Keystroke Logger Faces Federal Wiretap Charges 346
securitas writes "In what prosecutors say is the first case of its kind, a former insurance claims manager was indicted on federal wiretapping charges for allegedly installing a keystroke logger on another employee's computer. The device was secretly installed 'on a PC used by a secretary to senior executives at Bristol West Insurance Group.' Reuters reports that the man, who had been fired, was gathering information for a class action lawsuit against his former employer. SecurityFocus interviews would-be keystroke logger user Larry Lee Ropp who reportedly installed the KEYKatcher device on the PC."
What a contradiction! (Score:5, Insightful)
It raises an important question, I think: are keyloggers wiretapping devices? They don't involve telecommunications lines directly, so can they be considered in the same class?
Some food for thought.
It sounds like he went to far... (Score:4, Insightful)
Oh, so it's "okay" (Score:4, Insightful)
He was... he was helping the government investigate a corrupt company, yeah! He was James Bond! Saving the innocent from themselves!
Yeah... he had no intention whatsoever of joining a competing company and stealing the client list.
Good. (Score:2, Insightful)
Good. It is not the decision for just any man to make, on when to invade someones privacy. (Most) Laws exist for a reason. This man broke one. Hopefully he'll spend some time in jail.
Re:Just slightly OT (Score:5, Insightful)
Re:Federal wiretapping charges? (Score:3, Insightful)
Wiretapping laws actually vary from state to state. Some states allow you to secretly record a conversation as long as you are a part of that conversation. A few states do not allow this - you have to tell people you are recording them.
In this instance, the guy at the insurance company was not a party to the conversations going on. Therefore he was obviously in danger of violating the law.
Being a whistleblower means that you call up the FBI and you let them do the investigating. Here, he was playing the role of the FBI.
Unfortunate mistake, considering that his former employers probably were/are scumbags.
Re:Just slightly OT (Score:5, Insightful)
No. Not unless you think like this:
Dear god, think of the children. WON'T SOMEBODY THINK OF THE CHILDREN?
The correct solution is called parenting. There is no substitute for parental supervision and being involved with your children's activities. You wouldn't let a child watch whatever TV station they want, completely unsupervised - so why would you do the same with an internet-enabled computer? Call me old fashioned, but I don't even think a child should be allowed access to a net-connected computer unless it's in a shared, plainly visible family room environment.
Using tricks to snoop on your kids like this will breed an attitude of distrust and paranoia. You'll also only find out what they're up to after the event. Instead of working against them, you should actively work with them.
Plus, with a software solution - you actually have to check the logs from time to time. If you care so little that you'd rather a piece of software babysat your child, eventually you'll stop reading the logs because that involves effort.
This guy is an idiot..... (Score:4, Insightful)
Not the smartest thing to do. He deservse whatever he gets.
Re:Just slightly OT (Score:5, Insightful)
Actually, kids in schools can not prevent the search of their lockers, as the school owns the lockers. I imagine it is this same logic that is extended to computers owned by the school.
The same unfortunately is applicable to many places of employment. Owning the equipment gives employers the right to monitor it. I believe that this was decided in the supreme court.
You should never assume that you have privacy on equipment you do not own.
What if... (Score:5, Insightful)
Re:Federal wiretapping charges? (Score:4, Insightful)
Re:Just slightly OT (Score:4, Insightful)
Re:Just slightly OT (Score:2, Insightful)
Re:Just slightly OT (Score:5, Insightful)
Lessons learned... (Score:5, Insightful)
In the meantime, we shall have to rely on the usual methods of camera's, microphones, keyloggers and traitors. I think we can learn a lot from former Soviet-Russia and sortlike countries that have executed this behaviour in great practical ways...
Re:Just slightly OT (Score:5, Insightful)
I'm a parent, and I wouldn't send my kids to a school with a policy like yours. That policy is not, by the way, the same as offering "filter-free, non-monitored use of the internet". There are ways of achieving a safe and humane environment without logging every keystroke, and it's disingenuous to imply that there aren't.
Re:Just slightly OT (Score:2, Insightful)
Re:What if... (Score:4, Insightful)
There is nothing wrong with monitoring yourself.
Remember, this case is about an individual installing monitoring other people with out their consent or knowledge.
In theory, if spyware were installed with out a note in the EULA saying so, and no other "I agree to let you know everything I do and where I go"... then yes, you could get them for wiretapping.
Re:Just slightly OT (Score:3, Insightful)
You should never assume that you have privacy on equipment you do not own.
OK, then I suppose you'd be fine with a clothing store videoing their customers in the changing room and selling the tapes on the Internet. After all, those people have no expectation of privacy since they don't own the store.
Similarly, an ISP would be permitted to decrypt the passwords of their clients, rummage through the data stored on their servers and see if there's anything useful or naughty in there.
We must concede that the question of privacy is not a line drawn in sand but rather one drawn in water, so making blanket statements like yours is not a sensible approach to the issue. Each case must be considered on an individual basis.
Re:Just slightly OT (Score:4, Insightful)
Every single person who uses the excuse "I can play God because you signed the policy agreement" should be bludgeoned to a pulp with wet noodles.
Why wet noodles? It'll take longer to achieve the pulp stage and sting more.
Re:Just slightly OT (Score:5, Insightful)
If you're talking to a trusted friend/family member about something personal (traumatic event in your life for instance) and someone walks in the room, do you modify your behavior? Of course. Does that mean you shouldn't have been talking about it? Of course not. People do have legitimate reasons to keep secrets. Doing so isn't evidence that what you were talking about or doing is wrong.
Re:Tight Security (Score:3, Insightful)
Re:Just slightly OT (Score:2, Insightful)
We don't want a "big brother" style government, but this means that we have to allow smaller entities, schools, parents, companies, etc to determine what's best for them, separately.
So if your school wants to monitor it's students..great.
If your school pushes an agenda for the governemnt to nationalize school monitoring...that sucks.
An absence of federal policy doesn't mean a free for all...in fact it may mean some rather stringent local policies. Keep it local.
Re:Just slightly OT (Score:2, Insightful)
things start getting really messy here, but kids are quite resourceful. i was in school once, i seem to remember that some of use knew more about the security systems on the computers (including the admin passwords) than a number of the people running them.
so what if it grabs the text from the window i am working in...there are ways around this so i can still dl www.naughtypictures.com or run a certain command and not get caught.
for example i just have to write a little program or script that will dl it for me through a proxy and then save it to hd or homearea as prettyflowers.jpg then open file and no one was caught.
i guess my point is that whatever you do is not enough for someone sufficiently motivated to do something they shouldn't be
Consent (Score:5, Insightful)
As adults, they may be presented with similar policies. Only this time, they have the "choice" of consenting or losing their job.
Re:Just slightly OT (Score:4, Insightful)
I am just stating fact. It's true that it would be wrong for companies to place video equipment in changing rooms and bathrooms, and in fact there are laws specifically preventing this.
You can be sure that you are covered by five different cameras as you enter and leave changing rooms. Also, most stores have spies close to these areas.
So much as ISPs and computer privacy is concerned, I wouldn't say they have the right to do anything. but that does not mean they don't have some capability and can use it covertly. One example might be is if you are a spammer.
Also as you know, the FBI can intercept much of your email traffic with carnivore if they wanted to, and because of the patriot act they do not need to get a court order to do so anymore.
Privacy is not a constitutional right. Modern electronics means that we as citizens are going to monitored and watched more than ever before.
Re:Just slightly OT (Score:3, Insightful)
What if the childs surfing for porn? Emailing a friend about commiting suicide? Chatting with perverts? Planning a murder of a teacher? You think these things aren't done?
What's coming to this country when 11-year olds have a "right to privacy"? What kind of parent puts that much faith in a child? Hell, why bother parenting at all then?
Re:Just slightly OT (Score:2, Insightful)
I know. Once again it's easier to blame the kids than it is to take responsibility for being armchair parents--omniscient and impotent at the same time.
Re:Just slightly OT (Score:1, Insightful)
***
Legal disclaimers do not preempt basic human rights and ethics.
Well... okay... in today's America they do. Let me rephrase that.
Legal disclaims SHOULDN'T preempt basic human rights and ethics.
Which basic human right is this? It's not their computer, it's essentially a public computer, so they have no right to expect privacy.
Do you even know what a basic human right *is*? It's not free, unmonitored-under-any-circumstances internet access, that's for damn sure. Next you'll be telling me about their basic human right to cable television, I guess.
Re:Just slightly OT (Score:5, Insightful)
Anyone with an ounce of honest thought realizes that watchful Big Brother wouldn't have prevented Columbine. Watchful Big Brother always sides with the majority popular clique. If anything watchful Big Brother would've helped the priveleged students antagonize their scapegoat prey and would've brought the whole situation to a head much earlier.
Which isn't a bad thing. Armchair parents and water-cooler gossips needed a wakeup call. I don't condone the end result of those actions but, in all honesty, the clique nature of our social system is just begging for it.
Re:Just slightly OT (Score:4, Insightful)
I'm sure it works well for you, but don't put all your trust in it. It's ridiculously easy to fool something like that - ridiculously easy.
Wouldn't it be better to use policies and actually restrict their actions, as opposed to trying to half-ass guess when they're doing something wrong so you can send out the heavies? It's kinda like an automated CCTV system that looks for people in black/white striped tops, wearing masks and carrying black bags with dollar signs on... The sort of students who know how to get round stuff like that are the ones you want to be watching. Ironic, really... By using that approach to security, you've made yourself less secure.
Re:Just slightly OT (Score:3, Insightful)
Most of it is pathological. Parents and school administrators are scared. So naturally they will do anything they can think of to prevent another Columbine from happening. More cops and cameras in schools are the first things that comes to mind.
But I think you touched upon a larger issue. Since 9/11 we as a nation have lived in a constant state of fear, much of it irrational.
Where do we stop and look at ourselves and ask what are we giving up in the name of security?
I hope more people ask that question.
Almost .... there ... (Score:5, Insightful)
Should keylogging be considered wiretapping? NO. It is a distinctly different technology and all lumping things together does is make it easier to confuse the issue the next time someone wants a warrant to do something -similar-.
Keylogging, network interception and a whole host of other things are still quite different from basic phone taps. They should be given a distinct category that can be properly defined.
If anything, the expectation of privacy on the line between your computer and your keyboard is MUCH higher than any expectation people have today for phones (when was the last time you started typing and realized someone else was typing on your computer as well
Plus, you can't expect that by listening in on a phone you are going to regularly hear someone's social security # (my bank uses it for my login id
In the end I think the guy should be penalized more than wiretapping, but not -as- a wiretapper.
Re:What a contradiction! (Score:5, Insightful)
In New York federal investigators used a search warrant ( sneek and peek ) to install a keylogger on a mob boss's computer to steal his pgp keys. They DID NOT HAVE A WIRETAP WARRANT. You can now see the contradiction inherent in this prosecution. Go after this guy and possibly let a mob boss off on appeal because the information they used to convict him is now tainted.
Of course if they had gotten a wiretap warrant in the first place this would not have been a problem, but they did not have the evidence to get wiretap only a search warrant they have differnt levels of proof of illegal doings
Re:Panties in a bind (Score:2, Insightful)
All of this is a far cry from using electronic spy tools to secretly monitor the children's activities. What kind of message does it send to the kids? "Be good! Because if you don't, we are always watching. No matter where you go, we are watching!" Is that really the lesson we want to teach the children? Be good, not for the sake of being a good person, but for the sake of not getting caught.
And that is the difference between appropriate supervision and eletronic surveillance. With the former, the goal is to teach the children, mold them by example and through good leadership, and let the keep their individuality and allow them to experiment within appropriate bounds. With the latter, its simply trying to keep kids away from things which *could* be bad for them.
In short, if a school thinks it needs to install this kind of electronic monitoring system, I think it is indicative of a lack of appropriate supervision and/or quality teachers.
My kids' teacher should know what my child is doing (approximately) without resorting to spying.
Taft
Re:Just slightly OT (Score:3, Insightful)
Getting serious (slightly...) for a minute... I don't feel that "my" generation needs to tell the younger generation that "they lack discipline". That's just passing the buck. It's my generation's responsibility to *provide* discipline - even if that means saying "you can stay up all night surfing pr0n once you leave home/reach 18/run away and join the circus - and not before!
But yeah, back to the humour... I'm just bitter!
Re:Just slightly OT (Score:3, Insightful)
You've never had to deal with rule breakers, have you?
-----
This sums up my whole issue with Big Brother techniques such as keyloggers.
Even former university sysadmins play favorites. Teachers play favorites, parents play favorites, PEOPLE IN GENERAL play favorites. While playing favorites is a natural part of human existence there's no good to come of installing more and more systems to further antagonize those who aren't the favorite.
In our society the people writing the rules are far too priveleged and too well protected. A natural usefulness of rulebreakers is to identify which rules need to be revised or reconsidered. With all of these Big Brother techniques to catch rule breakers the moment they move a finger the wrong direction we'll never refine our system of rules. We continue adding rules and more rules and more rules. It's only logical that, in a system that never repeals or revises rules but onoy adds them, it will be possible to selectively enforce the rules not for the sake of order but to advance personal agendas.
Let's face it. Until we constructively figure out a way to get out of our descending spiral of zero tolerance and moral elitism (often defined and enforced by those who are the biggest hypocrites) then our society is and will continue to be _broken_. Keyloggers aren't going to fix it. Keyloggers are only going to help make it more broken.
Re:Does this contradict the Scarfo case? (Score:3, Insightful)
Re:Just slightly OT (Score:3, Insightful)
I'll remember that when I watch the fireworks the next fourth of July. For all the good it will do me.
Evidently I don't have enough privacy rights to stop the government from searching through my library records, seeing what books I buy, or reading my emails in the name of stopping terrorism (and doing so without a court order). Thanks to the patriot act.
Then there is Total Information Awareness reborn [matrix-at.org] which is the marrying of commercial and government databases to rob me of even more privacy, and echelon [echelonwatch.org].
So privacy is a nice idea, but unfortunately, that is all that it is.
Our government is out of control in more ways than one.
Re:Just slightly OT (Score:4, Insightful)
And since most people own damn little, they effectively have no privacy. Should your landlord have the same right to monitor their tenants? Suppose someone is sneaking in an overnight visitor in violation of the lease? Should the landlord be able to monitor your communications to find this out? They own the building, you don't.
Privacy rights that extend only as far as you own the computer equipment are effectively useless, as they would cease to exist once your networked data travels outside your property boundary. After all, the phone/cable company owns the wires, and you are using their equipment.
Re:Consent (Score:3, Insightful)
Of course they don't. They're students. When were you ever given a choice in school -- "Well, you can read The Scarlet Letter, or you can play with your gameboy." This is no different from teachers walking around the classroom to make sure everyone's doing their assignment.
Re:Just slightly OT (Score:2, Insightful)
Did you miss the part where the student has recourse to a higher body if they felt they had been unfairly singled out?
-----
I didn't miss it. I ignored it. Our system of zero tolerance and well protected rulemakers leaves no real breathing room for recourse.
We shouldn't give up on enforcing rules. We should better define which rules need to be enforced. This is _the_ central problem in our current society. A vast majority of people are busy writing rules and more rules and more rules to justify their high-horse of righteousness.
Stop and think about the following:
Is this really a rule that we will want on the books ten years from now?
Is this really a rule that we have the ethical right to enforce?
Is there potential for abuse in this rule?
Can we better spend our time refining existing rules than adding new rules?
If you've done any complex programming you would understand what I'm getting at. Any idiot with a text editor can write more code and more code and more code. It takes a good programmer to go back and rewrite code to be faster, better, more efficient, more effective, and more productive.
Here in the US we don't have a demand for good politicians. We only have a demand for politicians that can make more rules. In essence, the US political system is writing a crappy operating system with more band-aid style approaches such as key loggers. They never go back to see that the real problem is with the existing US Code. It's causing more page faults than any army of keyloggers can fix.
Re:Does this contradict the Scarfo case? (Score:5, Insightful)
Sorry, but you missed the boat. In that case, the key logger was designed so that it would be DISABLED when it detected an internet connection. A keylogger that doesn't disable itself will capture keystrokes being sent over the internet, which then becomes a wire-tap.
Re:Just slightly OT (Score:3, Insightful)
> schools you will see cameras everywhere.
and worse - there were cameras at columbine, recording the shooting but not preventing anything.
Re:Just slightly OT (Score:2, Insightful)