FBI ducks questions about its remotely installed spyware

There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect's computer remotely.

Many of the questions hearken back to the old debate over the FBI's Carnivore wiretapping system, which technical luminaries Steve Bellovin, Matt Blaze, David Farber, Peter Neumann, and Eugene Spafford raised in a December 2000 paper.

Excerpt from FBI's CIPAV affidavit.

Some of the perfectly reasonable points they made: What about security flaws? Is there evidence of a "systematic search for bugs?" How about audit and logging? Why not publish the source code for public review?

And of course there are issues more specific to the FBI's use of the Computer and Internet Protocol Address Verifier, or CIPAV, including whether the bureau believes it can install it on Americans' computers willy-nilly in the wake of a wacky 9th U.S. Circuit Court decision this month.

We were planning to list them for your delectation, only to find that Kevin Poulsen at Wired had already done an excellent job of it. (We should note that, although we were on the trail of the CIPAV story this week, Wired was first to publish it.)

Some of the questions Kevin posed to the FBI, with no answers as of Thursday:

•  What kind of investigations has the CIPAV assisted in?

•  Does the CIPAV have the capability, if so configured, to record keystrokes? Generally, does the FBI have the ability to electronically and surreptitiously deliver monitoring software to a target's PC that records keystrokes?

•  Do other law enforcement agencies have access to the CIPAV technology?

We also contacted the FBI with our own questions--with no better luck in terms of actually getting a response from the bureau, which must be busy defending our nation from serious threats or something.

[imacpwr]

Totally lame news blog...!!!

FBI refuses to answer journalists' questions about its spyware..?!?!
Oh MY GOD..!!! You mean the FBI keeps secrets about it's
undercover operations and technics from the public..???

Like DUHHHHHH.....!!!!

As if we'd expect to see a headline "FBI reveals all...!!!!"

[TogetherinParis]

FBI & Kennedy, King, RFK, Wallace, Ford, Regan assassinations/attempts

People in the FBI have to deal with society's worst people. They
do it in a dispassionate, professional way. Can they be
manipulated?
Long ago computer image enhancement identified who shot JFK,
but the FBI has done nothing. Why? Instead they've kept tabs
on the non-clueless among us, on civil rights workers (ahem!
Commies), on equal rights workers (ahem! perverts). Whatever
their faults, they have helped keep the country together and
they've kept criminals from taking over completely--except
during Bush administrations! ha ha Seriously, though, we owe
the dedicated people of the FBI a debt of gratitude for their
patriotic service. So what if they did blow $50,000,000.00
trying to hunt up some criminal misdeeds by Hillary Clinton?
People are human, and need our forgiveness. Whats a few
million spy-ware program/viruses, anyway? Except for the
blackouts and the space shuttle shoot down, they've kept us safe
from Obama Bin Laden.

[rbiz]

It's Still Our Choice - for now...

I think it is a point well made that, techniques for undercover
work are not readily shared with the public, and in practice I'm
not against this as long as there are "oversight committees"
made up of good bipartisan groups to police the policeman, and
I'm not being sarcastic here, these are the principles and
philosophies the United States of America was founded on in
order to protect the freedoms of its citizens even from its own
government if need be. And alas, this point is where we as
Americans are somehow losing or have already lost our way.
Even before 911 we as a nation were in a mood where we just
wanted our gasoline and our high speed internet and we didn't
care or want to know how, just as long as we get what we think
made us comfortable. As Americans we have well forgotten
what makes a true American - ultimately. Loyalty to our
president and our country should be among the the noble
principles that we are willing to die for, and I think that from
Vietnam to Iraq we as American have proven our willingness to
get the job done even when it doesn't feel good. But there is an
overarching principle upon which this great nation was founded
that trumps all other national causes, remember what that is?
Personal, individual rights. Our constitution in essence and in
fact, gives every American citizen the right to defend our
respective personal freedoms, even against our own government
if our government begins to usurp by force, or in any other way
to take away those freedoms. In fact the implication is that its
our duty to do so.

Most of the time nationalism is a good thing, but we have
already willingly given up more than we will ever be able to get
back, and right now my question is, how much more are we
going to give up. We need to think very carefully about what
powers we are electing our government to carry on our behalf.
We are not a country of people for a government, but a country
by the people and for the people.

[inachu]

just ping them back

If you have solid data light connections then just do a nslookup and if you look up the ip address on the web then you will know if it is govt or not. If its not then call police. If it is then ping the remote ip like crazy

[TogetherinParis]

Ping the FBI & it could be obstruction of justice, so

If one were to ping the FBI & it could be obstruction of justice. If I
were on the jury and you did any communication to a government
computer intentionally to disrupt survalence--even on yourself--I
would vote to convict you and send you to prison for quite a long
time. If you feel your rights have been violated by a government
agency, call them up to complain, get a lawyer, and vote
Democratic next time.

[MOZART-TURM]

FBI MAKES ONLINE VISITS AT HOME

We have in Germany the same situation. Our minister Schaeuble want the same crime situation against the privacy of the german people. We are engaged to defend this idea of GEORGE ORWELL. We MUST FIGHT against this, we HAD (!!) Mr. Heinrich Himmler during the NAZI-TIME, and we are really NOT INTERESTED, that stupid people will kill the democr4acy in our country.

Sebastian Tropp
Mozart-Turm Deutschland

[Roy L. Benedict]

FBI makes online visits

Most citizens have nothing to fear from this because they are not monitored. The purpose is to intercept messages from those that are planing to blow up buildings and people in Germany and around the world and prevent this from happening. This could work against illegal hackers and virous producers. NAZI-TIME? Tisk, Tisk. They did a lot of bad things but e-mail they didn't have.