What's the big deal about Magic Lantern? (4.50 / 2) (#3)
by khym on Thu Dec 20, 2001 at 02:23:37 AM EST
I fail to see what the big deal about Magic Lantern is. With
Carnivore, there's the worry that the FBI could easily snoop packets
they have no warrant for, because it's a piece of software or
hardware doing who-knows-what under the hood at the ISP level. With
the case of Magic Lantern, it's not a virus or worm, as it doesn't
reproduce; the FBI only send it to someone they have a warrant on,
so it can only work on one person at a time. Of course, there's
nothing preventing them from sending it people who they don't have a
warrant on, but there's also nothing stopping them from breaking
into your house and putting in bugs or installing other sort of
pre-existing snoop-ware on your computer. Magic Lantern is just the
computer equivalent of a covert listening device.
And while actively ignoring Magic Lantern (as opposed to simply
refraining from adding it's fingerprint to their
files*) would create a security whole, I don't think
it's otherwise a problem. If the FBI, with a warrant in hand,
gets your landlord to let you into your apartment/house, or gets
your phone company to install a old-fashioned wire tap, they are
acting against the interests of you, their paying customer.
However, this is the way things are supposed to work: the
FBI comes to XYZ, and XYZ sneakily acts behind your back (the
bastards). Unless you're opposed to warrants which don't
immediately alert their targets (a type of warrants that have been
issued for decades), then anti-virus companies ignoring Magic
Lantern isn't any problem (except for the security hole it
*: If a fingerprint for the original Magic Lantern (ML)
weren't put in, then any knock offs of ML that might be made could
have separate fingerprints put in that specifically identify them,
while not identifying ML; that would be passively ignoring them.
But in that case, ML might set off anti-virus alarms because of
the weird stuff that it does, so anti-virus makers would have to
add a fingerprint for ML, and then write special case code which
says "If a program matches this fingerprint, turn a blind eye".
Something like that would open up a big security hole.
Give a man a match, and he'll be warm for a minute, but set him on fire, and he'll be warm for the rest of his life.