The FBI has become ever more frustrated in their attempts to monitor the online actvities of suspects. Their carnivore system, which was supposed to be the magic bullet in their attempts to fight crime on the internet, has become extremely high profile, causing it to become less effective as suspects have begun using other means to send their messages. Additionally, suspects have been using high powered cryptography more and more often. As a result, the FBI has found themselves unable to read the messages of these suspects, severly limiting their usefulness in investigations. Because of this, the feds have been researching ways of getting the suspects to unknowingly hand over the passwords and keys used to scramble their messages. One of the ways they are proposing to do this is through a system known as Magic Lantern.
As the FBI currently will not divulge the details of Magic Lantern, much of how it works is in the field of speculation and rumor. Allegedly, though, it works similar to such malware as Back Orifice and Sub7 in that the suspect unknowingly downloads a backdoor through an email attatchment. The program then invisibly installs itself, and hides in the background. It then goes to work surreptitiously logging the keystrokes of the suspect, hoping to gather the passwords used by the suspect to encrypt their files. These keystrokes are then retrieved by the FBI through either an email sent when the suspect connects to the internet, or simpy stored on the computer for when the FBI executes a search warrant on the suspect's property.
Once the FBI gets a hold of the keystroke logs, the suspect's encrypted files are essentially wide open. After a small amount of analysis, the FBI has the passwords used to protect the encrypted files, and can thus decrypt those files at their leisure. They can then use the information used in those files in their investigation of the suspect.
Obviously, there are severe civil rights implications caused by using this software. The FBI has asserted that need minimal judicial oversight, such as a very minimal search warrant in order to use such key-loggers, which suggests that the FBI may attempt to use this technology more often than they should. The rights of foreign intrests are also in question, as the FBI doesn't have the power to surveil persons outside the US's jurisdiction without a clear and convincing case that the US is threatened by the foreign party's actions. Additionally, due to the fact that the FBI is counting on social engineering to spread their logger, it is entirely feasible that the program could find its way onto computers not involved in an FBI investigation.
Due to the controversial nature of the software, there is a lot of discussion on the internet about this software and its implications. Groups such as the EFF, and EPIC are concerned about the civil rights implications of this technology; as the technology is so easy to send to other computers, its entirely feasible that the FBI could use this in situations where they're not authorized to. Initially, there was also concern that computer anti-virus software manufacturers, such as McAfee and Symantec, would modify their anti-virus software so that it does not detect Magic Lantern. This has caused much concern as well, because if these allegations are true, then it is entirely possible that some malicious person will design a backdoor that looks like Magic Lantern, causing the malware to go unnoticed. At the moment, though, it appears that the anti-virus vendors are not cooperating with the FBI, out of concern for the security of their customers.
Obviously, much of the controversy over Magic Lantern is over the issue of trust. As the FBI has a spotty past with abusing their powers, many people are justifiably concerned about the privacy concerns of any FBI technology. Also, such technology is rarely subject to third-party review, meaning that no one outside the Bureau is truly completely certain they know what the technology does.
As this much of the knowledge of this technology is based in rumors, there is certainly an amount of inaccuracy in any report. The FBI's currently not commenting on any inquiries into the development of the software. Though the basic information should be correct - the FBI is looking into ways of monitoring suspects' data.
If you have any suggestions or comments about this w/u, please /msg me so I can attempt to integrate your info into my writeup. As I am nearly certain new info will come out on the subject, portions of this writeup could change. Just tell me what you know on the subject, and I'll be sure to credit you with the info.
History of Magic Lantern:
Nov 30, 2001: First reports leaked on Magic Lantern. Most info unclear on whether program exists and whether antivirus manufacturers would cooperate with the FBI in deploying this program.
December 12, 2001: FBI confirms the existence of Magic Lantern. Most antivirus manufacturers have put out statements saying they will not cooperate with the FBI. Added info about possible rights violations of foreign individuals - Thanks ameoba.