By Jane Black
In January, 1999, informants told the FBI that Nicodemo Scarfo, son of the reputed Philadelphia Mob boss "Little Nicky" Scarfo, was running a sports-betting and loan-sharking operation. To prove it, FBI agents broke into Scarfo's office. There, they surreptitiously copied computer files from his hard drive, which they believed contained records of Scarfo's illegal activities.
Turns out Scarfo, 35, had his own high-tech tricks. Some of the files that investigators wanted to access were encrypted, or scrambled, with a program called PGP -- Pretty Good Privacy, which sells on the Internet for about $50.
Unable to crack the encryption code without a password, agents went back again with a search warrant and placed on his computer a high-tech device called a key logger, which monitors every keystroke. After nearly two months of surveillance, the FBI cracked his password: nds09813-050. A source close to the case later confirmed that it's Scarfo's father's prison identification number. The Feds had it all the time.
Did the FBI have a legal right to snoop for Scarfo's information? His defense team and several privacy organizations say the FBI's key-logger system constitutes a type of electronic wiretap, which would require a judge to issue a court order for it, not a search warrant. Now the Scarfo defense team has filed motions asking the government to reveal how the key logger works, which could presage a request to throw the evidence out.
The FBI has refused to reveal any details about the high-tech snooper and says only that it's a "sensitive" law-enforcement tool. But the Feds seem to have no friend in the judge. In a caustic opinion, U.S. District Judge Nicholas Politan has demanded that unless the government can prove that revealing how the technology works would harm "criminal and national security operations," it must unveil how the key logger works by Aug. 31.
If nothing else, the dispute in the Scarfo case indicates that the Federal Wiretap Law needs another hard look. The statute, designed to safeguard the privacy of individuals, was last updated in 1986, long before e-mail and encryption were a glimmer in the eye of most computer geeks or criminals.
Technology has changed drastically since then. Today, people don't just communicate over copper wires but through the air on cell phones and over fiber via e-mail and instant messages. According to International Data Corp., an average of 5.1 billion e-mails were sent every day in the U.S. in 2000. By 2005, that number will grow to 11.5 billion.
Yet the Federal Wiretap Law's language still focuses on protection of communications over traditional phone lines. To receive the highest level of protection, the statute says communications must involve an "aural transfer" that travels "by the aid of wire, cable, or other like connection." An "aural transfer" has been interpreted in various court rulings as a communication that consists in part of the human voice.
Here's the conundrum: Keystrokes do not a human voice make, so they probably wouldn't be given an equal level of protection under the Wiretap Law, legal experts say. Until now, the courts have generally stuck to technical interpretations of the law. That approach must either evolve or be changed to incorporate other types of electronic surveillance if the spirit of the statute is to be maintained.
Take the key logger. Like a wiretap, it appears to monitor every word typed into a computer. Since so many people compose their thoughts by typing them these days, a key logger could potentially record not only communications to others but personal thoughts that may have been deleted before the communication was sent. "Our regulation is set up for neat little categories of technology. But technology is starting to converge, and those categories don't make much sense anymore," says Paul Schwartz, a professor of privacy law at Brooklyn Law School.
The advent of virtually unbreakable encryption for less than $50 means the FBI may increasingly have to turn to surreptitious monitoring in its fight against crime. The government may also have good reason to try keeping the key logger's mechanism a secret. For all we know, it's being used right now to track terrorists or other organized-crime operations. Revealing how it works could undermine other investigations.
"The FBI isn't a bunch of bad guys who want to tramp on people's rights. They want to stop criminals. It's always a balancing act," says Jim Kallstrom, the former head of the FBI's New York Office.
FLYNT AND SCARFO.
Striking that balance leaves us two choices. The first is to redefine existing laws to reflect technology's evolution. The Scarfo case suggests that the surreptitious monitoring of key strokes may in fact be very similar to a secret wiretap over a phone line. So broader judicial scrutiny and approval of cases where law enforcement uses sophisticated electronic eavesdropping seems to be in order.
The other way to go would be to pass broad, new privacy laws similar to the ones found in Germany and France. These laws, like the Fourth Amendment, try to express a society's common principles. More important, they're flexible and designed to evolve through time -- and technology.
Unpopular cases often test the letter and spirit of our laws. No one would have predicted that Larry Flynt would bring a case that resulted in the First Amendment being better defined and upheld. Nicodemo Scarfo may or may not be found to be involved in illegal activity. That's for the courts to decide. But his case clearly illustrates the potential inadequacies of the current wiretapping laws. Those laws ultimately affect not only alleged criminals but all of society that relies on the laws to protect their civil rights.
Black covers privacy issues for BusinessWeek Online. Follow her twice-monthly Privacy Matters column, only on BW Online
Edited by Alex Salkever