FC: Did FBI director Mueller lie to Senate about key logging?

[Declan McCullagh <declan () well com>]

I'm a big fan of Thomas' work, but I don't think his article below makes 
the case that our new FBI director lied to Congress.

The 1992 CERT advisory -- Robert Mueller is listed in the acknowledgements 
-- talks about keystroke logging of the form done by system and network 
administrators. (http://www.cert.org/advisories/CA-1992-19.html) The 
obvious methods at the time to do so were tools like tcpdump and even 
printers hooked up in the way Cliff Stoll documents in the Cuckoo's Egg. 
There's a big difference between monitoring what users are doing on a 
multi-user, networked Unix system accessed entirely remotely and recording 
what one person is typing locally on a Windows PC.

Last week I posted the transcript of Mueller's comments before the Senate 
Judiciary committee. In response to a question about the Scarfo monitoring 
technology, which the FBi developed internally in the last few years, he 
replied:

http://www.politechbot.com/p-02341.html
> MR. MUELLER: I'm not familiar with that new technology, have not had 
> occasion to use it in our district. I read the same article that the 
> senator read, with interest, because it was the first I'd ever heard if 
> it. Until I know more about it, I really don't think I can commit one way 
> or the other.

Those comments seem to be truthful. I don't think the Scarfo technology -- 
based on what we know of it -- is anything near what the CERT advisory is 
talking about.

-Declan

*********

From: "Thomas C. Greene" <tcgreene () bellatlantic net>
Subject: FBI chief Mueller lied to Senate about key-logging
Date: Wed, 8 Aug 2001 15:06:07 -0700


http://www.theregister.co.uk/content/6/20894.html

FBI chief Mueller lied to Senate about key-logging
By Thomas C Greene in Washington
mailto:thomas.greene () theregister co uk

New FBI chief Robert Mueller's testimony before the US Senate during his
confirmation hearing last week, to the effect that he had no understanding
of key-logging technology, sounded very wrong to us.

We were hoping that he was just exhibiting naiveté when, under questioning
from US Senator Maria Cantwell (Democrat, Washington State) about the FBI's
prosecution of mobster Nicodemo Scarfo, Jr. by means of a black-bag job
involving a key logger, Mueller claimed that he's "not familiar with that
new technology, and [had] not had occasion to use it in [his] district."

We figured that little gem had to be either a bald-faced lie, or evidence of
his technical incompetence and consequent unfitness to lead the FBI in the
21st Century.

Naturally, we all prefer honest incompetence to active deceit, and we were
hoping that the second explanation would prove right; but we're sorry to
report that we've got evidence that actually Mueller knows a great deal
about key-logging technology.

If we consult the following advisory
http://www.cert.org/advisories/CA-1992-19.html from the Computer Emergency
Response Team (CERT) Coordination Center at Carnegie Mellon University, we
find that Mueller contributed to a report on the legalities of installing
key-logging technology on a network.

The bulletin advises systems administrators that because key logging could
be controversial (as the courts had yet to rule on its legality), it would
be best to put a prominent banner warning users and intruders alike that
their comings and goings will be monitored.

The bulletin is dated December 1992, revised September 1997. Clearly,
Mueller has been well acquainted with the technology he told Congress he
knows nothing about.

Sadly, it appears he lied to Congress. And even if he was splitting hairs,
i.e., speaking of a very specific implementation of key-logging technology
which he himself hasn't yet played with, he's still deceitful.

He might have been a man about it, and declined to answer on grounds that
the technology in question is currently being tested in the courts -- that
is, in the Scarfo case. At least he would have shown some spine. But by
fobbing off the question with a lie, or with a split-hair statement
calculated to mislead the Senate, he's demonstrated that he's afraid of
tough questions, and eager to take the coward's path out.

It's a very sad symbol of his brand-new tenure, and a most horrible way to
start it. ®




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------