Feeds

Judge dismisses keylogger case

'I'm a whistleblower, and I'm getting the shaft'

  • alert
  • submit to reddit

SANS - Survey on application security programs

A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law.

Larry Ropp, a former claims adjuster for a US insurance company, was caught last year using a "KEYKatcher" brand surveillance device on a secretary's computer while secretly helping consumer attorneys gather information against his employer, Bristol West Insurance Group. The KEYKatcher attaches inline with a keyboard connector, and stores every keystroke in an internal memory for later retrieval.

Last March a grand jury in Los Angeles indicted Ropp, in what prosecutors trumpeted as the first federal criminal prosecution for the use of a hardware keystroke logger. The indictment charged a violation of the federal wiretap statute, which makes it illegal to covertly intercept electronic communications transmitted "over a system that affects interstate or foreign commerce."

Prosecutors maintained that the tapped PC was covered by the statute because it was connected to Bristol West's national computer network, and the secretary had composed electronic mail messages on it.

But district court judge Gary Feess disagreed, and last month granted a defense motion to dismiss the indictment. Feess ruled that the interception of keystrokes between the keyboard and the computer's CPU did not meet the "interstate or foreign commerce" clause in the federal Wiretap Act, even if some of those keystrokes were banging out email. "[T]his court finds it difficult to conclude that the acquisition of internal computer signals that constitute part of the process of preparing a message for transmission would violate the Act."

"The network connection is irrelevant to the transmissions, which could have been made on a stand-alone computer that had no link at all to the internet or any other external network," Feess wrote. "Thus, although defendant engaged in a gross invasion of privacy ... his conduct did not violate the Wiretap Act. While this may be unfortunate, only Congress can cover bases untouched."

The court based its decision in part on a controversial ruling by the First Circuit Court of Appeals earlier this year that threw out wiretapping charges against Branford Councilman, a former vice president of an online bookseller who provided customers with free email accounts, then set up a system that made covert copies of some messages for his later perusal. Feess found that here, as in the Councilman case, the email was not intercepted as it traveled over the network.

Electronic privacy groups have joined with government prosecutors to try and overturn the Councilman ruling, which is now under review by a larger panel of judges.

The court also cited a 2001 case in which a federal judge in Newark, New Jersey ruled that the FBI did not violate the Wiretap Act when it installed a covert keylogger on the computer of organized crime suspect Nicodemo Scarfo. In that case the FBI assured the court that that its keylogger had been configured to stop recording keystrokes when Scarfo connected to the Internet.

In an interview with SecurityFocus following his indictment, Ropp admitted to using the keylogger, which he said he'd purchased off the Internet. But he defended his office skullduggery as a necessary evil to expose improper anti-consumer practices at the company, which had previously been sanctioned for illegally canceling some customers' automobile insurance policies. "The FBI themselves use keyloggers quite a bit," Ropp said. "Here, I'm a whistleblower, and I'm getting the shaft."

Prosecutors filed a motion last week asking the court to reconsider the Ropp ruling. Ropp's attorney, federal public defender Firdaus Dordi, said he couldn't comment on the decision until the judge rules on that motion.

Related stories

UK police issue 'vicious' Trojan alert
Guilty plea in Kinko's keystroke caper

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.