Slashdot Mirror
Computers, Court, and Fingerprints
Degrees writes "Should Law Enforcement be allowed to Photoshop fingerprints? That is the question posed in this article in the South Florida Sun-Sentinel. The suspect is charged with murder, and the evidence was circumstantial before the fingerprint enhancment. At the end, the crime scene investigators say they want encrypted cameras. The implication is they want DRM-enabled digital cameras with software for full audit-trail capability. Would that make the Photoshoping more credible? Would DRM cameras be a good thing for Joe Citizen?"
They've tried this with audio before, notably in the Waco cases. The court rejected it then. Hopefully they will keep rejecting it. Such digital enhancement might be useful for getting leads, but the result isn't evidence; it's just a computer-assisted guess.
I don't want them tracing those nude pictures of my 17 year old girlfriend back to me... I prefer to just put them out on gnutella for all to see anonymously! ;)
What are we going to do tonight Brain?
Wait... so they can crack the encryption?
Nothing is flawless, any form of encryption can be cracked.... all you need is time.
It would give the community a false sense of security. Just becasue id has DRm doesn't mean anything. Evidence should not be tampered with.... PERIOD
Hey, this is my sig, if you don't like it, STOP READING MY POSTS!
I've always wondered about cases where digital evidence was envolved. We have no way of knowing if the files are tampered with or otherwise altered, and I really doubt they'd let us compare (in this case with actual fingerprints.)
I think that guy that was on trial recently for the disappearance of that girl didn't surf for child porn, the cops did... then changed the dates on the files to cover their own butts.
It's easy to stand out when the general level of competence is so low.
I saw this on the discovery channnel I think they showed how all the cop did was enhance the image with photoshop. All he did was apply a custum filter to enhance the image he didn't add anything to it or change it just brought out what was there by filtering out the background. I was very obvious if you saw the show that it should be perfectly legal .
http://Lenny.com
I could to that!! Get a print of my enemy, photoshop it and presto, we've got a conviction! Do the judges have any idea what can be done with Photoshop in the hands of someone who has used it before?
At least the war on the environment is going well
Photoshop the fingerprints so the ridges and whorls are real big.
Like double D's or so.
Best Windows Freeware
...just as long as they don't go effect happy and start making lens flares and drop shadows and start saying "l00k 47 my 31337 gr4ph1x" during court room proceedings.
To make a pun demonstrates the highest understanding of a language
DRM is about taking options away from users. This is about providing users with a new option: a strong audit trail. You can make a copy of the image using non-auditing software, but that copy of the image would lose it's "seal of approval." The original would remain valid. The end result: cops can make any copies and image manipulations they want that may help them solve a case. But in court they'll only be able to present images with the valid audit trail, ensuring that the image was never mishandled and clearly showing what manipulations were done to it. It sounds like a great idea and I strongly support this option for users. (I am suspicious that it may not be possible... but I'm happy to let people try.)
Search 2010 Gen Con events
This kind of technology sounds kinda scarey ... just like in the (horrible) movie, Judge Dread. Yes, the technology could help police and law enforcement to solve crimes that would otherwise possibl be unsolvible, BUT is it worth it? I see the opportunity for a very hatefull person to set up someone for a crime they didn't commit ... and for the evidence to be used against them in court! Yes, this does exist today, but atleast there is a CHANCE that the person falsifying the evidence COULD get caught. How could this person get caught if he is permitted to MAKE evidence?
... which could also be used AGAINST the prosecution in what would have otherwise been a solid case ....
Its a good idea, but this DEFINATELY leaves a resonable doubt as to whether the evidence is real and legit
Bottom line: too much risk for too little benifit.
HallmarkOrnaments.Com
Just google a bit and you can see he's right.
get it? google?
haa haa ha ha ah never mind
Best Windows Freeware
The only way this can be seen as useful is if the person who is "cleaning up" the fingerprint has no idea who the print belongs to and where the print came from. Considering all the prints the law enforcement must deal with, it would be hard to assume the print a tech is working on is for a high profile murder suspect or a car thief.
That way it removes the ability to "doctor" prints to match what the cops want, and it adds a valuable tool to the investigative process.
If this process involves the tech working on a print, with the "target suspect" print available to him, I'd cry foul in an instant.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
One of the biggest questions about the new technology is: Could a skillful technician create or copy a suspect's fingerprint and frame someone by making it look like that fingerprint was at a crime scene?
Here's an idea: Get a copy of the print image, find somebody with Photoshop skill, get them to alter the image to show judge's/prosecuting attorney's/etc's print; evidince (hopefully) supressed when the judge realizes how easy it is to fake 'evidince' that way.
Thats why the term is 'reasonable doubt'. The DNA technician can lie. The blood can be planted. You can doctor an analog photo just as easily.
I've mentioned before that I design, write, and support police records software. I know how important audit trailing is to them, I was up until 3 AM last night debugging some of it.
We've even been approached with this very idea, audit trailing and securly storing digital photos. (Not just fingerprints)
This is about showing a factual list of who had access to the photo, exactly what they changed, and when. If pixels were added, it'd be on the trail. If it was lightened, darkened, it'd be on the trail.
The reason is simple. The jackass lawyers who think the constitution spells out their job as 'get the client off, no matter what it takes'. Another rant entirely, but rigorous defence doesnt mean knowingly lying and misleading a jury.
Police are constantly accused of lying, tampering with evidence, planting evidence, in stupid cases like misdemeanor posession of pot.
So when Mr Defense gets up in front of the jury, with Mr Cop on the stand, and says "Isn't it true that anyone could have altered those photos?", "Mr Cop can say, here's an itemized list of every enhancement, change, and view of the photos since they were taken.".
If Mr. Defense is stupid enough to continue, they can present sworn depositions from people like me (who created the system) testifying to the authenticity of the data.
Of course - it'd go both ways. If Mr Defense truly thinks BeatCop O'Malley doctored the photos, someone like me could likely prove the when and how.
This isn't a bad thing, or about stripping rights. It's about helping to secure the right to a fair trial.
I don't need no instructions to know how to rock!!!!
The only thing the DRM or encryption would do is provide yet another means of tracking the files -- but it sounds like they are already using safeguards there. All versions, the user, and the duration of use are tracked. Those are the same, or in some cases better, than protections of physical evidence.
They don't need DRM cameras or higher cost encryption schemes. They need the same arguments that first allowed for fingerprints, DNA testing, and other new technologies in the courts.
frob.
//TODO: Think of witty sig statement
some thoughts..
* Anytime you use encryption or digital signatures, it's not "DRM". It's not like these folks want to restrict copying of the pictures, or track people who see the photos, they do that by keeping the pictures within their labs. The encryption is so they can show in court that the picture was not tampered with. When you check the signature in your linux package files, that's not DRM, that's something for your own benefit.
* I was recently looking at Canon's latest EOS-1Ds camera, which has a "Data Verification Kit" encryption module available. You put a smart card in a reader and every shot is digitally signed in the camera. So this stuff is available and hopefully the forensic photographers will begin using it. Of course a malicious photographer might change the software in the camera somehow but hopefully the module checks for that.
* Dodge & Burn tools should probably *not* be used.. they allow you to darken/lighten specific *areas* of the photo, which could be dangerous. When enhancing evidence they should only allow *global* changes like overall brightness or contrast, etc. Or at least they should send the evidence to three or more independent labs, who don't know anything about the case, and let each version be seen in court. That way there's less of a chance that someone will doctor the evidence for a specific outcome. And of course the whole workflow needs encryption and signatures.
* Evidence can always be tampered with. The digital signatures just make it harder, and hopefully at least as hard as it is now in the non-digital world.
Note that this is "trusted computing" in service of the owner of the computer (in this case the police department and department of justice rather than the individual operator). The fundamental difference is that the owner of the computer is the one asking for the trusted service, rather than some other entity that does not trust the owner of the computer.
Bruce
Bruce Perens.
Speaking as a member of the Law enforcement community, I see how increasingly difficult it is to get a good solid conviction.
This is just playing with fire. The encrypted cameras sound like a good idea, but I think that you need to have more solid evidence. Video cameras in squad cars is a great example. When you can get a drunk to admit how many beers he has had on video tape while conducting a field sobriety test it is pretty easy to refute his claims in court that he was just driving home from grandma's house and got a little tired.
The thing is, maintaining a trail of custody for the photos I think would be much harder, therefore easier to refute their validity in court. And any time you start messing with anything remotely related to being circumstantial evidence, you might as well just throw the case out the window, cause thats just what the judge is going to do.
It is going to be hard to convince people that this is a technology with feasible use in the courtrooom after they have seen pictures of OJ wearing ducky slippers.
At first I thought this was a humor post ("AI that would prevent taking pictures of naked women"?!? I mean really.) but then it occoured to me that you might actually be serious. So, for just a moment, I'll step back from inflamatory language ("sick-men", "villany") and silly ideas (the aforementioned AI) and try to address your comment.
What you're proposing is that there should be a technological to what is, at it's heart, a moral problem. If you're looking at this from a moral/religous standpoint (and it sounds to me like you are) then you must recognize that you haven't solved anyting by taking away the option to engage in this sort of immoral behaviour (I'm assuming, for the sake of the discussion, that audit trails would, in fact, stop this sort of breach of trust from occouring - though in all honesty I think that's a deeply flawed assumption). Certainly the specific behaviour might have been prevented, but the underlying issues which allow someone to ignore or abuse their spouses trust, etc. still exist and have, in fact, been completely ignored. In the end all you'll end up doing is changing the specifics of the situation, but breaches of trust and sexual compulsion will continue. No amount of DRM can address the reasons that someone seeks out bad behaviour.
Of course, as I mentioned, DRM and/or audit trails won't do much to stop the unauthorized publication of such photos. It certaily won't stop one spouse from coercing/manipulating/etc. another to take the photos in the first place. In no way will it account for those who initially think the photos are a good idea but later change their minds. And finally, it's complete bunk to even begin to think that an audit trail will force anyone to "confront thheir odious addiction", and it certainly won't save any marriages.
The bottom line is that if a husband thinks so little of his wife and their relationship that he would violate her trust in sunch a way simply because he wouldn't get caught then the marriage is in serious trouble regardless. Technology is amazing stuff, but it's neither the cause of, nor the solution to each and every modern problem. I think people forget that too often.
Behold the Power of Cheese!
That's funny, I posted a link to the appropriate info yesterday, here it is again
Here is a good article that covers a lot of this
The "Authenticity Crisis" In Real Evidence
Scientific Evidence Review
10.1.2001
You might also be interested in the KODAK Picture Authentication Module [kodak.com] which uses PKI in a camera.
If I post before the story goes up is that a "Zero Post "?
Having been involved in traditional analogue photography for 30 years, I can tell you that I'd trust one of those Kodak cameras more that say a 35 mm Ektachrome Transparency, or worse yet, a color print. A while back Polaroid was blowing out a digital printer that output on spectra film for 30 bucks. I considered buying it for all sort of practical jokes and parking ticket disputes.
Well, that's easy enough; make 'digital film.'
By that, I mean write-once PROMs that can be popped into a digital camera; they can hold x number of pictures, and when you click the button, the picture gets burned right into the PROM.
Burn in a checksum or something as well, and you can tell if bits were removed. Build it so that it's not random access, and you can't swap bits around or anything.
Sure, you'd need another system if you WERE doing enhancements or changes or anything, but the ability to pull out a PROM chip and say 'here is the original photo, guarenteed unaltered' would be good.
Vintage computer games and RPG books available. Email me if you're interested.
Guys, encryption and DRM are not the same thing at all.
What's needed here is a "tamper-proof" digital image format, one that can't be modified or that can't be modified without leaving a record. Think checksums and digital signatures here, comprehensively applied. The same thing will be useful not only in criminology but also in medical imaging and lots of other areas as well.
DRM has nothing to do with "tamper-proof" data. DRM, which stands after all for "digital rights management," is simply a catch-all term for any technology that serves to capture rights as metadata, and possibly control access to media according to that metadata.
As I've written before, DRM is most important in the commercial TV broadcast space. A TV station buys a "rights package" for a syndicated program, and has to pay a very large fine if they violate the terms of that package. (Say, if they show the program at 10:00 AM when the contract says they can only show it between noon and midnight.) DRM in that arena will be a life-saver for those kinds of folks.
I know this is Slashdot and ungroupthink is doubleplusungood, but DRM is not a dirty word, and DRM and "tamper-proof" media are not the same thing at all.
I write in my journal
It doesn't (as far as I could see) mention DRM. It only talks about being able to follow who did what with the information.
However, even the system of encryption, et al which is being proposed doesn't really do much. First, is the machine picking the randomly generated password or the person picking an easily recognizable password as in this problem.
Second, the machine (whether it be a camera, computer, or nightstick) doesn't have intelligence built into it. Thus, it would allow anyone who knew how to work the machine (and could guess the passwords) to alter the information. Even the fact that the computer is smart enough to make a copy of the original doesn't mean anything. If someone knew how the program worked - they could (and would) alter the original as well as the copy.
Until machines become self-aware or at least are aware of what someone is trying to do to them - we will not have a "good" way to stop fraud. (I say "good" because even then we will probably have some way to circumvent/unplug the smarts from a machine which puts us back where we are currently.)
Thoughts:
If the police want a more fullproof method of maintaining equilibrium in the establishment of, and verification of proof. Then they will need to greatly improve how that information is handled. A network (probably made up of Linux boxes) which are attached to a central repository and to which they can send information but not retrieve information (ie: a blind send) would be a step in the right direction. Information would only be retrievable from the main console connected directly to the centralized hardware. Also, files can not be deleted from the main system until the files have been backed up to a reliable medium (such as CDs/DVDs/tape). Otherwise, the system simply allows a user to register updates and nothing else.
Someone put a black hole in my pocket and now I'm broke.
Let's not get our collective panties into a bunch, people. 'Framing people' existed long before Vic Mackey picked up the local Yellow Pages to interrogate a suspect and Jack Bauer found another use for a bowling bag.
This is case of a another facet of technology that can be used by a Corrupt Offical For Nefarious Gains[TM]. If it exists, it will be used. And it will be allowed only when those in judgement allow it to be used.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Why not just create a version of Photoshop that can only do things like contrast, burn, etc? Remove the tools that allow image modification entirely, and sell it to police forces as a way to get around this problem.
I see a software niche....
Image transforms do not add information to an image, they just make it easier to see the information which is there (try using Photoshop Auto-level to make an image of bill clinton shaking hands with an alien). Using dodge and burn over an entire image or a large area of it will not let you change fingerprints, just make existing ones easier to see. However, if you go into photoshop and use a one pixel burn brush you could draw lines with it. This is why it's important that the person doing the image processing isn't also doing the fingerprint analysis. It's like medical imaging- the imaging tech generates a good image, the doctor decides what it means.
As for the 'As if by magic' and 'psuedo-science' bits in the article, those are irresponsible hype. It's like saying you expose film in a camera, develop it, and an image appears as if by magic. If you didn't know how a TV worked, you'd think that was magic too. As for the unrepeatability of results, no two people using fingerprint dust will get exactly the same results. Same with a photoshop brush. If you brushed the same areas in the same ways, you'd get the same results, otherwise not. Duh.
This does bring up a point of repeatable, localized image processing. My guess is it wouldn't be too hard to get the GIMP to record all brush strokes. It surely stores their results for the undo option. How hard would it be to output an XML encoded series of operations along with the output image? Then if there's any question as to the usability of the results, someone can start with the original image and apply the same set of operations one at a time. Maybe add image cryptosigning, and sell linux+gimp boxen as forensics tools.
Finally, i'm surprised there isn't a standard government issue image transform system. NIH Image might be a good place to start, or just a front end to matlab's image processing toolbox which is luser-friendly and keeps usable, crypto-signable records of each transform it does. As long as there aren't any brushes, no expert witness in image processing is going to say you could doctor prints.
I'm pretty sure what makes it a word is having the other person or people understand it without explanation. Even if you don't know what Photoshop is or what one does with it, the meaning of "photoshopping" can certainly be glorked from context.
I write in my journal
First off, IANAL, and IANAForensic expert of any sort. I have used photoshop for years. And I've worked on software projects requiring government certification. These are my opinions.
;)
That said, DRM does not apply (you are certifying the source here, not caring about end user rights). Photoshop is way too broad a tool, with too many abilities to create your own content. As for a digital file, don't put that in your mouth unless you know where all it has been.
What you would need would be image processing (not editing) tool, preferably specific to enhancing fingerprints. The best thing would be a self contained fingerprint enhancing appliance, with scanner, printer, and built in algorithms. The fingerprint would be scanned in, enhanced, and then go back to the real world as a watermarked print that could be taken to court with the device's serial number and the original fingerprint.
The device would of course be fully certified to do exactly what the court would admit. And that is the ticket: you need a fully controlled process that can be examined at every step with a fine tooth comb by some agency of the court to prevent forgery of evidence. You also need to link the evidence to the specific machine, so it can be hauled into court and publicly verified that it hasn't been tampered with.
Of course, to make Slashdotters happy, the device could run embedded Linux, and use Gimp routines, as long as you could find somebody to fill out enought paperwork to keep a certifying agency happy. A few boxcars would do.
This device would not be a consumer or pro graphics device. So there is no need (or even desire) to burden the public and the pro graphics community with the requirements of forensic evidence.
"The thousand year dragon king: King Ghidora."
Yuri, "Godzilla, Mothra, King Ghidora: Giant Monsters All-Out Attack"
Don't forget King Ghidora's birthday is tomorrow.
Of course, you don't need Photoshop to fabricate evidence. It's just another tool that can be used.
A lot of people have complained that who knows what the authorities might do with Photoshop -- enhancing evidence and such. That's a valid point but you should take a step back and realize how scientifically flawed fingerprinting is in the first place. (In my opinion, of course.)
Fingerprinting came about around the turn of the twentieth century as a replacement for a failed biometrics system, in which certain mesaurements of a person (size of head, length of arm, stuff like that) were being tabulated, and recorded to make a database of known criminals. Problem is, two people could have the same measurements.
Likewise, there is no "guarantee" that two individuals have the same fingerprints. Observation has shown that two people probably don't have the same prints, but that's no guarantee. I don't believe the medical community even really understands what makes fingerprints "grow" in the first place.
Fingerprinting is not a "science" in the way physics, chemistry, etc. are. (Legally, this is called the Daubert Test.) Where is the peer review? If fingerprinting were truly a science, as American courts have determined science to be, the national fingerprint database should be publicly accessible. It is not. The formula/algorithm by which fingerprint examinters determine a "match" would be public. The method that the computer uses to match fingerprints would be public knowledge, but it is not.
I'm not trying to say that fingerprinting doesn't provide valuable evidence, and I certainly do believe that fingerprint evidence is a good indicator that somebody touched something. But is it iron-clad proof? No. And worse than that, is is a closed-source, proprietary system.
Were fingerprinting evidence to be invented today, the courts would probably not allow it. It has not withstood (likely it cannot withstand) the same sort of scientific scrutiny that DNA identification has. However, they have significant enough momentum behind them that even though they may not be an "exact science" they are good enough for the purposes of the criminal justice system.
Here are some good links:
Federal Judge Slams Fingerprint "Science"
Cornell News: Fingerprint Study
Latent Print Examination disagrees with most of what I say...Click the Ressam link...if you don't support fingerprint evidence, then you support terrorism!
Come on. The real reason they should not be able to Photoshop pictures of fingerprints is that they should have to use the gimp instead.
Let me try:
In this case, DRM means "this file is evidence, and thou shalt not tamper with it, nor allow others to tamper with it". There is no issue of rights (or lack thereof), but rather of data integrity and provenance. This, IMO, is a rightful use of DRM.
Would YOU want to be on trial based on an image that had received an uncertain amount of twiddling by persons unknown? Of course not. You'd want to know that the image was correct, untampered, and that no one with an agenda (for OR against the defendant) had ever had access to it.
This is really no different than maintaining the integrity and provenance of physical evidence. Say you're arrested for drug trafficking, but in fact you only had a bag of sugar. Naturally, you'd want to be completely certain this very same bag of sugar is the one brought into evidence and presented in court, and you'd want to be equally sure that no naughty persons had dropped a spoonful of coke into the bag while no one was watching.
Think of the image file as the bag of sugar, and all should become clear.
~REZ~ #43301. Who'd fake being me anyway?