I agree with those that say the Ropp decision (the California case that
started this thread) was wrongly decided. And if the facts were presented
to me to consider prosecuting in NY, I would advocate to my supervisors that
this is both an unlawful duplication of computer material as well as the
eavesdropping of an electronic communication in transit (as long as we can
show, as Robert indicates below, that it is a communication that's being
intercepted and not just something being used to log on to the system and
not something that is simply being stored locally on storage media). Not
sure my supervisors would necessarily support this conclusion and approve an
arrest, but it is my interpretation of NY law.
The distinction I would make with the Scarfo case is as noted in an earlier
email in this thread. In Scarfo the logging program shut itself down as the
modem was activated (at least that was the court's finding of fact in
Scarfo, so I'm assuming it's accurate which could be a mistake, but assume
is all I can do on this set of facts). So no "in transit" communication
could be intercepted by the keylogger.
Stephen Treglia
Assistant District Attorney
Chief, Technology Crime Unit
Nassau County DA?s Office
272 Old Country Road
Mineola, New York 11501
516-571-3343
(f) 516-571-0806
From: Robert Morgester <robert.morgester@doj.ca.gov>
Date: Wed, 01 Dec 2004 07:33:58 -0800
As a California State attorney, I am by no means an expert on federal
law. However, if i was prosecuting this in state court there would be
no issue with charging him under our computer crime statute (P.C. 502).
If the key logger captured communication, charges may include
interception of confidential communication (P.C. 632) and wiretap. Both
interception of confidential communication and wiretap would require the
recording of a communication that was in transit. If a key logger is
set only to record pass words (first 20 characters logged upon start of
computer) your limited to traditional computer crime statutes.
Robert M. Morgester
Deputy Attorney General, Special Crimes Unit
(916) 445-9330
Robert.Morgester@doj.ca.gov
>>> "Lachniet, Mark" <mlachniet@sequoianet.com> Wednesday, December 01,
2004 >>>
The Scarfo case is particularly interesting, in that they apparently
had
to jury rig the key logger to not record while communications were
taking place to avoid wiretap laws. Some more info at
http://www.epic.org/crypto/scarfo.html on that.
I guess my question is this - was this a case of someone being
prosecuted under the wrong law, or is there really a big legal hole in
this area? Do we need a new law, or could the prosecutor have gotten
him dead to rights with a different charge? If so, what would have
been
better?
P.S. - the Keycatcher is a great FUD tool for conferences. Well worth
the $60 just to pass it around and watch people get nervous :)
Mark Lachniet
> -----Original Message-----
> From: dave kleiman [mailto:dave@isecureu.com]
> Subject: Keylogger case
>
> "BY By Kevin Poulsen, SecurityFocus Nov 19 2004 6:40PM A
> federal judge in Los Angeles has dismissed charges against a
> California man who used a keystroke"
>
> http://www.securityfocus.com/news/9978
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
