[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Gov Access to Key Strokes



On Mon, Jul 06, 1998 at 10:46:27AM -0400, John Young wrote:

> 
> Could this technology to be covertly placed in all keyboards 
> for activation say, by remote control, or via a program/device 
> on the Internet?
> 
> Recall the various proposals for putting hardware encryption 
> in keyboards, with the possibility of covert GAK.

	John, I have on occasion mentioned on the net the possibility of
doing this via secret back doors in Microsoft OS kernels (W98/NT),
backdoors hidden by encrypted code (and that damn new WIPO treaty) that
would only be decrypted inside the CPU using a chip key not available to
the user.  Given passage of WIPO I fully expect such technology to
become common as a means of copyright protection with very severe
penalties for those who would chose to peek inside the "technological
means" or alter it in any way.  And once one has created this secret
space inside the core OS and protected it by draconian criminal laws, it
doesn't take much for someone to add a little extra feature in there
that logs and transmits back to Big Brother user keystrokes or keys used
with the encryption routines or other such privilaged and private user
information.  This could be added by the FBI or by Microsoft under
federal pressure (which they certainly are).   And interfering with or
disconnecting this nice little brother feature might well be considered
to be tampering with a "technological means" of copyright protection and
subject the user to 5 years in prison. Certainly public dissemination of
tools and information (such as code listings) that would allow access to
and alteration of this secret space would very likely result in criminal
prosecution, even if such legal action was not common for individual users.

	In fact, under WIPO it would already be illegal to just
disassemble and debug the relevant part of the OS to check to see if
there was code in there to log and report keystrokes even if it was not
encrypted or otherwise protected.  And no doubt at all but that the
rights enforcement software will be encrypted and otherwise protected
just to make sure that anyone tampering with it or even just examining
it for security flaws (such as keystroke recorders) would clearly be
flagrantly violating WIPO in an unambiguous as possible way.

	What this means is that due to well meaning anti piracy measures
carried to extremes - WIPO , it is likely to be impossible for a user of
standard shrink wrapped commercial software to legally vet that software
to  determine that it does not contain deliberate (courtesy the FBI)
means to grossly compromise the security of information on his computer
system.  He will have no legal recourse but to trust the provider of the
software, as even the analysis required to prove such a deliberate
security hole exists would be serious federal felonies...

	One wishes that Congress would see the light and allow 
circumvention of copyright protections for legitimate security analysis
and audits (and for any purpose which would be construed as fair use
under copyright law), but so far this hasn't happened.

-- 
	Dave Emery N1PRE,  [email protected]  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18