Bad news from the war front, and this one is a doozie. No one’s talking about it, yet.

Not the front over there - that other one, over here. The front where we try to establish where our government’s absolute jurisdiction begins and where our freedom ends. Where we try to draw a line that sensibly delineates this, in wartime, so that once we’re at peace our children won’t struggle against their shackles & bonds and wonder what in the hell we were thinking.

History has yet to record our success in doing this with good judgement and foresight. Some people say, war and peace being two different things, it can’t be done. We will see.

But the war on this front is going badly. This week, while we were worried about how much time it takes to thaw a twenty pound turkey, out comes a story about "Magic Lantern."^[1] Did you catch it? It would have flown right under the radar, even in the slow news days of August. Even if the conundrum were not jam-packed with nebulous and misunderstood technical details. Which it is.

This is just my opinion, but Magic Lantern is bad, bad news. The minute our President appears behind a podium with bin Laden’s head on a stick, Magic Lantern should become the most despised enemy in public discourse. I’d be pleased as punch if, beneath every American flag out there, there was another banner depicting a lantern with a red line through it. Such a juxtaposition could be read out loud, as "love my country; fear my government."

I don’t like to harbor such passions against something I know so little about, but I have no choice. The ramifications are great, information is sparse, there are adversaries out there who are trying to "help" us but really want to damage us. Why do I have such deeply held suspicions of Magic Lantern? What does it do?

It’s a new component to the now-notorious Carnivore project. Carnivore is a set of software tools that ferrets out incriminating evidence from computer systems, so named because it is designed to "look for the meat" within a collection of intercepted data. I’ve always hated that name. Far from being the center of the inevitable controversy, the "meat picking" aspect is a basic, core element of computer forensic work. If you were responsible for investigating, for example, the seized desktop of a workplace colleague who had been termed, you’d want your own little "carnivore" - a program that takes the data you’ve captured, ignores the shells, guts, bones and scales, and focuses on the meat. That’s because computer forensic work is a process of gathering massive amounts of data, far too extensive for you to look through manually, and filtering it through one or several programs.

It’s touchy, because the quality of your investigation is only as good as the quality of the filter. This sounds simple, but it becomes technically involved because after almost every investigation, there’s some points to be made about how the filter could have worked better for that particular case. The filter ultimately becomes a more-and-more sophisticated product of an ever-expanding sphere of professional experience. If it is too generous in it’s definition of "meat," it becomes useless. If it’s too stingy, ignoring some evidence that could in fact be incriminating, that’s even worse!

So it can be fairly stated that "Carnivore" is a moniker that refers to the technical challenges in the Justice Department’s project, but it does not adequately address the Fourth Amendment issues with which we’re concerned when we read about this program. I think that’s a deliberate distraction, mostly because every time I’ve read about Carnivore I’ve come to trust it just a little bit less than I did before.

What the Magic Lantern component does, as I understand it, is a new low. It records keystrokes over a network. It does this by planting a virus on the suspect’s machine, somehow escaping detection by any antivirus software being run by the suspect. We do not know very much about this because the only declassified sources, are documents procured under FOIA requests, and these came back heavily redacted.^[2] To the best that can be determined, the virus is working in concert with a client running on the investigating party’s machine, or perhaps a network server, and the two programs surreptitiously exchange information over the network. The virus then captures keystrokes, as they are entered, and relays them to the client so they can be subjected to computer forensic investigation.

And that brings us to the famous case of Nicodemo Scarfo, Jr.

Scarfo is a mob boss under indictment for a gambling case being prosecuted by the FBI. Evidence collected during the spring of 1999 could be particularly damaging to his defense, which isn’t much of a gut-churning problem to anyone except him and his lawyer. It seems the more someone knows about "Little Nicky," the fewer nice things they have to say about him.

Hasn’t that always been the case with each stolen liberty? The first man to fall is someone nobody misses. Then they come for the rest of us.

The controversy is all about how the evidence was collected.^[3] Under a warrant, federal agents attached a "key logger" device to Scarfo’s computer. This was a physical process that involved actually going into the property of Mr. Scarfo, and modifying the system he was using himself without his knowing about it. Once the device was recovered, its contents could be searched for incriminating evidence, in the form of keyboard sequences he entered while using it. In this particular case, the agents used this tactic to learn the pass phrase used to secure Scarfo’s private key for the PGP (Pretty Good Privacy) encryption program he was using.^[4]

PGP is a strong mail & file encryption program that was designed, at it’s inception a decade ago, as a human-rights tool so information could be encrypted without the involvement or cooperation of the federal government. This was contrary to some ambitious projects being established during the Bush-Sr. and Clinton administrations.^[5] You don’t really need to know a lot about PGP to understand what happened to Mr. Scarfo, but it all comes down to this: Once the FBI had Scarfo’s pass phrase, they could decrypt the file they had already seized that contained his private key. Once they had his private key, they could decrypt everything previously encrypted for his attention. That would include encrypted e-mail from other people, and files he had secured for his own use. This circumvented what has already been established as a very strong encryption mechanism, suitable for hiding valuable information from extremely resourceful opponents. So by using this product, Scarfo was being very paranoid in handling the information under his control; but not quite paranoid enough.

It cannot truly be said that this operation came off without a hitch, because the subsequent legal wrangling was considerable. Most of it concerned the judge’s trepidation over whether this method of surveillance truly came under the auspices of the warrant that was being served. In keeping with that, sometime around July of this year the judge asked^[6] for an elaboration about how this technology worked, and the FBI replied that this was impossible because such an explanation involved information that was classified.^[7] The judge said, I don’t believe it. The is-not-is-too commotion, went back and forth, dragging on throughout the long summer of 2001. The judge and the prosecution ultimately agreed to a closed-door session to determine the technical details that were in question. This was to involve classified information, to a limited extent, before a controlled audience that was not to include the defense team.

After that weekend, some gutless cowards flew planes into our buildings and changed our lives forever. If you know what happened to the Scarfo case in our "new" America, you’re a better newshound than I am.

It’s not a logical leap to postulate that Magic Lantern’s concept and design are the culmination of the Scarfo case, or at least the legal frustration that it caused for the Justice department. In some circles of endeavor, an uncertain outcome is worse than a definitely unsuccessful one; uncertainty can be very expensive. Just as Republicans and Democrats are both working hard to make sure the 2000 election never happens again, you can expect the FBI never wants to see another Scarfo case.

I don’t believe "Magic Lantern" has been designed to more comfortably fall within the parameters of a search warrant. My fear is, it has been surreptitiously proposed as a way to avoid the warrant process altogether. Even if that is not the intent, this entire boondoggle could certainly go in that direction. I would actually say, anyone who knows about this issue and believes it’s not headed toward a surveillance-without-warrant conclusion, is living in a dream world.

I would go even further, and comment that the Justice Department has already seized so much power, that any resistance to them from the bench is just stonewalling and counterproductive. Using judicial activism to protect our liberties is like using a hammer to kill a fly on your forehead. It’s not simply a question of "overkill"; it’s a question of the tactic in question leaving side effects that are so dilatory, as to defeat the purpose of the tactic in the first place. Judicial activism is a misguided notion that threatens the very bedrock of our republic, more certainly than Magic Lantern. Surely, if I were a judge I’d probably have to find for the government if a "Magic Lantern" case landed on my bench, even if no warrant had ever been sought. I’d hate doing that, but unless there’s some relevant judicial precedent that I don’t know about, that’s what I’d have to do.

For that matter, based on what I know about the fourth amendment,^[8] as a judge I’d probably have to find on the government’s behalf in the Scarfo case. The paradox here, is that those among us who are going to be the most alarmed about the civil liberties jeopardized by Magic Lantern, are "conservatives" who believe - as if it should be up for debate - that laws should be interpreted according to how they were originally written. In other words, that the Gore Doctrine of a "living" constitution is so much codswallop.

What I’m afraid of, is that if we’re ever fortunate enough to see a Magic Lantern debate stirred up - and that’s in doubt - those of us on the "correct" side of the issue will end up contradicting ourselves. We do not believe in judicial rulings based on passionate agendas, even on agendas concerned with our individual liberties; we believe in playing by the rules. That is the only agenda worthy of any campaigning between the walls of a courtroom.

On the other side of the coin, our opposition, those who think judicial activism is a wonderful thing, won’t be interested in our cause because they will tend to believe Magic Lantern is also a wonderful thing. These are the people who use phrases like "living, breathing document" and "founders could not have foreseen..." They essentially make up the law as they go along. They won’t contradict themselves, the way we would contradict ourselves. I have to believe they’d win and we’d lose.

The problem here, is that the Federal Government is squatting on a vast acreage in that new frontier that Gingrich called the "Third Wave." I use the word "squatting," because they’re taking advantage of the natal stage we’re at in settling this frontier. Many people don’t encrypt their data, or even handle information they think is sensitive - in a professional capacity or otherwise. A frontier few people have ever seen or thought much about, is essentially uncharted. By laying claim to ownership of your own keystrokes at your own machine, the Government is essentially squatting on land that has no boundaries yet because nobody has made a strong claim to live here.

Even though doubtless, you’d want to own the very keystrokes you use on your computer!

So most reasonable people would agree what the Government is doing is wrong, but there is no strong language in the Fourth Amendment or anywhere else to say it’s wrong. Nothing stands to stop them except judicial precedent; the judicial precedent is set to be created now, and it’s about to be created in their favor.

We should push for this to be decided in the political arena, not in the judicial one. Fighting this effort after the evidence has been seized, is fighting too late in the game. The right time for resistance is before the tools have been gathered. We should demonize the phrase "Magic Lantern" until mothers slap their boys when they hear it used in mixed company. The situation calls for nothing less of a response. The mere conceptualization of this totalitarian plan, absent significant protest from those affected, changes the relationship between the government & the governed more than should be allowed in this country. Even at a time of war.

This is really bad, folks. You let this one go, while protesting the next silly gun control bill, and you’re essentially wasting your time.

1. Sullivan, Bob. FBI software cracks encryption wall. ’Magic Lantern’ part of new ’Enhanced Carnivore Project.’ Nov. 20, 2001. MSNBC. 11-24-01 http://www.msnbc.com/news/660096.asp?cp1=1.

2. Associated Press. FBI develops new tools for eavesdropping. Nov. 21, 2001. USAToday.com. 11-24-01 http://www.usatoday.com/news/washdc/nov01/2001-11-21-fbi.htm.

3. Anastasia, George. Scarfo case could test cyber-spying tactic. The FBI put a keystroke-logging device on the computer of the gambling suspect. A challenge may create new law. Dec. 4, 2000. Philadelphia Enquirer. 11-24-01 http://inq.philly.com/content/inquirer/2000/12/04/front_page/JMOB04.htm.

4. McCullagh, Declan. Scarfo: Feds Plead for Secrecy. Aug. 27, 2001 6:33 a.m. WIRED News. 11-24-01 http://www.wired.com/news/politics/0,1283,46329,00.html.

5. Zimmerman, Phillip R. "Ch. 2, Why I Wrote PGP." Introduction to Cryptography, PGP 6.5.2. United States of America: Network Associates, Inc., 1999. pp. 37-41.

6. McCullagh, Declan. Judge to DOJ: Explain Spy Method. Jul. 30, 2001 1:00 a.m. WIRED News. 11-24-01 http://www.wired.com/news/privacy/0,1848,45684,00.html.

7. Associated Press. Scarfo Judge: Private Hearing OK. Sep. 7, 2001 2:45 p.m. WIRED News. 11-24-01 http://www.wired.com/news/lycos/0,1306,46650,00.html.

8. U.S. Constitution: Fourth Amendment. FindLaw: Cases, Codes & Regs. 11-24-01 http://caselaw.lp.findlaw.com/data/constitution/amendment04/.

Morgan K Freeberg

You can e-mail Morgan at mkfreeberg@hotmail.com.

About Morgan K. Freeberg

Copyright © 2001 by Morgan K. Freeberg
All Rights Reserved.

-Published with permission