Slashdot Mirror
Worried about Digital Evidence Tampering?
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
Ahh, digital evidence tampering, where would I be without you! I was quite good a creating doctors office letterhead for getting out of school. :)
Heck, where I come from not even regular (=non-digital) photos et al. are admitted as evidence in court - because they are too easily tampered with.
Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.
My second-to-last year of college, I had signed a lease for a house just off campus for the next school year. It was looking forward to it because it was a nice house and I'd be rooming with my closest buddies.
Unfortunately, when we went to move in, the place was trashed and grossly out of code for the city/county. In an effort to be released from the lease, I took a bunch of photographs of everything that was wrong with the house, but I took them on my digital camera. I even brought my camera to a developer and had the photos professionally developed.
Nevertheless, I brought my pictures to a lawyer (school-subsidized, provided for student lessor/lessee problems) and he said that if I wanted to use them in any practical way, I had to go take the pictures again with a real camera (and you could _barely_ tell it was digital).
Fortunately, we had enough evidence that the landlord caved (and we all learned many valuable lessons about leasing, and the law in that time period).
There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
... the fact that the jury recognized (and weighed most heavilly) was that the honesty of the law enforcement offical(s) was in serious doubt ... and quite frankly, often is.
... indeed, we even know of at least one case where the FBI insured that an innocent man was convicted of murder and sent to prison in order to protect their own informant.
... unless you want a scenerio where any Jury with any technical knowhow whatsoever will always vote to acquit, on the grounds that digital evidence is no more valuable than a he-said/she-said argument.
Bullshit.
This should matter a lot.
Mark Furman's bigotry was enough to create the appearance of "reasonable" doubt as to the veracity of the DNA evidence that unequivocably linked O.J. Simpson to the murder of his ex wife and her friend. Nevermind that the evidence was almost certainly NOT tainted or modified
Digital evidence is as fleeting as the wind. I can copy a file to your hard drive, make a phone call, and the assumption will be you're guilty. Or a cop could walk in with a CD, do the same thing, and convict you.
Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).
Similiar schemes might be applicable to preserving the integrity of digital imagry, video, etc., and it is very important that these issues be addressed.
We know that the police and the FBI do tamper with evidence. We know that they bear false witness in court
Law enforcement will tamper evidence on occasion, and making it easier for them to do so virtually insures that it will be tampered more often. In order to maintain (or even improve) the integrity of our justice system, we need to make modifying digital evidence as difficult (or impossible) as is possible, and we have numerous tools already to do so.
Dismissing this issue is foolish
The Future of Human Evolution: Autonomy
So technology has answered, its back in the hands of law enforcement to present their case properly.
I work in the field, I create and deploy records management systems for police.
There's always an auditable chain of custody with all eveidence, digitally the product i use accomplishes it with encryptions and checksums. If an officer takes a pic out to alter it (they have to crop/lighten/darken mugshots so they look consistent for use in a lineup), his actions are logged, and a copy of the original is always kept. Just like checking stuff in and out of any CVS.
There are some digicams out there specially designed for the task which create special checksums and hashes to prove, mathematically that the image on a disk is the same one the camera took.
This is all tied to the officer who took the picture and entered it into the system, and ultimately would be held accountable for it.
If needed, I could be called on to swear an affidavid that the file hadn't been altered since taken/entered.
Now, for the most part, the agencies I've dealt with only use digital imagine for mugshots, and a few take digital shots of traffic accidents. But more and more are expanding the use of technology. 911 calls, and police radio chatter, being encoded to mp3 and permanently attached to the case file, stills from dashboard cameras, crime scene photos.
Frankly, you can prove mathematically with some simple tech these days that not even a single pixel in a digital photograph had been altered. It'd much easier to fake an old-fashioned analog photograph.
Of course, sleazy lawyers will wow clueless jury members with how easy it is to change things in photoshop, which they'll understand. And those jury members will be asleep when the mathemetician demonstrates that there's only a 1 in 400 kajillion chance of altering time image without changing the checksums...
I don't need no instructions to know how to rock!!!!
that CNN is publishing this story; back in the late 1990s, they stole a frame from one of my computer generated animations of a pulsating star, and put it in a story on their website. They tweaked the colourmap a little, but apart from that the image is identical to my original animations.
They even had the gall to claim the copyright for themselves. Bastards.
Tubal-Cain smokes the white owl.
We've already seen a few kiddie-porn cases in Great Britain thrown out because the machines had been compromised, thus making it impossible to conclusively prove that the individual arrested was responsible for the crime.
But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:
- secrets can be observed.
- "evidence" can be planted.
- activities can be spoofed.
Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.
Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).
Scary stuff...
Eloi, Eloi, lema sabachtani?
www.fogbound.net
With our society relying on more digitized information all the time, it is not practical to make it all inadmissable as evidence. There's no way in the world that you could prosecute computer crime or for that matter almost any fraud without digital evidence. As for the photo example, non digital photos can be doctored as well. For example, you could doctor a photo digitally, recapture the picture with film and develop the non-digital photo of the digitally altered image. If its done well, it would be very hard to detect. Bottom line is, we need better evidence authentication, not exclusion of all digital evidence.
(referring to the parent post, not the grandparent): b b witch hunt.
ok, so the FBI raids someone's PC on suspicion of kiddie porn. Now, the PC has been out of the hands of the suspect. What's to stop the FBI from planting kiddie porn on the hard drive? And will it, in the end, even be neccessary to find porn on the hard drive? Links might be enough (links that might have resulted from IE's insecurities, for example?)I truly despise child pornographers, but are we heading for a police state in the name of anti-terrorism and anti-kiddie porn?
Maybe DRM actually makes sense in this context. I would rather be unable to get porn at all than be prosecuted for planted porn. (the OS could be programmed to reject any files that have porno-like meta-data in their headers, or however DRM works). Granted, this solution would keep all porn (including "legal" porn) out, but it would solve the problem.
I was told by a lawyer to get photographic evidence , not in digital, or film but Instant film format.
/developed.
Jury's, and judges consider the instant developed photos of the instamatic camera are considered unalterable because of how they are made
usually the oldest technology is the most accepted in the court of law.