Cyber Knights. Magic Lantern. These names conjure up visions of King Arthur, the Round Table and defending the weak from the strong. Protecting the innocent from the corrupt. Defending all that is good from that which is evil. How could something called “Cyber Knights” possibly be bad?
It is, though. It is very bad. After eight years of being headed by Louis Freeh – a man who saw fit to revise Benjamin Franklin’s famous statement, “Those who would give up essential freedoms for security, deserve neither freedom nor security” and replace it with his own “The American people must be willing to give up a degree of personal privacy in exchange for safety and security” – the FBI has chosen to use Sept. 11 as an excuse to remove yet another “degree of personal privacy.”
Under a new initiative called Cyber Knights, the FBI has launched into the business of creating “Trojans” – a particular type of computer virus – to infect computers. Yes, that’s correct, the FBI, wants to infect your computer with a virus. Launch a program from an infected e-mail, and the FBI will have a record of every keystroke you make on your machine. They call it their “Magic Lantern.” Possibly learning from their public relations debacle “Carnivore,” now renamed the “DCS-1000,” and the lesser known “Omnivore,” the FBI has chosen names wisely this time. Names carefully designed to evoke warm fuzzy feelings of being protected by the proverbial “White Knight” – a Cyber Knight, if you will.
Modern cryptography has reached the point where it is not breakable by the FBI. Nor will it be in the foreseeable future, barring some stunning breakthrough in computer science or mathematics. The basic problem in breaking strong crypto is that you start with two prime numbers, and then you combine them mathematically. To break the code, and recover the message, you have to get back to those original prime numbers. Which has been compared to mixing a pound of sugar with a pound of salt, and then trying to separate them back out at a later date.
Every public case where the FBI has overcome cryptography has involved getting the “pass-phrase,” or “key” surreptitiously. One notable case had them installing a “key-logger” on a suspect’s computer, which allowed them to capture his pass-phrase, and open his encrypted files.
But you must pity the poor FBI. In order to accomplish this task, they have to get a warrant, physically enter the premises and install their hardware – all without being detected. Then someone had a bright idea: If hackers could plant viruses on people’s computers undetected, why couldn’t they do it too? Once remote control key-loggers are installed as “Trojans” on your machine, you’ll never even know you’re infected.
“But wait a darn minute! I use anti-virus software! I’m protected,” you might say. Guess again. Like other quislings and collaborators of the past, McAfee, largest anti-virus software producer in the world, sniveled up to the federal police and simpered that they would take steps to ensure their software didn’t alert you that you had been infected by the FBI. This infuriates me. I use McAfee’s product – which I paid for in good faith. Their software’s job is to alert me when a virus has infected my computer. It is not their place to decide what is a “good” virus and what is a “bad” virus.
There are questions about the legality of this approach. Will they need a warrant? How will you know if they have acted without a warrant? Plus there is that darned old Constitution getting in the way of “efficient” law enforcement again. (Side note – always be afraid when the powers that be, begin talking about “efficient law enforcement.”) The Fourth Amendment states in part ” … and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Installing key-loggers that capture every keystroke indiscriminately would seem to me to be a violation of this clause. It also seems to me that this could constitute a “fishing expedition,” if the key-logger is grabbing all keystrokes, when a warrant specifies a pass-phrase.
But I may be wrong. In a post Sept. 11 world, we seem to have entered a world where “the ends justify the means” and the average American seems to agree with Louis Freeh. Pretty sad, America.
Mike Sposato has 23 years experience in the computer industry. He currently is a software engineer with experience in security software involving both PGP and stand-alone encryption algorithms. Additionally, he is a member of IEEE, ACM and The Software Contractors Guild.