Feeds

Judge dismisses keylogger case

'I'm a whistleblower, and I'm getting the shaft'

  • alert
  • submit to reddit

High performance access to file storage

A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law.

Larry Ropp, a former claims adjuster for a US insurance company, was caught last year using a "KEYKatcher" brand surveillance device on a secretary's computer while secretly helping consumer attorneys gather information against his employer, Bristol West Insurance Group. The KEYKatcher attaches inline with a keyboard connector, and stores every keystroke in an internal memory for later retrieval.

Last March a grand jury in Los Angeles indicted Ropp, in what prosecutors trumpeted as the first federal criminal prosecution for the use of a hardware keystroke logger. The indictment charged a violation of the federal wiretap statute, which makes it illegal to covertly intercept electronic communications transmitted "over a system that affects interstate or foreign commerce."

Prosecutors maintained that the tapped PC was covered by the statute because it was connected to Bristol West's national computer network, and the secretary had composed electronic mail messages on it.

But district court judge Gary Feess disagreed, and last month granted a defense motion to dismiss the indictment. Feess ruled that the interception of keystrokes between the keyboard and the computer's CPU did not meet the "interstate or foreign commerce" clause in the federal Wiretap Act, even if some of those keystrokes were banging out email. "[T]his court finds it difficult to conclude that the acquisition of internal computer signals that constitute part of the process of preparing a message for transmission would violate the Act."

"The network connection is irrelevant to the transmissions, which could have been made on a stand-alone computer that had no link at all to the internet or any other external network," Feess wrote. "Thus, although defendant engaged in a gross invasion of privacy ... his conduct did not violate the Wiretap Act. While this may be unfortunate, only Congress can cover bases untouched."

The court based its decision in part on a controversial ruling by the First Circuit Court of Appeals earlier this year that threw out wiretapping charges against Branford Councilman, a former vice president of an online bookseller who provided customers with free email accounts, then set up a system that made covert copies of some messages for his later perusal. Feess found that here, as in the Councilman case, the email was not intercepted as it traveled over the network.

Electronic privacy groups have joined with government prosecutors to try and overturn the Councilman ruling, which is now under review by a larger panel of judges.

The court also cited a 2001 case in which a federal judge in Newark, New Jersey ruled that the FBI did not violate the Wiretap Act when it installed a covert keylogger on the computer of organized crime suspect Nicodemo Scarfo. In that case the FBI assured the court that that its keylogger had been configured to stop recording keystrokes when Scarfo connected to the Internet.

In an interview with SecurityFocus following his indictment, Ropp admitted to using the keylogger, which he said he'd purchased off the Internet. But he defended his office skullduggery as a necessary evil to expose improper anti-consumer practices at the company, which had previously been sanctioned for illegally canceling some customers' automobile insurance policies. "The FBI themselves use keyloggers quite a bit," Ropp said. "Here, I'm a whistleblower, and I'm getting the shaft."

Prosecutors filed a motion last week asking the court to reconsider the Ropp ruling. Ropp's attorney, federal public defender Firdaus Dordi, said he couldn't comment on the decision until the judge rules on that motion.

Related stories

UK police issue 'vicious' Trojan alert
Guilty plea in Kinko's keystroke caper

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.