In theory, how secure are instant messaging applications, such as AOL Instant Messenger, ICQ, MSN app., etc. - and if the transmissions can be intercepted, how admissible is the evidence collected? I'd doubt it wouldn't stand up as the possibility for forging/hacking an account. just curious...
Instant Messaging - can it be used against you?
- Thread starter itchi23
- Start date
LovingLife
Bluelighter
- Joined
- Mar 16, 2002
- Messages
- 17
Hey man,
What are you talking about...sorry, it sounds interesting what you are asking, but I can not understand all of it!! Please rewrite this for me
What are you talking about...sorry, it sounds interesting what you are asking, but I can not understand all of it!! Please rewrite this for me
KundaliniOso
Bluelighter
- Joined
- Mar 13, 2002
- Messages
- 9
I dont know if this will help or not, but a few days ago I heard about a carnivore program that the government was using to scan ICQ chats. Strictly through the grapevine, I heard that some people in California got into some trouble for speaking of pushing tabs. The way I see it: go ahead and make innuendos whilst chatting, but never flat out admit it.
lovinglife: well, basically I was asking if any communication captured from a messaging app. can be used as evidence against you - like phonetapping your IM'ing in a way. I know this tactic has been used against computer crime, but the communication has been in more or less a public forum (IRC, javachat, etc.) and not in a strictly peer-to-peer basis.
themagicbean
Bluelighter
- Joined
- Oct 9, 2001
- Messages
- 455
Laws regarding e-com are very wierd. Email I know is protected during transmission, but not once received. If they dig through your computer and find old letters saying "yeah I'm gonna break these laws," they're admissable. I've never heard of the program that you speak of, it seems feasable, but you have to ask yourself: How likely is it that this will affect me? Gov't resources are limited and they're not going to spend time tracking down every IMer who mentions toking.
[ 23 March 2002: Message edited by: themagicbean ]
[ 23 March 2002: Message edited by: themagicbean ]
thinctwo
Bluelighter
- Joined
- Oct 4, 2000
- Messages
- 1,673
yea, theyre all pretty damn easy to read. admissibility in court would be at the discretion of the local laws and judge, etc.
id highly reccomend that if you have any plans to relay any message that can even be construed to imlicate you in committing a crime, you use a vpn for communication. or you could just use pgp email. but aim... damn. you can get owned just by sending someone a message if they know whats up.
id highly reccomend that if you have any plans to relay any message that can even be construed to imlicate you in committing a crime, you use a vpn for communication. or you could just use pgp email. but aim... damn. you can get owned just by sending someone a message if they know whats up.
phishEcLOVEr
Bluelighter
- Joined
- May 13, 2000
- Messages
- 2,029
This is my knowledge of the program you speak of which is called DCS1000 aka "Carnivore"...
It does exsist and is very much implemented by the FBI since 9-11 for obvious reasons. Now what the "Carnivore" does is it intercepts outgoing messages via a central hub (very much like your ISP well actually it is connected to an ISP) Now the message gets recieved by the other party w/o the sender or the recipient knowing that it has been intercepted. and there ya go, the FBI has the message. The DCS1000 that the FBI uses right now only "captures" text but there are other programs that can do a lot more. I will put an article that explains the DCS1000 in more technical terms...
on to "Will it affect me?"
themagicbean is right... it probably won't b/c the Gov does not have time to read some guy's email or IM thats fucking around but theoretically they could read it. A teacher of mine was discussing privacy and civil liberties to the class and we got on the subject of the government watching us...well basically he told us "Do not write anything you do not want anyone to see" and this is true in a sense. Writing is one of the biggest and easiest ways of incrimnating yourself (other then the "smoking gun")
So i guess just pay attention to what you write b/c it could come back to haunt you...
here is how the "Carnivore" works:
~
The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).
The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.
Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.
Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.
The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.
The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.
Privacy questions remain
As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.
With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.
"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.
"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."
In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.
"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."
So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.
Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.
"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."
So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.
Very slick, and not at all nice. A true Janet Reno production in all aspects. ®
taken from: http://www.theregister.co.uk/content/6/15591.html
~
peache,
~ollie
*edit*
Just one more thing, LEGALLY the feds have to get a warrent from a judge to use this program
[ 27 March 2002: Message edited by: phishEcLOVEr ]
It does exsist and is very much implemented by the FBI since 9-11 for obvious reasons. Now what the "Carnivore" does is it intercepts outgoing messages via a central hub (very much like your ISP well actually it is connected to an ISP) Now the message gets recieved by the other party w/o the sender or the recipient knowing that it has been intercepted. and there ya go, the FBI has the message. The DCS1000 that the FBI uses right now only "captures" text but there are other programs that can do a lot more. I will put an article that explains the DCS1000 in more technical terms...
on to "Will it affect me?"
themagicbean is right... it probably won't b/c the Gov does not have time to read some guy's email or IM thats fucking around but theoretically they could read it. A teacher of mine was discussing privacy and civil liberties to the class and we got on the subject of the government watching us...well basically he told us "Do not write anything you do not want anyone to see" and this is true in a sense. Writing is one of the biggest and easiest ways of incrimnating yourself (other then the "smoking gun")
So i guess just pay attention to what you write b/c it could come back to haunt you...
here is how the "Carnivore" works:
~
The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).
The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.
Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.
Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.
The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.
The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.
Privacy questions remain
As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.
With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.
"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.
"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."
In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.
"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."
So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.
Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.
"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."
So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.
Very slick, and not at all nice. A true Janet Reno production in all aspects. ®
taken from: http://www.theregister.co.uk/content/6/15591.html
~
peache,
~ollie
*edit*
Just one more thing, LEGALLY the feds have to get a warrent from a judge to use this program
[ 27 March 2002: Message edited by: phishEcLOVEr ]
Frustrated
Bluelighter
- Joined
- Jun 9, 2003
- Messages
- 2,918
Can and do prosecutors access IMessage logs to further incriminate defendants?
I ask because I am currently facing a court date for minor NON DRUG RELATED charges - but I think the police falsely believe me to be trafficking (because as it stands, they're basically trying to throw the book at me - and not observing many legal procedures of investigation in doing so)
My conversations on MSN definitely have incriminating evidence of drug abuse and passing consideration of dealing, as do the many forums I post at.
Now can, and do police begin to follow my online actions in hopes of bringing up something severe at my minor infringement court date?
Welcome to 1984
Or a rotten, paranoid kid. I can't tell
I ask because I am currently facing a court date for minor NON DRUG RELATED charges - but I think the police falsely believe me to be trafficking (because as it stands, they're basically trying to throw the book at me - and not observing many legal procedures of investigation in doing so)
My conversations on MSN definitely have incriminating evidence of drug abuse and passing consideration of dealing, as do the many forums I post at.
Now can, and do police begin to follow my online actions in hopes of bringing up something severe at my minor infringement court date?
Welcome to 1984
Or a rotten, paranoid kid. I can't tell
Mariposa
Bluelight Crew
- Joined
- Sep 8, 2002
- Messages
- 24,741
w00t
I found some case law
People v. Ulloa
It pertains to sexual abuse (oral sex & sodomizing of a 15-year-old boy) as opposed to a drug matter, but the basic principle is the same.
It was ruled that the defendant's computer could in fact be examined pursuant to a search warrant that contained language about "correspondence relating to the exploitation of children." Instant messages qualified in this instance as "correspondence."
This case also cited US v. Root (11th Cir. 2002) as part of the basis for the decision, but I haven't been able to find the Root case online... anyone care to try their hand?
I found some case law
People v. Ulloa
It pertains to sexual abuse (oral sex & sodomizing of a 15-year-old boy) as opposed to a drug matter, but the basic principle is the same.
It was ruled that the defendant's computer could in fact be examined pursuant to a search warrant that contained language about "correspondence relating to the exploitation of children." Instant messages qualified in this instance as "correspondence."
This case also cited US v. Root (11th Cir. 2002) as part of the basis for the decision, but I haven't been able to find the Root case online... anyone care to try their hand?
Frustrated
Bluelighter
- Joined
- Jun 9, 2003
- Messages
- 2,918
Thanks J
but can the actual old conversation be drawn up and read from server archives (not on your computer )
but can the actual old conversation be drawn up and read from server archives (not on your computer )
buzzy
Bluelighter
- Joined
- Apr 9, 2000
- Messages
- 4,642
Unless encrypted, any transmission on the internet is subject to being intercepted and read. If it is encrypted, the govt probably has supercomputers dedicated to breaking the encryption, but i've no idea how relible that is.
More info on carnivore:
http://www.fbi.gov/hq/lab/carnivore/carnivore2.htm
More info on carnivore:
http://www.fbi.gov/hq/lab/carnivore/carnivore2.htm
buzzy said:
Actually, buzzy, the good news is they still can't crack even basic PGP! I used to think that was bad for the country (terrorism and all that) but now I think it's a good thing. But of course, how many of us encrypt? Not that we have anything to hide!
Actually, buzzy, the good news is they still can't crack even basic PGP! I used to think that was bad for the country (terrorism and all that) but now I think it's a good thing. But of course, how many of us encrypt? Not that we have anything to hide!
buzzy
Bluelighter
- Joined
- Apr 9, 2000
- Messages
- 4,642
That is what they tell us
OK I exaggerated a little but all it takes is enough computing years. 56bit RSA took 40 days to brute force in '98 and the pgp faq estimates 300,000,000,000 MIPS years to crack a pgp 1024bit message. So maybe in a few decades it'll be cracked.
The only thing i encrypt is my passwords.
Jase
Bluelight Crew
- Joined
- Oct 21, 1999
- Messages
- 2,117
Have they confiscated your computer? If they suspect you of a computer related crime then the first order of business would be confiscating it for investigation, so that they could verify that your computer was the same one used for the messages or whatever.
If they have no interest in your pc then its reasonable to assume that your pc has nothing to do with this stop.
If they have no interest in your pc then its reasonable to assume that your pc has nothing to do with this stop.