A news article I hadn't seen posted here... quite interesting!
When agents at the Drug Enforcement Administration learned a suspect was using PGP to encrypt documents, they persuaded a judge to let them sneak into an office complex and install a keystroke logger that recorded the passphrase as it was typed in.
A decade ago, when the search warrant was granted, that kind of black bag job was a rarity. Today, however, law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology.
"Every new agent who goes to the Secret Service academy goes through a week of training" in computer forensics, including how to deal with encrypted files and hard drives, U.S. Secret Service agent Stuart Van Buren said at the RSA computer security conference last week.
One way to circumvent encryption: Use court orders to force Web-based providers to cough up passwords the suspect uses and see if they match. "Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find."
Last week's public appearance caps a gradual but nevertheless dramatic change from 2001, when the U.S. Department of Justice spent months arguing in a case involving an alleged New Jersey mobster that key loggers were "classified information" (PDF) and could not be discussed in open court.
Now, after keystroke-logging spyware has become commonplace, even being marketed to parents as a way to monitor kids' activities, there's less reason for secrecy. "There are times when the government tries to use keystroke loggers," Van Buren acknowledged.
As first reported by CNET, FBI general counsel Valerie Caproni told a congressional committee last week that encryption and lack of ability to conduct wiretaps was becoming a serious problem. "On a regular basis, the government is unable to obtain communications and related data," she said. But the FBI did not request mandatory backdoors for police.
More details - link
When agents at the Drug Enforcement Administration learned a suspect was using PGP to encrypt documents, they persuaded a judge to let them sneak into an office complex and install a keystroke logger that recorded the passphrase as it was typed in.
A decade ago, when the search warrant was granted, that kind of black bag job was a rarity. Today, however, law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology.
"Every new agent who goes to the Secret Service academy goes through a week of training" in computer forensics, including how to deal with encrypted files and hard drives, U.S. Secret Service agent Stuart Van Buren said at the RSA computer security conference last week.
One way to circumvent encryption: Use court orders to force Web-based providers to cough up passwords the suspect uses and see if they match. "Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find."
Last week's public appearance caps a gradual but nevertheless dramatic change from 2001, when the U.S. Department of Justice spent months arguing in a case involving an alleged New Jersey mobster that key loggers were "classified information" (PDF) and could not be discussed in open court.
Now, after keystroke-logging spyware has become commonplace, even being marketed to parents as a way to monitor kids' activities, there's less reason for secrecy. "There are times when the government tries to use keystroke loggers," Van Buren acknowledged.
As first reported by CNET, FBI general counsel Valerie Caproni told a congressional committee last week that encryption and lack of ability to conduct wiretaps was becoming a serious problem. "On a regular basis, the government is unable to obtain communications and related data," she said. But the FBI did not request mandatory backdoors for police.
More details - link
