It seems pretty clear from the court documents that the Scarfo keyboard logger only recorded keystrokes. We don't have details ("classified," "national security," "CIPA") but the exhibit introduced as evidence shows backspaces, up-down arrows, and other functions you'd normally associate with keyboard entry only.
That does not mean that they were using only a primitive BIOS level logger. A GUI-interceptor would generate a huge log of activities; you would just pipe it through grep TYPE: KEYBOARD-INPUT or something and it would give you the same thing. It doesn't really matter, because GUI-interceptors are off-the-shelf things, so if they felt they needed it, they would get it. It's all pretty basic. Bottom line: If your attacker gets access to your hardware without you knowing it, and he has resources and a clue, he wins. The threshold for "clue" and "resources" in this case is very very low; maybe $100 to install your basic hardware keylogger.