In message <Pine.GSO.3.96.1011217132546.27456B-100000@crypto>, "Jay D. Dyson" w rites: >On Mon, 17 Dec 2001, Will Rodger wrote: > >> > > But the interplay with MagicLantern and PatriotAct issues is >> > > thought-provoking... >> > >> > Actually, this is nothing new. The boys at the Bureau have a long >> > history of requesting data to which they have no genuine legal right >> > of access. Their original requests -- with few exceptions -- bank on >> > ignorance of due process. >> >> Why is anyone surprised law enforcement would want this data? In order >> to investigate the crime in the first place, law enforcement needs to >> know what the crackers stole. > > I guess you can consider me puzzled as to this claim. The FBI >isn't interested in what was stolen. The forensic analyses of the worm's >functions will tell you in a generic sense the answer to that question. >What the boys at the Bureau want is the lump sum of victims' stolen >information. > > To use an analogy[1], if a neighborhood burglar makes off with my >videocamera, all the LEAs and their LEOs need to know is the description >and serial number of the product so it can be identified as mine. They >don't need to know the contents of the tape in the videocamera in order to >demonstrate that criminal action occurred in the taking of said camera.
Well, recovered stolen property is generally considered evidence. Looking at that file provides evidence that the worm *did* steal passwords, and not just that it was capable of doing so according to some complex analysis. (For many worms, there is often considerable uncertainly about exactly what they can and cannot do. Besides, do you want to try to explain "decompiling" to a jury?) Perhaps more on target, possession of those passwords does *not*, as far as I can tell, change the FBI's legal ability to, for example, read someone's email. They'd still need a court order under your favorite statute. At most, I suspect that they could use information in that file as evidence of improper possession of a password by one of the worm's victims. Not good if you're the improper possessor -- but also not an extension of the FBI's abilities or authority. The implication of the original claim was that the FBI wanted these passwords so that they could surreptiously read email without bothering with Magic Lantern or Carnivore. Maybe -- but doing so without authorization is just as illegal with passwords as via a tailored Trojan horse. (Well, maybe the latter would constitute a violation of 18 USC 1030, the Computer Fraud and Abuse Act. I think the former would, too, plus it would violate 18 USC 1029: use of a counterfeit access device.) The only thing these passwords would do is make the entry easier. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]