Return to Home



The Genie is Out of the FBI’s "Magic Lantern"

Since the tragic events of September 11, there has been considerable debate over increased government powers to fight the war on terrorism. Some of these new powers may be necessary, while others could result in more harm than good by eroding some of the fundamental freedoms that our constitutional republic requires.

The most recent debate centers on a new technology the FBI is reportedly developing called "Magic Lantern." This technology would permit the FBI and other law enforcement agencies to significantly expand cyber-surveillance capabilities. According to numerous news reports, Magic Lantern remotely installs a virus onto a suspect’s computer, which then logs all keystrokes made on the system. This would enable law enforcement agents to obtain passcodes to read data and communications that have been encrypted or scrambled, techniques some believe were used by the terrorists in the planning and implementation of the September 11 attacks. Rather than crack the encryption itself, which could take months or years using traditional code-cracking techniques, law enforcement would be able to obtain passwords to the encrypted data by reading through keystroke logs.

Proponents of this new technology claim Magic Lantern will resolve many of the frustrations the FBI faces today in cracking encrypted communications in criminal and terrorist investigations. Furthermore, proponents argue that the ability to remotely attach the software mitigates problems with existing monitoring technology, which requires investigators to obtain a "sneak-and-peak warrant" to physically attach devices to a suspect’s computer in his/her home or business. Magic Lantern can be installed on a suspect’s computer by sending a phony e-mail attachment or by using the same techniques hackers use in exploiting weaknesses in commonly used commercial software.

Opponents of Magic Lantern claim the new eavesdropping software goes too far and raises serious constitutional questions regarding privacy and property matters, as it alters the suspect’s computer without his or her consent. They argue that the smallest change or addition in code by the FBI can significantly corrupt performance of the system, or worse, result in loss of data or a complete crash. Similar criticism has been leveled against anti-virus software companies that are reportedly colluding with the FBI to ensure their programs don’t inadvertently detect Magic Lantern and alert the suspect.

Some opponents argue that such surveillance power could lack sufficient judicial oversight. Due to the remote installation capability, it could allow law enforcement to circumvent wire-tapping restrictions, enabling the government to use the technology under authority of a traditional search warrant, which involves significantly less oversight by the courts.

So does Magic Lantern violate fundamental privacy and property protections or does it level the playing field between law enforcement and criminals?

An argument can be made that Magic Lantern is more palatable and raises fewer Fourth Amendment search and seizure concerns than other cyber-surveillance methods such as the FBI’s controversial Carnivore program. Unlike Carnivore, Magic Lantern targets an individual suspect, rather than gathering communications and web activities from the population of a specific geographical region — catching some innocent and unsuspected people in the surveillance net. On the other hand, Magic Lantern-type keylogging software may result in "overly broad" searches, as the virus would enable investigators to read every key stroke entered by the suspect. A search may be overly broad if investigators had to monitor every keystroke made by the suspect to obtain encryption passcodes if a court-ordered warrant only permits a search for such passcodes.

One thing is certain, Magic Lantern is less intrusive than the concept of "encryption key escrow," which grants government the keys to all encryption software. Shortly after the September 11 attacks on the World Trade Center and the Pentagon, Senator Judd Gregg (R-NH), in a statement on the Senate floor, called for a global ban on all data-scrambling technology without government backdoor keys for surveillance purposes. He later stated that he was drafting legislation to give law enforcement more tools to unscramble messages to prevent future terrorist attacks. After protests from several cryptologists and academics, Senator Gregg retreated from the idea.

The events of September 11 may warrant additional law enforcement tools to aggressively pursue legitimate suspects in criminal and terrorist investigations. But the grant of these new tools must be done with a watchful eye on the Constitution and the preservation of individual liberties and freedoms that it embodies. As far as Magic Lantern is concerned, far more knowledge needs to be obtained before an educated judgment can be made on whether or not it goes too far.

With regard to many of the new provisions sought by law enforcement authorities to adequately conquer terrorism, the Center for Individual Freedom has a simple mantra: Find a judge and get an appropriate court supervised warrant. If you can’t find a judge, one will be appointed for you.

[Posted on November 30, 2001]

Return to Technology Index