http://blog.wired.com/defense/2007/07/fbi-spyware-rev.html

Under a ruling this month by the 9th U.S. Circuit Court of Appeals, such surveillance -- which does not capture the content of the communications -- can be conducted without a wiretap warrant, because internet users have no "reasonable expectation of privacy" in the data when using the internet.

The Feds can plant this stuff on your computer without a warrant, according to a federal judge. A little scary...

Andrew

Is the 9th the one in DC or San Fransisco?

Sounds like a very reasonable ruling. No ones entering their home.

So you're okay with cameras being installed in your home as well to monitor your every move?

No one installed a camera, and no one entered the home.

Simple frame:

You are a trusting soul.

You have religious, ethnic, or simply made up reasons to be on a watch list.

You have an internet connection.

You are even more of a rube and have a wireless connection.

You have FBI spyware.

You go to prison.

George Orwell and I share more than a birthday. His work -- along with Ray Bradbury, Franz Kafka and Kurt Vonnegut -- has made me a wary soul since I was kid. This is yet another page drawn straight from the pulp prophets of the 20th Century.

What keeps neo-Jedgars in a white van down the street -- that says, "Florist" or "Phone Company" on it -- from placing things on your computer, taking things from your computer, or sending e-mails from your account that incriminate you in a plot they cooked up at the IHOP that morning?

What keeps them from doing it now -- in air conditioned comfort -- from Virginia?

What keeps hacking haters from doing the same thing?

If you thought identity fraud was scary all by itself, try mixing in a paranoid police state.

A camera and spyware are pretty much the same thing. Someone is watching over you, without your consent.

What's interesting about that ruling is that the 9th Circuit Court of Appeals is the most radically liberal court in the land. They are overturned about 90% of the time.

I'm sort of surprised that a court that liberal made such a ruling.

Maybe they're not as "liberal" as you think.

I don't necessarily mind the Feds monitoring internet traffic and what not, because I don't really have an expectation of privacy out in the public domain, but when it comes to installing spy ware ON my hard drive from a remote location, to collect data on me, that is breaking into my home and violating my privacy. And unless the government has a warrant to do so, then it should be illegal.

>>>"Maybe they're not as "liberal" as you think."

I'm afraid they are. Probably even more so.

This does seem like a serious issue. Our lives are going to revolve around the internet. We need some strict rules governing privacy matters.

Perhaps their position that there is no reasonable expectation of privacy on the internet is correct. I certainly don't assume any. I don't even hide behind a screen name.

2600 alert!!

Hopefully detection of this spyware will be included in a future Spybot update..............

Alright, I have nothing to hide. Really the only thing I keep in this computer is an installation of WinXP.

I figger, once a system is tainted with XP it becomes insecure that you would never trust keeping all your personal data on the same computer as it.

Oh, and FYI, none--but NONE--of my systems use wireless connections for anything! Cables are a Godsend, not only are cables usually the most secure option but also the most reliable especially when installed properly. Messy at times (they can get tangled), but that's only a minor inconvenience.

Brandon Mayfield thought he had nothing to hide either.

Exactly.

Neither do I.

(having a handle is not quite the same --that's just fun, like wearing clothes can be fun. The real name is there for the asking.)

The having no expectation of privacy, on the internet is actually a solid ruling, IMHO. It is a public net, with data moving through all sorts of things and places. Data gets cached, duplicated, etc...

However, one's propery is a different matter. One's own computer is a thing apart from the Internet as a whole. Installing things on it --in other words, asking it to do things the owner is not aware of is an expectation that really should not be set.

If you are running a fairly mainstream computer, chances are it is already doing things you don't know about and it's highly likely you didn't ask for. Expectation already set, sadly enough.

This is exactly why I keep an old SGI machine or two around. There is ZERO running on those boxes I don't know about.

Linux is not a bad option, if you are willing to do the work to make sure it's doing only what you ask. Same goes for computers you build yourself. (not PCs, but actual home brew computers)

My issue is changing the nature of the computer without it's owner being aware. Again, this happens on most mainstream computers on a regular basis through auto update, less than honest software distributions that include "extras", etc...

So it's set, but really shouldn't be.

If the FBI wants to tap your traffic, fine by me. That's in line with the no expectation of privacy everyone should have about the Internet in general.

However, one's own property really should fall under existing laws regarding property, search and seizure. That's where this ruling breaks down for me.

I find it frustrating to see rulings from legal minds, not well enough equipped to judge the matters at hand where technical devices, means and methods are concerned.

A computer connecting to the Internet is not part of the internet, just as your television connecting to Comcast is not part of the cable network.

Strict rules about privacy? Yep. Could not agree more, however we are just not gonna see them from this particular legal system. Best tool up, if this is your worry.

So if you're using something like a credit card online, or at a website that requires you to enter your SSN (or any part of it) for "ID" purposes, over a secure connection, you have no expectation that someone else doesn't have access to the card number or the SSN? That's scary.

The Feds can plant this stuff on your computer without a warrant, according to a federal judge.
I'm guessing they've been doing this all along, and needed a ruling that legitimized it.

Yes it is scary and more people should know it.

With credit cards, you should look for the https instead of http in the address bar.

At least that indicates the traffic between you and the other computer is encrypted. Where it goes from there is anybodys guess.

I've seen plenty of payment systems where the orders are just printed out and somebody types them into a visa machine, then is supposed to shred the document. I've also seen them where that data is e-mail internally to someone running an order processing computer.

Those e-mails are all sitting in a backup somewhere...

Scary huh?

Your bank probably has some of the new VISA devices for this. One time numbers, reloadable cards, etc... Not a bad idea to use them.

The bottom line is that, bits don't get moved around the Internet, they get copied and deleted. Those bits can sit around in unexpected places.

Spot on with the ruling. Here is a recent case:

http://blog.wired.com/27bstroke6/files/timberline_affidavit.pdf

I did find it interesting the FBI did not seek the contents of said communications, only IP addresses and timestamps. Given other evidence, this is enough to warrant other actions.

This is better than a keylogger, but still... worrysome.

And there is a court record, so we get to see the reasoning behind the act. I like this element, given the assumption said documents must be filed as part of a greater case. It's like FISA, you know the old FISA that worked.

They did it with the IM protocol! Which suggests to me the FBI knows of low level OS exploits the rest of us don't, or do, but don't care...

Or they sent that account a message, or picture or some other compelling element to be consumed. Tricky bastards!

Wonder what they would have done with a more solid machine behind the threats?

In any case, we do have a court record of what happened and generally how. I'm not so sure this is cause for alarm as presented in the stories surrounding the case.

They are attempting to emulate a pen register order. Have to look this up, but I assume that is a third party agent, recording movements through observation and that in cyberspace said agent can be a program, crafted for this purpose.

Well.....unless you have a router at home which performs "Deep Packet Inspection" on all returning data you are suceptible to intrusions via packet insertion. Even a deep packet Cisco IPS router is no gaurantee against it but as always preached in security classes i've attended, layer it. Do not put all your eggs in one basket and think that one product will protect you. Remember that any time your PC is directly connected to the internet via any sort of "MODEM" you are exposing yourself to direct attack. Put a router, any router, between you and the internet. ISP's still refer to the equipment they give you as a "Cable Modem or DSL Modem" when they are actually routers. This is old school and they believe it easier for the general public to grasp that term. Easy test to see if you have a router or modem.
Start
Run
cmd
in the dos window type ipconfig /all
look for the local lan ip address.

If it is in these ranges then you have a router:
10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255

If other you may want to consider getting a router.

I think this was a trojan. Not that your advice on a router isn't good. It is!

(Man, when I first was on the Internet, we just had a gateway machine... Would dial up to the ISP and telnet to other machines. PPP over dialup was a big deal then. Good times!)

Part of the document describes the FBI planning should their nasty not get activated.