FBI Hacks Alleged Mobster
WASHINGTON -- Nicodemo S. Scarfo, the
son of Philadelphia's former mob boss, was almost paranoid enough.
Scarfo, who has been charged with
masterminding a mob-linked loan sharking operation in New Jersey,
reportedly used the popular PGP encryption software to shield his
computer's secrets from prying eyes.
But when the feds learned of
Scarfo's security measures, they decided to do something that would
bypass even the best encryption software: FBI agents sneaked into
Scarfo's office in Belleville, New Jersey, on May 10, 1999, and
installed a keyboard-sniffing device to record his password when he
typed it in.
A seven-page court order authorized
the FBI and cooperating local police to break into Scarfo's
first-floor "Merchant Services of Essex County" office as
many times as necessary to deploy, maintain, and then remove
"recovery methods which will capture the necessary key-related
information and encrypted files."
The case, which is awaiting trial,
appears to be the first in which the U.S. government used such
aggressive surveillance techniques during an investigation, and some
legal observers say the FBI's breaking-and-entering procedures go
too far.
"I don't think it's
constitutional," says David Sobel, general counsel of the
Electronic Privacy Information Center in Washington, D.C. "This
case has the potential to establish some very important precedents
on this issue."
Scarfo's prosecution comes at a
time when the FBI's Carnivore surveillance system is under
increasingly heavy fire from privacy groups, and the use of
data-scrambling encryption products appears to be growing. Last
week, for instance, news leaked out about Yahoo's encrypted
Web-based e-mail service it introduced through a deal with Zixit, a
Dallas firm.
Scarfo has been charged with
supervising "an illegal gambling business" in violation of
state and federal law and using extortionate loan shark tactics,
according to a three-count indictment filed in federal court in June
2000. He has pleaded not guilty.
"There's nothing that we can
talk about or are at liberty to talk about in the case," says
Michael Drewniak, a spokesman for the U.S. Attorney's office for the
District of New Jersey. Drewniak would not comment on the use of
encryption, saying "we do not discuss evidence."
The elder Scarfo, who once ran the
Philadelphia mob that also dominated the Atlantic City gambling
racket, was imprisoned in 1991 on racketeering charges.
The spring 1999 investigation of
the younger Scarfo, who is 35 years old, may be what prompted the
Clinton administration to recommend changing federal law to allow
police to conduct electronic "black bag" jobs.
The idea first publicly surfaced in
mid-1999, when the Justice Department proposed legislation that
would let police obtain surreptitious warrants and
"postpone" notifying the person whose property they
entered for 30 days.
After vocal objections from civil
liberties groups, the administration backed away from the
controversial bill. In the final draft of the Cyberspace Electronic
Security Act submitted to Congress, the secret-search portions had
disappeared.
In January 2000, the Clinton
administration seemed to change its mind. "When criminals like
drug dealers and terrorists use encryption to conceal their
communications, law enforcement must be able to respond in a manner
that will not thwart an investigation or tip off a suspect,"
Attorney General Janet Reno and Deputy Defense Secretary John Hamre
wrote in a seven-page letter to Congress.
That letter, however, suggested the
feds didn't need a new law -- and would instead rely on
"general authorities" when asking judges to authorize
black bag jobs. A related "secret search" proposal
resurfaced in May 2000 in a Senate bankruptcy bill.
In the Scarfo case, the FBI in May
1999 asked for "authority to search for and seize
encryption-key-related pass phrases" from his computer as well
as "install and leave behind software, firmware, and/or
hardware equipment which will monitor the inputted data entered on
Nicodemo S. Scarfo's computer by recording the key related
information as they (sic) are entered."
Although the government has refused
to release details, this appears to indicate the FBI was using
either a hardware device -- inserted into the keyboard or attached
to the keyboard cable -- or a software program that would quietly
run in the background and record keystrokes. With the PGP private
key and Scarfo's secret password, the government could then view
whatever documents or files he had encrypted and stored on his
computer.
Ruling that "normal
investigative procedures to decrypt the codes and keys necessary to
decipher the 'factors' encrypted computer file have been tried and
have failed," U.S. Magistrate Judge G. Donald Haneke granted
the FBI's request.
EPIC's Sobel suggested that Haneke
did not, under federal law, have the authority to grant such an
order. "The interesting issue is that they in those (court)
documents specifically disclaim any reliance on the wiretap
statute," Sobel says. "If they're on record saying this
isn't communications -- and it isn't -- then that extraordinary
authority they have under the wiretap laws does not apply."
"If we're now talking about
expanding (black bag jobs) to every case in which the government has
an interest where the subject is using a computer and encryption,
the number of break-ins is going to skyrocket," Sobel said.
"Break-ins are going to become commonplace."
Eugene Volokh, a law professor at
UCLA, said he believed the government could successfully argue the
break-in was constitutional. "There's nothing in the
Constitution that prohibits this kind of anticipatory search,"
says Volokh. "In many respects it's no different from a
wiretap."
A lawyer for Scarfo told the Philadelphia
Inquirer that he would file a motion challenging the legality
of the FBI's black bag job.
"Anything he typed on that
keyboard -- a letter to his lawyer, personal or medical records,
legitimate business records -- they got it all," attorney
Donald Manno told the paper. Manno could not be reached for comment
on Tuesday.
Scarfo, who is out on bail, was
scheduled to appear in court Tuesday for a hearing before U.S.
District Judge Nicholas Politan. The purpose of the hearing was to
appoint a new attorney -- Manno has represented a client who may
testify for the government against Scarfo.
|