BugWatch: Magic Lantern - not magic and not very bright

This week, Natasha Staley, of Sophos AntiVirus, discusses the implications of the FBI's Magic Lantern Trojan horse.

The FBI's recent confirmation that it is developing a Trojan Horse - codenamed Magic Lantern - has rekindled the debate over whether it is acceptable to use computer viruses for so-called good causes.

The 'e-bug' is reported to plant a keystroke logger on the target's PC and will allow the FBI to gather valuable intelligence in its continued fight against crime and terrorism.

However honourable the intention, the development of this Trojan represents a huge dilemma for the antivirus industry. Should it comply with the FBI by turning a blind eye to malicious code, or should it continue to protect its customers from all known malware?

For both ethical and practical reasons, it's doubtful that Magic Lantern will ever get off the ground and, even if it does, it is unlikely to achieve the desired effect.

Aside from the moral and legal problems associated with snooping, there are a number of practical reasons why Magic Lantern simply won't work.

Firstly, for antivirus vendors to know which Trojan horse to 'overlook', the FBI would need to provide a sample of the code. For security reasons, it is unlikely that this would happen.

So, how will vendors know which code is written by the FBI and which originates from virus authors with a chip on their shoulder?

In order to properly protect their customers, vendors are going to issue protection against any detected malicious code.

Even if vendors are made aware of the code, how will they know that their customer was the intended target of the FBI?

By planting a Trojan on the machines of those under suspicion, the FBI would essentially be placing a weapon directly into the hands of their enemies.

The code could easily be adapted and new variants created with far more sinister intentions in mind. Once the Trojan was released, there would be no way of knowing who would use it to spy on whom, and with what consequences. In an ironic twist of fate, the FBI could even find itself to be the victim of its own code.

It is also necessary to consider the diplomatic connotations of using viruses to glean intelligence. It is likely that the governments of other nations would want protection against anything like Magic Lantern. Understandably, these institutions would argue that the FBI has absolutely no right to spy on them.

Would antivirus vendors issue them with protection as well? And what if British, French or Italian law enforcement agencies decided that they too would develop something similar to Magic Lantern?

If we turn a blind eye to the FBI, surely we would have no choice but to do the same for other agencies?

Of course, the FBI could make a success of Magic Lantern by basing it on undetectable code. However, the bad news for the Feds is that it has been mathematically proven that writing such code is impossible; everything leaves a trace.

Ultimately, if this Trojan is going to work, it really will have to be magic.