Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Privacy Security Apple

FBI Tried To Defeat Encryption 10 Years Ago, Files Show (nytimes.com) 72

An anonymous reader shares a NYTimes article: In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable. So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group's computers to help get around the encryption. That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency's recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround. The Trail Mix records also reveal what is believed to be the first example of the F.B.I. remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap. 'This was the first time that the Department of Justice had ever approved such an intercept of this type,' an F.B.I. agent wrote in a 2005 document summing up the case.
This discussion has been archived. No new comments can be posted.

FBI Tried To Defeat Encryption 10 Years Ago, Files Show

Comments Filter:
  • by xxxJonBoyxxx ( 565205 ) on Thursday April 14, 2016 @11:08AM (#51908395)
    "Getting around the encryption" should be "intercepting data before it got encrypted or stealing passcodes with keylogging" or some-such.

    >> They persuaded a judge to let them remotely, and secretly, install software on the group's computers to help get around the encryption

    I really have no problem with this. Here, the FBI went through a legal process to get permission to monitor a suspect to look for specific messages. This is a lot different than law enforcement grabbing all data passing through an area and then fishing around in people's private business for suspicious or embarrassing activity.
    • Re: (Score:3, Informative)

      "legal process" = rubber stamp

      • by zx75 ( 304335 )

        Maybe - but it was both limited in scope and targeted based on probable cause (however flimsy the probable might have been). It's better than mass surveillance and does not attempt to bludgeon corporations into violating customer privacy and security using the legal system.

        • The legal system is toothless and corrupt. You are not going to ever prevent "mass surveillance". It's just too easy to do and cover up. We all know it's happening and expanding and resistance is nil. The only option left is to make sure it goes both ways, that we watch over the state the same way they want to watch us. When powerful people and institutions lose their privacy, they might become a bit more cautious on how information is used against a person.

          • The legal system is toothless and corrupt. You are not going to ever prevent "mass surveillance". It's just too easy to do and cover up. We all know it's happening and expanding and resistance is nil. The only option left is to make sure it goes both ways, that we watch over the state the same way they want to watch us. When powerful people and institutions lose their privacy, they might become a bit more cautious on how information is used against a person.

            It's basically a wiretap except with software. If they have reason to believe this person was breaking the law you can get a wiretap approved but you need evidence to do so.

    • Partial credit (Score:4, Insightful)

      by s.petry ( 762400 ) on Thursday April 14, 2016 @11:42AM (#51908611)

      Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping. First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

      Wiretapping is legal and has some moral uses. We can correctly state that the person maintains the assumption of innocence while they are being wiretapped. Installing software to spy requires the assumption of guilt, and provides the means for the actors to create evidence.

      The loss of ethics and morality in the agency makes them a gestapo, not a public police force. I'm sure that is the intent of this, and literally thousands of other cases within the last several years. It's the Government against the public, until the public takes back the Government.

      • Police break numerous laws in the act of law enforcement every day, right up to and including murder.

        Computer hacking, while illegal, could be seen as a reasonable form of intelligence gathering, in some cases.

      • Re:Partial credit (Score:5, Informative)

        by Registered Coward v2 ( 447531 ) on Thursday April 14, 2016 @12:05PM (#51908829)

        Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping.

        They had a warrant to install the software so it no different than a wiretap other than the point of collection.

        First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

        Data and keystroke logging software is not illegal, nor is creating such software. Software to report the results of such activity is not illegal either.

        Simply put, your assertions of illegal and criminal activity is incorrect.

        • by s.petry ( 762400 )

          Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping.

          They had a warrant to install the software so it no different than a wiretap other than the point of collection.

          The only moral equivalency is in the receipt of a warrant, not the action the warrant supports. If i take what you said to it's extreme, as long as an agent got a warrant to kill someone it's fine. They had a warrant.

          First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

          Data and keystroke logging software is not illegal, nor is creating such software. Software to report the results of such activity is not illegal either.

          Simply put, your assertions of illegal and criminal activity is incorrect.

          I find it very improbable that you are both completely ignorant and spouting lies unintentionally. Here is a test for you. Do what you just claimed is not illegal on a public computer. Make sure you wave to the camera and show them your ID. Let us know how it feels to plea bargain down to

          • The only moral equivalency is in the receipt of a warrant, not the action the warrant supports. If i take what you said to it's extreme, as long as an agent got a warrant to kill someone it's fine. They had a warrant.

            Your extreme example is silly. Warrants are issued by courts to allow police to gather evidence, and bringing a ridiculous straw man doesn't change that.

            I find it very improbable that you are both completely ignorant and spouting lies unintentionally. Here is a test for you. Do what you just claimed is not illegal on a public computer. Make sure you wave to the camera and show them your ID. Let us know how it feels to plea bargain down to 2-5 years in Prison, if you can get it down that far. Just yesterday a reporter got 24 months for giving a username and password to someone.

            Maybe you wish to clarify your statement and change your claim to be "not illegal for the Government to do since they write the rules and can change the rules at will.". Which is the ethical part I previously said is a problem.

            Merely being illegal in one set of circumstances doesn't mean it's per se illegal. I can install all the key loggers I want on computers I own, and us the data how I see fit; allow though ethically I should let someone who is using the computer know I am doing it I may not have to do so legally. Either way, developing, owning an during a key logger is perfe

            • by s.petry ( 762400 )

              My example uses _YOUR_ logic! According to your statement, the FBI can break into your computer (crime), install illegal software (another crime), and log all of your activities (outside of the scope of the warrant, so another crime), and they can do so because they had a warrant.

              I agree the logic is silly, and that is the point of showing the extremes of _your logic_.

              Pretty cool how you claim that it's not illegal after change the wording to specify "on computers I own", where in the case and point being

              • My example uses _YOUR_ logic! According to your statement, the FBI can break into your computer (crime), install illegal software (another crime), and log all of your activities (outside of the scope of the warrant, so another crime), and they can do so because they had a warrant.

                I agree the logic is silly, and that is the point of showing the extremes of _your logic_.

                Pretty cool how you claim that it's not illegal after change the wording to specify "on computers I own", where in the case and point being discussed the FBI did this on computers they DID NOT own. Oh, and go ahead and install keyloggers on computers you own that other people can access. If you don't believe your wife can not have you prosecuted.. you are hilariously ignorant. It varies from jurisdiction to jurisdiction, but in most you will be guilty of violating Federal wiretapping laws.

                Thye had a warrant to install and collect the information, just like a wiretap. I'm nit sure where you get it was illegal because they didn't own the computer but that is what wiretaps warrants are for - to listen in to a suspect's conversation. Whether or not the FBI owned the computer is irrelevant, as is your rant that key loggers are illegal. As for violating Federal Wiretap logs, Federal courts have ruled it was not a violation. See: http://jolt.law.harvard.edu/di... [harvard.edu] As for state laws, those vary but

                • by s.petry ( 762400 )

                  You don't seem to understand what a warrant is. A warrant does not change the law and make the illegal legal. A warrant is a stay of prosecution, so that an officer can perform an act which is illegal without fear of prosecution. Hacking is illegal, and a warrant does not magically make it legal. It simply means that within the parameters of the Warrant the officers will not be charged with the breaking the law.

                  That said, do you believe that the judge understood what the FBI was really requesting? Do yo

                  • You clearly have no clue so further discussion is a waste of time. HAND
                    • by s.petry ( 762400 )

                      Too funny. When you get proven to be wrong, run away mad. Immaturity across the board, grats on that.

                  • You don't seem to understand what a warrant is. A warrant does not change the law and make the illegal legal.

                    In general? No. In a specific case? Of course it does.

                    If I go and bundle someone into a car and take him away that's kidnapping. If a policeman does it and has an arrest warrant for that person it isn't. Because that's what a warrant is for and why it exists.

                    • by s.petry ( 762400 )
                      Sure, search warrant != arrest warrant != bench warrant. But, in the case of an arrest warrant the police are not kidnapping someone, they have a specific name and set of rules for "custody" and use that terminology very intentionally. Just like a bank withdraw is not robbery, even though both actions take money out of a bank.
              • Whether or not it's legal for a private citizen to install a wiretap is completely beside the point, which is that it's a law-enforcement agency that's doing this with a properly obtained warrant. These are NOT crimes for the government - only for private citizens. It would be absurd for official investigators to be bound by exactly the same rules as citizens, as citizens are obviously not charged with investigating and uncovering evidence to be used in a court of law. The warrant system is there in orde

        • by Sabriel ( 134364 )

          "They had a warrant to install the software so it no different than a wiretap other than the point of collection."

          The difference is that a wiretap on the line between Ada and Bob doesn't have root.

          Or to use a Third Amendment analogy, it's the difference between sending a uniformed soldier up the telegraph pole to listen to someone's morse, and quartering an invisible soldier in that someone's house (where the soldier can easily forge the owner's morse).

          • "They had a warrant to install the software so it no different than a wiretap other than the point of collection."

            The difference is that a wiretap on the line between Ada and Bob doesn't have root.

            Actually both have the same root access as it allows a third party to capture all communications sent by the device, in one case a phone and another a keyboard. The technology used to collect the information is not important, what is is the information collected.

            Or to use a Third Amendment analogy, it's the difference between sending a uniformed soldier up the telegraph pole to listen to someone's morse, and quartering an invisible soldier in that someone's house (where the soldier can easily forge the owner's morse).

            An interesting, but flawed analogy. First of all, someone tapping a telegraph line can forge the sender's morse and possibly with practice even their fist. More to the point, where you attach a tap has nothing to do with quartering soldiers in time

            • by Sabriel ( 134364 )

              A wiretap warrant involves government access to a public/regulated utility. A software warrant involves government access to a private residence. The former is a matter of "hi, we're the government, we have a warrant to tap line XYZ"; the latter is a matter of "let's sneak this into a citizen's private effects, on their private property, with only us in the know". And by "doesn't have root", I mean it can't create whatever false forensic trail you want within said citizen's private effects. If you insert yo

              • A wiretap warrant involves government access to a public/regulated utility. A software warrant involves government access to a private residence. The former is a matter of "hi, we're the government, we have a warrant to tap line XYZ"; the latter is a matter of "let's sneak this into a citizen's private effects, on their private property, with only us in the know".

                They are allowed to "sneak this into a citizen's private effects, on their private property, with only us in the know" as long as they have a warrant. They can, for example, attach a GPS device to a vehicle to track it with a proper warrant. Whether they should be allowed to do that is a reasonable question, but so far SCOTUS has said it is OK.

                And by "doesn't have root", I mean it can't create whatever false forensic trail you want within said citizen's private effects. If you insert your tap/backdoor/soldier in the middle, it can pretend to be one or the other or even both,

                The issue here is a key logger, not a backdoor that allows root access to the system. I agree there needs to be a strong chain of custody to ensure someone hasn't add

      • What makes software illegal?
        How does installing malware require a presumption of guilt?
        What is "a gestapo?"
      • "...loss of..."?

        Hard to say that. When did Hoover become chief? His name's still on the HQ building. That alone tends to support "never had".

      • Had the FBI actually not broken numerous laws I may agree with you. The FBI installing illegal software without the person's knowledge is a bit different from wiretapping. First, the only way for the FBI to have this illegal software would be to create the software which is a criminal act. Alternatively, and more likely, they could have conspired with criminals to acquire the software. (It should be obvious that "criminals" could be agencies within Government(s).)

        Wiretapping is legal and has some moral uses. We can correctly state that the person maintains the assumption of innocence while they are being wiretapped. Installing software to spy requires the assumption of guilt, and provides the means for the actors to create evidence.

        The loss of ethics and morality in the agency makes them a gestapo, not a public police force. I'm sure that is the intent of this, and literally thousands of other cases within the last several years. It's the Government against the public, until the public takes back the Government.

        Just because it isn't wiretapping in the legacy meaning of the word doesn't mean it isn't software based wiretapping. Installing remote software and using a keylogger is the same thing.

      • what is "illegal software"?
    • So, would you be O.K. with the FBI convincing Microsoft to install an ECHELON front end on every Windows 10 PC? I mean, it would only copy your entire hard drive to their servers if it found certain keywords they were looking for...

    • by allo ( 1728082 )

      Placing a software for this is a no go. Because when i got the FBI malware on my pc, it could just place evidence. So any evidence found on the pc should be invalid in court.

  • That doesn't mean it's the first time they did this.

  • FSVO "defeating" (Score:2, Insightful)

    by gwolf ( 26339 )

    Encryption (even more in such general terms, not even mentioning which algorithm or basic representing problem) has not been and cannot be "defeated" as such. It can be circumvented. And, besides some weak cryptosystems that have been proposed and found lacking after analysis (i.e. the knapsacks implementation), the only "useful" general attacks on cryptography are attacks on the implementation: Circumventing cryptography rather than breaking it.

    • Encryption (even more in such general terms, not even mentioning which algorithm or basic representing problem) has not been and cannot be "defeated" as such.

      What would you say Alan Turing did to the huns' enigma?

      • by gwolf ( 26339 )

        brute-forcing is not defeating. Building a computer that can outperform any previously existing architecture is not defeating. The Enigma still works, given its security parameter. RSA at 384 bits was enough in 1995, but is brute-forceable today - It does not mean it is broken, only that it's too weak.

  • Of course there was every reason to break out the big guns here! Encryption, shmencryption, privacy shmyracy, but where could we end up if we couldn't test on animals anymore!

    That's clearly a matter of national security, if not survival of our culture or even the human race altogether!

  • How did the FBI remotely install anything? Were they sitting on undocumented exploits and tricked the user? Or did they just physically break into the residence and install something?

  • Err, what? (Score:4, Insightful)

    by wonkey_monkey ( 2592601 ) on Thursday April 14, 2016 @12:05PM (#51908817) Homepage

    FBI Tried To Defeat Encryption 10 Years Ago, Files Show

    They're probably trying to defeat encryption of some kind or another every single day.

  • The third amendment was about this:

    No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.

    The practice of quartering troops in the homes in the occupied area wasn't just a matter of using up their resources to support the army. The troops served as spies against the citizens, hearing their conversations, going through their papers when they weren't looking, and so on, then reporting back to their superiors

  • by Jim Sadler ( 3430529 ) on Thursday April 14, 2016 @01:04PM (#51909295)
    All too often we see people in high places entrusted with power turn into criminals. When spying tools are allowed whether it be decryption or wire taps or keylogging there is a huge problem. Those tactics can be used for all kinds of illegal reasons and be completely covert. Suppose you have developed a product that shows tremendous potential and some jerk in government peeks into your communications and then passes information to a third party to steal your ideas. Or suppose that some creep is seriously attracted to your wife or daughter and tries to get information to leverage her into servicing him? The problem is that tools developed for law enforcement will always tend to leak out and be misused. The threat from crime and terror nuts may be less than the threat of government run wild.
  • by SkyLeach ( 188871 ) on Thursday April 14, 2016 @01:24PM (#51909481) Homepage

    If the government has write access to the computers without the suspects knowing then how can they prove chain-of-custody?

    forensics requires that once storage is confiscated it is read-only copied and then the original is stored with a hash to prove it hasn't been altered while only the copy is researched.

    In cases like this the government's word is the only proof that they aren't manufacturing evidence to take down groups that are making waves.

  • One case and it went before a judge. (Homefully not FISA).

    They judge believed they had cause. It's called a warrant and due process.

    Hopefully the judge limited what information they could collect.

    What would be even better is if there were dedicated specialist teams to collect that information such that they aren't rewarded or motivated by any potential conviction.

  • one off case athusued by a judge. As long as they get a warrant for every case, specifying each computer or person, it's fine. Blanket warrents and no warrents are illegal

Heisengberg might have been here.

Working...