Slashdot Mirror
Worried about Digital Evidence Tampering?
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
Yeah, digital evidence tampering makes you worry about stuff like this
Visit Jonesblog and say hello.
My second-to-last year of college, I had signed a lease for a house just off campus for the next school year. It was looking forward to it because it was a nice house and I'd be rooming with my closest buddies.
Unfortunately, when we went to move in, the place was trashed and grossly out of code for the city/county. In an effort to be released from the lease, I took a bunch of photographs of everything that was wrong with the house, but I took them on my digital camera. I even brought my camera to a developer and had the photos professionally developed.
Nevertheless, I brought my pictures to a lawyer (school-subsidized, provided for student lessor/lessee problems) and he said that if I wanted to use them in any practical way, I had to go take the pictures again with a real camera (and you could _barely_ tell it was digital).
Fortunately, we had enough evidence that the landlord caved (and we all learned many valuable lessons about leasing, and the law in that time period).
A huge swarth of people who get convicted for life or death are poor and stupid minorities who are sentenced with usually little more than one person saying "I swear I saw the defendent...sure it was dark but I swear it!" The criminal justice system in the country (U.S.) is in such a poor state that I don't see how digital evidence is such a huge step backwards. Do you really think it would have been easier to free (or convict) O.J. if the photos of the crimescene were digital?
is there any way - besides dedicated locked up printers with numbered pages - that one can use to date and verify the authenticity of information? in such a way that will stand up at all in court? so far the only cheap way i know of verifying an idea is mailing it to yourself, but that requires going to the store for stamps... how 1998.
Myren
There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
... the fact that the jury recognized (and weighed most heavilly) was that the honesty of the law enforcement offical(s) was in serious doubt ... and quite frankly, often is.
... indeed, we even know of at least one case where the FBI insured that an innocent man was convicted of murder and sent to prison in order to protect their own informant.
... unless you want a scenerio where any Jury with any technical knowhow whatsoever will always vote to acquit, on the grounds that digital evidence is no more valuable than a he-said/she-said argument.
Bullshit.
This should matter a lot.
Mark Furman's bigotry was enough to create the appearance of "reasonable" doubt as to the veracity of the DNA evidence that unequivocably linked O.J. Simpson to the murder of his ex wife and her friend. Nevermind that the evidence was almost certainly NOT tainted or modified
Digital evidence is as fleeting as the wind. I can copy a file to your hard drive, make a phone call, and the assumption will be you're guilty. Or a cop could walk in with a CD, do the same thing, and convict you.
Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).
Similiar schemes might be applicable to preserving the integrity of digital imagry, video, etc., and it is very important that these issues be addressed.
We know that the police and the FBI do tamper with evidence. We know that they bear false witness in court
Law enforcement will tamper evidence on occasion, and making it easier for them to do so virtually insures that it will be tampered more often. In order to maintain (or even improve) the integrity of our justice system, we need to make modifying digital evidence as difficult (or impossible) as is possible, and we have numerous tools already to do so.
Dismissing this issue is foolish
The Future of Human Evolution: Autonomy
I work in the field, I create and deploy records management systems for police.
There's always an auditable chain of custody with all eveidence, digitally the product i use accomplishes it with encryptions and checksums. If an officer takes a pic out to alter it (they have to crop/lighten/darken mugshots so they look consistent for use in a lineup), his actions are logged, and a copy of the original is always kept. Just like checking stuff in and out of any CVS.
There are some digicams out there specially designed for the task which create special checksums and hashes to prove, mathematically that the image on a disk is the same one the camera took.
This is all tied to the officer who took the picture and entered it into the system, and ultimately would be held accountable for it.
If needed, I could be called on to swear an affidavid that the file hadn't been altered since taken/entered.
Now, for the most part, the agencies I've dealt with only use digital imagine for mugshots, and a few take digital shots of traffic accidents. But more and more are expanding the use of technology. 911 calls, and police radio chatter, being encoded to mp3 and permanently attached to the case file, stills from dashboard cameras, crime scene photos.
Frankly, you can prove mathematically with some simple tech these days that not even a single pixel in a digital photograph had been altered. It'd much easier to fake an old-fashioned analog photograph.
Of course, sleazy lawyers will wow clueless jury members with how easy it is to change things in photoshop, which they'll understand. And those jury members will be asleep when the mathemetician demonstrates that there's only a 1 in 400 kajillion chance of altering time image without changing the checksums...
I don't need no instructions to know how to rock!!!!
There is another problem for concern in this area. Law enforcement personnel are now relying almost entirely on digital recording for witness statements and suspect interviews. If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
I've often thought it would be useful for digital cameras to provide an option of signing all images with a camera-specific private key stored in a tamper-resistant chip. That would allow third parties to verify that the image file had not been altered after the fact.
Mea navis aericumbens anguillis abundat
that CNN is publishing this story; back in the late 1990s, they stole a frame from one of my computer generated animations of a pulsating star, and put it in a story on their website. They tweaked the colourmap a little, but apart from that the image is identical to my original animations.
They even had the gall to claim the copyright for themselves. Bastards.
Tubal-Cain smokes the white owl.
If you are interested in verifying images I'd check out veripic. I don't know all the details behind it, but it seems like they are able to tell if the image has been modifed. From what I remember, the requirement is that you have to specify which digital camera it was taken with.
http://www.veripic.com/certified
My guess on how they do it would be by checking how the image was encoded? any ideas?
(referring to the parent post, not the grandparent): b b witch hunt.
ok, so the FBI raids someone's PC on suspicion of kiddie porn. Now, the PC has been out of the hands of the suspect. What's to stop the FBI from planting kiddie porn on the hard drive? And will it, in the end, even be neccessary to find porn on the hard drive? Links might be enough (links that might have resulted from IE's insecurities, for example?)I truly despise child pornographers, but are we heading for a police state in the name of anti-terrorism and anti-kiddie porn?
Maybe DRM actually makes sense in this context. I would rather be unable to get porn at all than be prosecuted for planted porn. (the OS could be programmed to reject any files that have porno-like meta-data in their headers, or however DRM works). Granted, this solution would keep all porn (including "legal" porn) out, but it would solve the problem.
I seem to recall a case where this issue came up. The guy had a bunch of drawings and computer generated kiddie porn, and he was convicted and upheld on appeal. Even though his lawyer was able to prove there were no "actual" children harmed, he was convicted on something like "attempted child endangerment". I wish I could recall he details.
Save a Life. Donate Blood. Please.
I think the public, as a whole, doesn't understand the real possibilities and liklihoods of digital tampering. It's like magic to some people because it can't be "seen" in many circumstances without a lot of frightenly intelligent people interpreting the evidence FOR them. That scares people, because people don't like what they don't understand. Period.
If you asked the average juror what the signs of digital photo tamering are, they be baffled to answer. The bottom line is that this will be used by defense lawyers to plant the seed of doubt in otherwise ignorant minds (concerning digital media.)
Just because it is (perhaps) easier to tamper with pixels than crystals on substrate, doesn't mean it's going to happen more often. Better yet, if people don't understand that digital evidence is subject, but not PRONE, to tampering this myth will continue to perpetuate.
Maybe I'm wrong with my conclusion that it is not more likely, but it certainly isn't a new issue. In fact, I worries me that it's brought up in the context of a new issue because that just perpetuates a legacy of ignorance... and if you read the article you will find out that the issue is MUCH more a case of poor evidence. If the only evidence a prosecutor has is a previously unidentifyable fingerprint, and suddenly they can identify it, you're going to get skepticism. Furthermor, if that's the only evidence they had on the guy then there's no way you can prosecute on inconclusive evidence.
The professor was able to reproduce the visual effect that occured when the scientific software processed the finger print. I hate to say it, but SO WHAT? I happen to be an experienced photoshop guy, and artist, but just because I can reproduce what I see, doesn't mean the scientific process involved is invalid. I'm concerned about this kind of defense approach, because it involves voodoo...
I'd propose that a series of laws clearly define what is digitally permissable based on established algorthms. If a new one is created, it must pass through a panel of reviewers and eventually be passed into law before it can be permissable. In this way, there would be far less "reinvention of doubt" every time a digital photograph is brought into a court room that has a couple filters run on it.
It would probably involve a series of check and balances at each stage of processing, too.
"Politicians find new names for institutions which under old names have become odious to the people."
The thing is, if someone can tamper with the image, they can tamper with the md5sum as well. In your solution, the md5sum is useless, it's the write only memory on the camera that is actually providing your security.
I read the internet for the articles.
[in regards to photo fakery]
"Sure, it's a little easier, but it's not something we suddenly can do that we weren't able to do previously. "
It's not only easier, but with a little work, you can get much more convincing results than with old analog techniques. Each year, the tools only get better. Sure, in the hands of an idiot, even the best tools will create crap, but someone with a bit of skill can create something with very little artifacts. In some cases, photographers have been accused of cooking their pictures because their images are too perfect.
I'm sure we all see/hear about this stuff while people close to us are complaining about their jobs. If we could only reduce screw ups by 5%, I imagine the world economy would take off.
[Fuck Beta]
o0t!
"It's not hard for experts to detect Photoshop fakery, even if amateurs can be fooled. If you move objects around in the picture, you'll never be able to get every cast shadow right, or get the lighting of the removed objects right."
Sadly, 'experts' proved that the moon landing was faked, too. Shadows cannot be easily disproven because of things that are happening off-camera.
The best you can do is detect use of a filter algorithm. Gaussian blur, for example, should be easy to detect. Clone tool? You betcha. It could take a bit, but images are inherently noisy. If the noise in the image has repeatable patterns, then use of the clone tool can be detected. Most digital images are sharpened by the camera. Changes that aren't sharpened can be detected.
I could probably think of more ways to detect digital fraud, but I think I've satisfactorally made my point. The fact of the matter is that we are not close enough to making changes undetectable. Just because the tools to make the changes get fancier does not mean that the tools to detect that fanciness just sit there and don't evolve.
"Derp de derp."
...if you're playing the Devil's advocate and expect someone like the FBI to frame you, why wouldn't they replace the write-only chip? Simply duplicate all the MD5 sums except those you want to plant.
Unless you want the camera to digitally sign them as well. Might work, if you have the secret key in a WOM not directly readable (i.e. you may sign the MD5 and verify the signature, but not read the actual key).
Kjella
Live today, because you never know what tomorrow brings
you're saying that a hard drive full of kiddie porn images shouldn't be admissable?
There are quite a lot of issues with kiddie porn prosecution.
So I read about this article saying they got person X on kiddie porn charges, and yet I wonder how much of that is real kiddie porn, as opposed to
*photoshopped kiddie porn
*18 and over porn, but with really young looking girls
the latter is of interest to me, there's a lot of really young looking girls used in porn, and I assume that the photographer and webmasters have done their duty to make sure the person is 18. However, those credentials don't pass over the net to the photo sitting on the hard drive, how does law enforcement know or not know if the girl really is over 18, though she could pass for 14?
As for the former, the idea of photoshopped kiddie porn is that it's kiddie porn without, hyptohetically speaking, having hurt a chlid in the process. Should that be illegal in that a person who consumed photoshopped kiddie porn is very likely to commit such an act? That's an ugly precedent.
Of course, this doesn't even touch the surface of what the difference is between kiddie porn and children who happen not to have any clothes on. Apparently the standard is some sorta fuzzy concept of one type of pic was taken specifically for the purpose of getting off, and the other was not.
Really odd case from Australia: a guy there makes videos of himself getting kicked in the jewels--that's the sexual fetish. He made one of a 14 year old kicking him, and was brought in on kiddie porn charges (though the girl was completely clothed.) The idea here is that a girl was being used for sexual satisfaction, though, under normal circumstances, it hardly is a sexual situation. (Dunno what happened to the case.)
Honestly, this is a mine field of questions that no one wants to talk about or answer.