Slashdot Mirror
Worried about Digital Evidence Tampering?
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
make digital evidence inadmissable. Photoshopping/gimping/email fraud/video editing is becoming too easy and too difficult to trace.
There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.
Heck, where I come from not even regular (=non-digital) photos et al. are admitted as evidence in court - because they are too easily tampered with.
Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.
Yes, but then the question of "what is tampering".
There are actually cases of people photoshopping fingerprints to "bring them out".
Is that evidence tampering?
What if they just use a large burn/dodge tool? what if they just use a small one?
Where is the line?
If tampering is possible, even if it's unlikely, there will always be an out for people who don't want to believe evidence.
In practice, the rejection of valid evidence will probably be a bigger problem than the creation of invalid evidence.
Seems kinda funny, the more you know about technology, the less trusting of it you are. Seems a bit like long time cops that remain paranoid for years after leaving the job. Witness electronic voting regularly get scoured here, as do other forms of tech that are supposed to be accepted as "unquestionable".
At first, photography wasn't accepted right away, and it shouldn't have been. I mean, if I were to persuade you in trying my new revolutionary kind of car, which could put your life at risk, wouldn't you want to have enough details about the risks involved before making the decision of buying the vehicule? I sure would.
DrkBr
modify ONLY copies
originals all go onto read-only media
checksum religiously
WRITE GOOD POLICY for maintaining digital evidence...and post it before you start using digital media. Review it once a year, or more often to revise for unforeseen issues. Educate your detectives, and your Asst. DA's.
Rinse, later, repeat.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
oh brave new world, that has such people in it!
I think anyone who knows ANYTHING about computers would tell you that there is no guarantee of security or stability.
Lawmakers should take this into account and require the prosecution or plaintiff show beyond a reasonable doubt that the data can in fact be reasonably trusted and has not been handled by an untrusted or malicious party.
Overall, this question raises a lot of issues. But I feel the courts need to decide on a set of guidelines that can be used to assure the jury and the defense that the evidence presented to support accusations can in fact be trusted.
Because who's to say an overzaelous prosecuter didn't hire someone to "put" something on the suspect HD?
But even then the courts might have a hard time ahead. Already we've seen cases that raise this question in which there can be no "safe-guard" and in fact the defense relies upon the exploitablity of software. This was demonstrated in the kiddie porn trial in the UK in which the defendant got aquitted because his lawyers successfully argued that a virus planted the porn on his PC.
Ulitmately, it is double-sided issues such as this that are leading us down the path of Microsofts Secure Computing initiative. But that is a mission that is doomed from the start... history shows us that no matter how secure they make it, some one will break it.
We've already seen a few kiddie-porn cases in Great Britain thrown out because the machines had been compromised, thus making it impossible to conclusively prove that the individual arrested was responsible for the crime.
But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:
- secrets can be observed.
- "evidence" can be planted.
- activities can be spoofed.
Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.
Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).
Scary stuff...
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Actually, I found and read the article before slashdot posted a link to it. I also happen to know how tempting it could be for a lab tech to be told that the bad guy of the month could get off, and by the way just how clear can you make that photo with photoshop? It's ok to enhance a photo to give the cops a pointer on what direction to go in a case, as long as the enhanced photo isn't used for evidence. If you read the article you'll see they were talking specificly about enhancing photos that were to be used as evidence in trials. You did read the article, right?
Someone who is highly skilled in photoshop can easily manipulate an image well enough that even people in the image can't quite tell what if anything is different. This is quite common with photos used for magazine covers, advertising and the like.
Your Honor, the prosecution submits to the court Exhibit B, a photograph of the shark in question attacking a man dangling from the helicopter.
And here is Exhibit C, film footage where President Kennedy can clearly be seen saying "Congratulations, how does it feel to be an All-American?" to Forrest Gump.
You are in error. No-one is screaming. Thank you for your cooperation.
It seems like it except for one thing. This isn't a digital rights management issue. While the technologies may be similar they are not for the same purpose. DRM is used to make sure that people who do not have a right to a piece of data are unable to access it. This is an issue of information assurance. You want to assure that the image originally taken by the digital camera is the same one that you are looking at in the courtroom. One possible way to do this is to apply DRM to the image, but that isn't necessarily a perfect solution. Someone who has the right to alter the image just might do it. If nobody has the right, what happens when somebody needs to enlarge it or change the color or something?
The GeekNights podcast is going strong. Listen!
Every time science comes up with a new form of evidence (or even a new way of analysing old techniques), someone gets convicted because of a persuasive argument which blinds the jury with science.
It's happened with DNA, fingerprints, computer cracking.... Hopefully the technology is eventually ironed out such that this stops happening.]
Meantime, this is cold comfort to victims of such miscarriages of justice, or their families.
But it's two edged:
DNA evidence is now being used to clear people who have spent decades in prison for crimes they didn't commit.
At least if you have the death penalty the vctim of the miscarriage of justice (eventually) isn't in too much of a position to care.
And it puts them beyond reach of ANY correction, when technology advances to the point where it can discover and prove their innocence, winning them release (and millions in restitution for the false imprisonment).
See The Innocence Project for more.
I, at least, am totally opposed to the death penalty. Not because the crooks don't deserve it - most of 'em do. But because it's administered by a government, with at least the usual levels of incompetence, corruption, and misuse for oppression of any government project.
Mandatory life without parole has the advantage that you CAN bring somebody back if it turns out they were innocent. It's really hard to do that once they're dead. Also: It's cheaper, since you don't get as many appeals. And you don't get so many innocents plea-barganing themselves into long jail terms rather than risk death for a crime they didn't commit but can't prove it.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.
Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.
Ah, but they were written by someone who broke into your machine, used a keylogger to get your passphrase, and were sent by this other individual while you were out having a beer with your buddies.
Sure, you have a good record that the email was sent at 8:30pm, but, then you can't really prove that you were at the corner bar at that time. After all, will the jury believe the testamony of your drinking buddies, or a cold, cryptographically-secure computer log?
(Admittedly, this is less likely to be an issue in investigating a crime that has already been committed... but if it's a computer-related crime, the probability goes up.)
Eloi, Eloi, lema sabachtani?
www.fogbound.net
So let's say someone breaks into the MegaCorp computer and causes billions of dollars in damage and causes a few powerplants to go off line in the East Coast of the US during a heatwave causing many people to die.
Now let's say that the person who did this is found because he forgot to modify/erace the system logs and a criminal trial begins.
Now let's also say he hires Jacky Childs as his lawyer who asks the system admins, under oath, if the system logs are nothing more than common text files. Then he asks if it is possible that any of the admins could log on and edit that text file log. Unless they got the logs being directed to a line printer an constantly printed out, Jacky Childs just found his reasonable doubt. Good luck with the civil suits!
Seriously though, this could be a real problem one day soon.
Losing faith in humanity one person at a time.
I'm surprised the RIAA managed to settle so many of their lawsuits with little more than an IP address as evidence.
If DNA wasn't enough to convict OJ Simpson of murder then how can some digital numbers on a piece of paper be enough to find anyone guilty of sharing a file?
After all, the numbers could be forged, spoofed, mistranlated....and the burden of proof is with the plaintiff.
Um, yeah. Well, if they're encrypted, you either:
I think what he meant to say was checksummed and encrypted. While this does provide a reasonable degree of security against tampering, it in no way establishes that the pictures were real in the first place. It is a very trivial matter to write a CD today with a date of 01/01/1998.
Yes, checksumming does provide a reasonable degree of security provided other safegaurds are taken. However, defeating this scheme is still too simple. Consider:
- Murder takes place in 1998. Detective has a hunch that suspect X has done it, but can't prove it.
- It's 2004 - suspect X is arrested on an unrelated charge, and fingerprinted.
- Said detective takes pictures of X's fingerprints.
- He then sets the clock on his PC back to 1998, a few days after the murder.
- Then he downloads the fingerprints he's just photographed to the machine, and burns the photos to CD. When he's done, he sets the PC's date back to the current date.
- Said detective files the freshly minted CD in the 1998 storage locker.
A few days later, the detective suggests to his subordinate that he run X's fingerprints against the crime-scene database. Lo and behold! - suspect X's fingerprints match those found at the crime scene!Tell me I'm more secure now. Evidence fakery has been around since mankind learned to lie. The digital age just makes it more convenient.
The society for a thought-free internet welcomes you.
The media could always be replaced though, if someone had access to the device it was contianed within. Of course, some sort of tamper detection could be inscluded within the device itself. Since it would all come down to cost however, I beleive it would be extremely unlikely that any of these ideas ever get put into practice. Manufactures wouldnt take part unless required by law. The best solution would be to require a 3rd party observer (or someone representing the defence if possible) wheneever digital evidence is recorded.
Nope. We were talking technology. Not specifying country.
No, we're talking about the legalities of digital evidence under US law.
However i was talking this example to my friend, US based psychologist who is working for as an officially appointed expert. She said i would be probably OK. But she may be wrong, of course.
There are a lot of viriables to consider, but here's the basic situation:
If you never show those pictures to anyone else you would certainly be OK. Even if you did allow someone else to see them, you would probably still be OK, unless that person were EXTREMELY uptight and reported you. If you were to make them publicly available, like on the web for example, you would quite likely be arrested.
If it went to trial, I'd say you'd have an even chance in general, but it would depend very much on the community from which the jury was drawn and the laws of that area. Standards and laws regarding decency, obsenity, pornography, etc vary wildly from state to state. Indeed, the legal definition of obscenity is based on the standards of the community.
Age of consent is 15 in Czech and it is going to be lowered. It is as low as 12 in some European countries, including catholic Vatican. However it is OK to have sex if both partners are under this limit. I would bet, however I do not know any official statistic, that average age to lose virginity for a czech girl is under 15 these days, at least in large cities and certainly counting non coital sex pratices.
As I said, age of consent is determined by state law, not federal law. Here in California I believe it's 16, I know there are some states where it is 14, and there may be states where it is 12, though I don't know that for sure. 16 or 17 is always a safe bet, though if the age difference is more than 4 years it could still be statutory rape. Again, though, that varies by state.
Perhaps I should also note that it was illegal to produce pornography at all in California until less than 30 years ago (I don't know the exact date), when that law was challenged and struck down by the court.
That said, the average age when an American girl loses her virginity is probably also about 15.
The age for creating porn is however 18 but again, it is not used (or may be even does not apply) if people are taking pictures of themselves for their personal usage.
I've heard of people being prosecuted for child porn for having pictures of their infant taking a bath. That's an extreme case, and most of the time those pictures would be perfectly OK, but one always has to remember that it's based on the standards of the community as represented by the 12 people on the jury, and that the jury consists of 12 people who're too dumb to get out of jury duty.
it is either a country of hypocrites or a country of ascetics.
I wouldn't say we're any more hypocritical than the people of any other nation, just in our own particular way. The first colonists were Puritans, who known for being extremely uptight, and our laws still reflect that to a large extent, even though our society in general is rapidly degenerating into vulgar hedonism.
Under capitalism man exploits man. Under communism it's the other way around.