption, the number of break-ins is going
to skyrocket," Sobel said. "Break-ins are going to become
commonplace."
Eugene Volokh, a law professor at UCLA, said he believed the
government could successfully argue the break-in was constitutional.
"There's nothing in the Constitution that prohibits this kind
of anticipatory search," says Volokh. "In many respects
it's no different from a wiretap."
A lawyer for Scarfo told the Philadelphia Inquirer that he would
file a motion challenging the legality of the FBI's black bag job.
"Anything he typed on that keyboard -- a letter to his lawyer,
personal or medical records, legitimate business records -- they got
it all," attorney Donald Manno told the paper. Manno could not
be reached for comment on Tuesday.
Scarfo, who is out on bail, was scheduled to appear in court Tuesday
for a hearing before U.S. District Judge Nicholas Politan. The
purpose of the hearing was to appoint a new attorney -- Manno has
represented a client who may testify for the government against Scarfo.
Any text written by other authors which may be quoted in part or in full
within this coverage of this issue is provided according to U. S. Code
Title 17 "Fair Use" dictates which may be reviewed at
http://www4.law.cornell.edu/uscode/17/107.html If you're an author
of an article and do not wish to allow it to be mirrored or otherwise
provided on The Skeptic Tank web site, let us know and it will be
removed fairly promptly.
Return to The Skeptic Tank's main Index page.
by Declan McCullagh
See also: Carnivore to Continue Munching FCC Wiretap Order Overturned
Keep an eye on Privacy Matters Everybody's got issues in Politics
The views and opinions stated within this web page are those of the
author or authors which wrote them and may not reflect the views and
opinions of the ISP or account user which hosts the web page. The
opinions may or may not be those of the Chairman of The Skeptic Tank.