Step 9: Release the code
Appelbaum, pictured here, says that the team of security researchers plans to freely release the utilities they developed so that other programmers can develop privacy-protecting countermeasures.
They seem to be operating on the theory that, after their demonstration of encryption key extraction, police and intelligence agencies will rush to develop their own memory forensics. A public release of "keyfind" and the memory-transfer program merely will level the playing field between open-source researchers and companies like Guidance Software (that sells EnCase forensics software used by the FBI and other police agencies).
Because we know police agencies are keenly interested in computer forensic techniques, that's not a bad assumption. As early as 1984, the FBI Laboratory began developing computer forensics tools.
They're also interested in ways to bypass encryption. In the Scarfo case, the U.S. government used a key logger to find a reputed mobster's PGP passphrase. More recently, the Drug Enforcement Administration obtained a court order allowing it to implant a key logger into a suspect's computer, and the Justice Department is trying to force a defendant to divulge his PGP passphrase.
Photo by Declan McCullagh/CNET News.com
Get Smart about Business Spending