By Meir Rinde
April 27, 2006
When agents from the federal Bureau of Alcohol, Tobacco and Firearms
arrested convicted felon Michael Crooker on a charge of illegally
shipping a firearm across state lines, they searched his apartment in
the Feeding Hills neighborhood of Agawam, Mass. and found substances
that gave them pause.
They called in military and civilian hazardous material units, and a
bomb squad, and police closed off all areas within 1,000 feet. A story
spread that investigators found the poison ricin in the apartment; in
reality, they found castor beans, which have commercial uses but do
contain ricin. They also found lye, which is used in ricin production,
and rosary peas, which contain a toxin called abrin. In Crooker=B4s car
they found powerful homemade fireworks, and they conducted a
controlled explosion of at least one device.
That was almost two years ago. He=B4s now locked up at the state
correctional facility in Suffield Connecticut, awaiting trial on a
single charge of trying to ship an air-gun silencer to a man in Ohio.
The 52-year-old ex-con fills his time studying his case and writing
letters to the judge, as well as filing lawsuits against the
government and other parties, as he has done all his life.
Among the entities he has targeted is the computer maker Hewlett
Packard. In his suit, Crooker traces back the history of his Compaq
Presario notebook computer, which the ATF seized when he was arrested.
He bought it in September 2002, expressly because it had a feature
called DriveLock, which freezes up the hard drive if you don=B4t have
the proper password.
The computer=B4s manual claims that =A8if one were to lose his Master
Password and his User Password, then the hard drive is useless and the
data cannot be resurrected even by Compaq=B4s headquarters staff,=A8
Crooker wrote in the suit.
Crooker has a copy of an ATF search warrant for files on the computer,
which includes a handwritten notation: =A8Computer lock not able to be
broken/disabled. Computer forwarded to FBI lab.=A8 Crooker says he
refused to give investigators the password, and was told the computer
would be broken into =A8through a backdoor provided by Compaq,=A8 which is
now part of HP.
It=B4s unclear what was done with the laptop, but Crooker says a
subsequent search warrant for his e-mail account, issued in January
2005, showed investigators had somehow gained access to his 40
gigabyte hard drive. The FBI had broken through DriveLock and accessed
his e-mails (both deleted and not) as well as lists of websites he=B4d
visited and other information. The only files they couldn=B4t read were
ones he=B4d encrypted using Wexcrypt, a software program freely
available on the Internet.
Despite the exposure of his e-mails, Crooker isn=B4t in prison on a
chemicals or explosives charge. Rather, he=B4s been detained for two
years on a single firearms charge because the judge thinks he=B4s too
dangerous to let out on bail.
A six-page rap sheet included in his firearms charge file lists
arrests going back to March 1970, when he was 16 and committed an
armed robbery while wearing a ski mask, according to the Springfield
Republican. In 1977, he was accused of threatening to kill President
Gerald Ford; he was cleared, but convicted of mailing death threats to
the police chief of Southwick, Mass., where he grew up, and to a
probation officer. In 1986, he was charged with rape and attempted
murder; the charges stemmed from a phone argument with his wife, he
says, and were dropped. In 1993, he plead guilty to a conspiracy to
possess guns, witness tampering -- he admits he blew up a witness=B4s
car -- and IRS fraud. He and an accomplice had filed about 70 false
tax returns and pocketed the refunds.
The judge who ordered him to remain incarcerated described Crooker as
=A8a real threat to the community at large, if not particular
individuals as well.=A8 The judge wrote that prosecutors believe Crooker
has made ricin in the past; that he is accused of keeping three
hundred rounds of ammunition at his parents=B4 house; that in letters he
refers to Timothy McVeigh as a =A8martyr=A8 and =A8expresses admiration for
Osama bin Laden=B4s brilliance.=A8
If the government agrees Crooker is so dangerous he can=B4t stay at home
while he awaits trial, should he be allowed to use purportedly
unbreakable computer security systems to hide potentially criminal
Because of cases like Crooker=B4s, some might argue the government
should have access to security backdoors to discourage criminals or at
least catch them more easily, much as the technology in the movie
Minority Report allows police to prevent crime by arresting criminals
before they act.
Of course, Crooker does not agree. Sitting in a low-ceilinged prison
visiting room last week, his bright yellow prison jumpsuit hanging
loosely on his narrow six-foot frame, Crooker rifled through stacks of
legal documents and criticized what he described as HP=B4s deception in
not admitting up front that DriveLock was flawed, and in selling him
out to the feds.
=A8Even if it=B4s the CIA and the NSA, it=B4s wrong for HP to say, =A8we can=B4t
help you if you lose your password=B4,=A8 he said. =A8It=B4s causing people to
hide things on their computers, and they=B4re not secure.=A8
Crooker argues that by providing the FBI with a way to circumvent
DriveLock, and claiming the system was impenetrable when there was
actually a backdoor, HP committed a breach of contract.
We left a message for HP=B4s lawyer, Thomas W. Evans of Cohen & Fierman
in Boston, and got a call back from Ryan Donovan, a company spokesman
in Palo Alto, Calif.
=A8We don=B4t comment on pending litigation,=A8 he said.
In a legal response sent to Crooker but not yet available in court,
Evans says HP didn=B4t help the FBI, and argues it was unreasonable for
Crooker to expect that data he entered on the laptop would remain
inaccessible to others.
Crooker=B4s goal is primarily to get money from HP. He=B4s demanded
$350,000, and would probably accept much less. But he has also stepped
into a much larger debate over computer security: whether HP and other
companies are providing their customers with sufficiently strong
protection and whether the government should allow anyone access to
security systems so strong that even federal law enforcement agents
have a hard time breaking through them.
Crooker has spent many years in prison, but he=B4s had some success with
the law as well. In 1984, when he faced a charge of having an
unregistered machine gun, a federal District Court panel reviewed his
claims that he should have access to certain ATF documents. Although
he ultimately didn=B4t get everything he wanted, the judges ruled ATF
hadn=B4t given a specific enough reason for withholding the documents,
and Crooker v. BATF became an important footnote to discussions of
Freedom of Information law.
In his current criminal case, he argues that although the silencer
would fit on an actual firearm, it was only intended for use on the
air gun it was attached to. =A8You wouldn=B4t believe the hearings and
motions we=B4ve filed on this,=A8 he said.
He knows firearms law inside and out. He=B4s published a pamphlet called
A Felon=B4s Guide to Legal Firearms Ownership , which you can buy online
But his lawsuit against HP may be a long shot. Crooker appears to face
strong counterarguments to his claim that HP is guilty of breach of
contract, especially if the FBI made the company provide a backdoor.
=A8If they had a warrant, then I don=B4t see how his case has any merit at
all,=A8 said Steven Certilman, a Stamford attorney who heads the
Technology Law section of the Connecticut Bar Association. =A8Whatever
means they used, if it=B4s covered by the warrant, it=B4s legitimate.=A8
If HP claimed DriveLock was unbreakable when the company knew it was
not, that might be a kind of false advertising.
But while documents on HP=B4s web site do claim that without the correct
passwords, a DriveLock=B4ed hard drive is =A8permanently unusable,=A8 such
warnings may not constitute actual legal guarantees.
According to Certilman and other computer security experts, hardware
and software makers are careful not to make themselves liable for the
performance of their products.
=A8I haven=B4t heard of manufacturers, at least for the consumer market,
making a promise of computer security. Usually you buy naked hardware
and you=B4re on your own,=A8 Certilman said. In general, computer
warrantees are =A8limited only to replacement and repair of the
component, and not to incidental consequential damages such as the
exposure of the underlying data to snooping third parties,=A8 he said.
=A8So I would be quite surprised if there were a gaping hole in their
warranty that would allow that kind of claim.=A8
That point meets with agreement from the noted computer security
skeptic Bruce Schneier, the chief technology officer at Counterpane
Internet Security in Mountain View, Calif.
=A8I mean, the computer industry promises nothing,=A8 he said last week.
=A8Did you ever read a shrink-wrapped license agreement? You should read
one. It basically says, if this product deliberately kills your
children, and we knew it would, and we decided not to tell you because
it might harm sales, we=B4re not liable. I mean, it says stuff like
that. They=B4re absurd documents. You have no rights.=A8
Schneier entered the field of computer security as a cryptographer. He
invented an algorithm called Blowfish, which is used in many software
programs including Wexcrypt, which Crooker used on some of his files,
and which the FBI has apparently been unable to crack.
In recent years Schneier has been a prominent critic of most computer
security schemes, saying that they=B4re not reliable in part because
companies aren=B4t financially liable for failures. He described
Crooker=B4s lawsuit as =A8kind of funny.=A8
=A8Part of me says, =B4Well, go get them,=B4=A8 Schneier said. =A8Because the
industry, for years, makes all of these false promises. So here=B4s
someone who=B4s saying, =B4Look, goddammit, I believed them, and I got
arrested,=B4 or something. So that=B4s kind of neat, actually.=A8
Online, self-declared computer geeks have discussed at length how to
unlock DriveLock=B4ed hard drives. The general consensus is that, unlike
many computer password systems, DriveLock is a hard-drive-only system,
a technology added to the drive, rather than a routine in the computer
software. Only a chip on the hard drive knows where the password is
stored, and the chip simply will not allow the drive to spin if the
password is not provided. Putting the drive in a different computer,
or tinkering with computer system files, doesn=B4t help. Encryption
isn=B4t the problem, either: your files may just be sitting there, in
readable form, but the drive refuses to work.
The computer geeks seem to throw up their hands at devising a
home-office method of getting around DriveLock. However, in a =A8clean
room=A8 laboratory setting it should be possible to take apart a hard
drive and scan the platters where magnetic information is stored.
A few companies advertise password removal services for a fee, such as
Nortek Computers Limited, in North Bay, Ontario, Canada. For $85, the
company will simply erase your hard drive, which removes the password
and at least makes the drive useable again. For $285, the company will
copy your information off the drive, wipe the drive, and put the
information back on, sans the password, said Chris Boyer, a support
specialist at Nortek.
He wouldn=B4t describe how it=B4s done, except to say that some computer
drives can be penetrated using =A8non-invasive=A8 methods, while others
are more difficult. =A8There=B4s quite a bit involved, engineering-wise
and facility-wise,=A8 Boyer said. The company is alert to suspicious
clients who seem to be trying to break into someone else=B4s computer,
and keeps records of device serial numbers, he said. It has removed
passwords for law enforcement agencies in the U.S., Canada, England,
Denmark and other countries.
The availability of commercial password removal suggests HP may be
sincere when it says it didn=B4t help the FBI. But Crooker said that=B4s
no obstacle to his lawsuit. =A8Why are HP and Compaq still advertising
this DriveLock system when they have to know about the Canadian
operation for $285?=A8 he asked. =A8They=B4re lulling us into this sense of
security, when for $285 it can be exposed? It ain=B4t right.=A8
In the recent past the federal government has attempted to build in
backdoors to certain computer systems: In the early 1990s, the
National Security Agency tried to require the installation of a chip
in phone transmission systems, so agents could eavesdrop on encrypted
conversations. The Electronic Frontier Foundation and other civil
liberties groups attacked the proposal, which eventually died
(although recently AT&T reportedly allowed the NSA to monitor millions
of phone calls without warrants, using specially installed
So while DriveLock may not be wholly secure, software that uses
Blowfish and other encryption methods remains widely available. To
civil liberty advocates, that=B4s good news, even if it means
individuals like Michael Crooker can hide their secrets from law
=A8Encryption software is becoming a very ordinary thing. That=B4s a very
positive development in terms of limiting the erosion of privacy in
certain ways,=A8 said Seth Schoen, a staff technologist at the
Electronic Frontier Foundation.
Crooker said he understands the argument for allowing the government
to penetrate computer security systems. =A8I can see both sides of it,=A8
he said. But that doesn=B4t mean he=B4s letting HP off the hook for
pretending DriveLock was really secure.
That=B4s a point security experts would agree with: undisclosed flaws
are the Achilles=B4 heel of any security scheme, because then the user
of the system doesn=B4t even know what kind of incursions to watch out
For Bruce Schneier, the key to preventing such flaws is the kind of
legal liability that Michael Crooker is trying to create, forcing
companies to pay though the nose until they develop security that
=A8Unfortunately, this probably isn=B4t a great case,=A8 Schneier said.
=A8Here=B4s a man who=B4s not going to get much sympathy. You want a
defendant who bought the Compaq computer, and then, you know, his
competitor, or a rogue employee, or someone who broke into his office,
got the data. That=B4s a much more sympathetic defendant.=A8
Copyright =A9 1995-2006 New Mass Media. All rights reserved
InfoSec News v2.0 - Coming Soon!