Florida Law, Does a Keystroke Logger Violate the 4th Amendment

January 18, 2008 by David S. Seltzer

Under Florida law and most States, a search by a private person does not implicate the Fourth Amendment unless he acts as an instrument or agent of the government. United States v. Steiger, 318 F.3d 1039 (11th Cir. 2003)(citing United States v. Ford, 765 F.2d 1088, 1090 (11th Cir.1985)). For a private person to be considered an agent of the government, we look to two critical factors: (1) whether the government knew of and acquiesced in the intrusive conduct, and (2) whether the private actor's purpose was to assist law enforcement efforts rather than to further his own ends. See United States v. Simpson, 904 F.2d 607, 610 (11th Cir.1990).

In United States v. Scarfo, 180 F.Supp.2d 572 (D.N.J. 2001), and United States v. Ropp, 347 F.Supp.2d 831 (C.D. CA 2004), the Courts held that a keystroke logger, did not fall under the purview of a violation of the Wiretap Act as there no transmission .

A hacker who accesses another’s computer and discovers evidence of a crime, is not in violation of the Fourth Amendment, or the Wiretap Act. Steiger, at 1045. In Steiger, the defendant’s computer was compromised by a Trojan horse program, which allowed an anonymous hacker to access Steiger’s computer via the Internet. Id. at 1044. The Court found there was no interception of electronic material in contemporaneous with acquisition as the anonymous user was simply viewing what was already on Steiger’s computer.

A keystroke logger, sometimes called a keylogger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user's keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device "in plain sight." (It also helps that most workstation keyboards plug into the back of the computer.) As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later point in time, the person who installed the keylogger must return and physically remove the device in order to access the information the device has gathered.

A keylogger program does not require physical access to the user's computer. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT) Trojan horse. A keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file (which does all the recording) and an executable file (.EXE) that installs the DLL file and triggers it to work. The keylogger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the program. See searchsecurity.techtarget.com, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci962518,00.html

The Court did not address whether had there been a transmission contemporaneous with acquisition whether that would be a violation, but did intimate that it probably would.

The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system. See searchsecurity.techtarget.com, http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci212220,00.html

In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus. See searchsecurity.techtarget.com, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213221,00.html