Slashdot Mirror
PA Seizes Newspaper's Computers
twitter writes "Computer equipment from the Lancaster Intelligencer Journal was seized for alleged improper data access and disclosure. From the article: 'If the reporters used the Web site without authorization, officials say, they may have committed a crime.' Journalist are understandably upset that confidential information, that has nothing to do with the investigation, will be found and used for retribution."
The paper doesn't seem to be denying accessing the site, merely if it had been given permission. The only possible reason for this would be to check who accessed the site using the login and when, something which the government's own server logs should reveal.
Um...no. When talking to a reporter you're not protected in any way. It's not like talking to a lawyer or a doctor...or even a clergyman for that matter. Reporters are threatened all the time with contempt-of-court unless they give up their sources. When was the last time a lawyer was threatened with contempt unless he spilled everything his client told him about a crime? It's privileged. That's protected. Talking to some yahoo who thinks he's the next Woodward & Bernstein from the Washington Post isn't privledged.
Of course, I'm not a lawyer, so I could be totally wrong about all this. Take my advice when I say: "Don't take my advice".
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
That's why I just bought an external NAS drive with encryption. If it lost power, it locks and can't be unlocked until the encryption key is re-entered. They may be able to delete my data, but they can't access it. As an additonal security, the little drive is hung remotely off the lan. Finding it to take it could be a challange.
Check out the Simple Tech SimpleShare NAS. Drop it in the janitor closet someplace locked.
The truth shall set you free!
What doesn't seem to be passing most people's minds is the fact that this is a criminal investigation, not a civil one. As such, its target will be individuals, not the newspaper itself. If the newspaper is anything normal in this day and age, they lawyered up at first notice, and certainly didn't reveal the individuals within the newspaper who were responsible for the illegal access. As for server logs, they don't prove much. How, for instance, will the logs at the server level produce any compelling evidence as to who was physically using the workstations involved? As a criminal investigation with major possible jailtime involved, they can't arrest the entire newspaper, and have to go after individual users. And heck, even if they did have what they believed was sufficient evidence, federal prosecutors tend to want to have all the evidence they can get in case a defense attorney punches a hole through the legitimacy of a given piece of evidence. It's unfortunate that such events would effect the entire newspaper for actions of a few, but if the newspaper had knowledge, they're getting what they sowed...
Pointless, since it is illegal to not provide the key when asked by law enforcement who've gotten a warrant for it.
Warrants are specific. If each story or each week's work is encrypted using a different key, there is no way in hell that a judge could order all the keys to be handed over, despite having siezed the whole physical drive. That would be fishing, and there are specific protections against that.
"Finally, with today's fervor over terrorism it's best for you to not write anything down, record nothing and deny, deny, deny."
If you don't use the information you have, then the anti-terrorist fascists win.
Not writing anything down and not recording anything mean that you are effectively silent to everyone that you don't have personal physical contact with. Thanks for volunteering to have your voice taken away, you are a good little dissenting citizen.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Contrary to the /. headline, Philadelphia did not sieze the four hard drives.
Philadelphia is a city.
Pennsylvania is a commonwealth.
Surprisingly enough, the Pennsylvania Attorney General's Office works for the Commonwealth of Pennsylvania, not the City of Philadelphia. I know it's confusing; after all: they both start with the same letter.
but then so does Pontiac Plymoth and Ptomaine
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
"I think the biggest lesson here is that ALL your files that are important or private MUST be encrypted on your computer."
I think the bigger lesson here is to not go poking through private networks. Only the owner of the network (or its authorized proxies) can give permission to 3rd parties to access that network. Even if the Coroner had given the newspaper his password, the Coroner is not authorized to grant network access to 3rd parties.
The freedom of the press only exists to the extent that the press is used legally. That is a wide margin of operation, but it is not absolute (and never has been). It seems clear to me that the newspaper crossed the boundary.
The only factor that I think should exonerate the newspaper is if the unauthorized access to the private network uncovered crimes being committed by the government. Barring that, then the seizure seems to be proper; a warrant was issued by a judge upon reasonable suspicion that the newspaper committed a crime.
I fail to see how this is a first amendment issue. Nowhere in the first amendment does it say nor even imply that newspapers are immune from following the law.
The issue is this; if they had simply gotten classified information from the coroner in question, they would be a-okay. The coroner is in trouble, but they would be fine. The problem comes in when they try and access the data themselves by logging on AS the coroner. That IS a hacking attempt which is a violation of the law.
Moral of the story? If you are a newspaper and want to publish material that was obtained illegally, DON'T be the one who did the illegal obtaining.
I wonder is it practical to use the spare space on a block for data?
:)
perhaps with a 32k cluster size a dummy file might use 3k leaving 29k free for encrypted data if you had the program to access and decript the free space on a usb key say you could have potentially a very secure system especially if the key could be overwritten if the wrong password was entered.
the hd would look clean the key might even just monitor a key sequence without even offering a prompt.
or perhaps the key might be a jpg that would need to be copied to a specific location on the harddrive. probably needs to be automatically erased once access has been granted
just a thought
there must be ways and means
Blarney Quality Restaurant, Plants
A link for Simple Share NAS would be great, though I'm going to google it as soon as I finish writing this. Also, how strong is the encryption and have there been any administrative issues, flakiness, etc.?
t inas250/
The only flakieness I know about is one I did and had to send it in to be recovered. Use share passwords if you are using an encrypted drive. Do not do like I did and make some shares, provide passwords, then create users with user privilages, and then create an encrypted pool. It loops the software and no longer talks to the LAN. The magic reset to factory defaults does not recover from that. Other than that, read the Tom's Networking review. The rest of it is right on. The other thing a little weird is the 250G drive has a 3 year warranty but the 160G drive has only 1 year.. Go figure. Anyway the link;
http://www.tomsnetworking.com/2005/04/15/review_s
The truth shall set you free!
Your analogy was pretty good. Most slashdotters have this technique that lets them shut off their brains when an opposing viewpoint comes along, hence the criticism.
Just like you'd search the bank thief's house despite overwhelming evidence that it was her, you generally want to search a computer crime suspect's computers.
When did Philadelphia take over the rest of Pennsylvania and rename it?
The state of Philadelphia should sieze the hard drives of the Slashdot Editors for lousy journalism.
Slashdot = alt.religion.windows.mpaa.riaa.sucks
And presumably that unrelated confidential information wouldn't fall under the scope of the warrant. But the cops *definitely* have enough for a warrant. They have traced blatantly illegal activity back to a computer and seized it. Any private citizen would have faced the same. Freedom of the press isn't a blanket right to break the law with complete impunity and immunity.
I mean, think about what you're saying. It's like saying anyone with confidential information in their house (ie, everyone) shouldn't ever be subject to a legal, warranted search. There are mechanisms to restrict the scope of warrants.
In general, if one is worried about such confidential information, I'd strongly suggest not doing completely illegal shit with the computer containing it.
Want to make any bets that the manufacturer has a masterkey, or key reclamation mechanism, and will share it with law enforcement if there is a subpoena involved?
I was thinking too slow.. The software is GPL. Download the source and take a look. I'm not making any bets, but the odds against a back door are heavily in my favor.
The truth shall set you free!
In the example of Amazon or Google, your files aren't even just one harddrive somewhere, and they are mixed with the data of lots of other people. The data could even concievably be in motion.
If one of those large entities were served with a warrent, how would they prove that that data belonged to you?
So the thing to do, is to encrypt your data with multi-key encryption, so that if The Man askes, you give him the key that decrypts to last week's (published) article, while you keep the key to the real goods. You do need to keep your ego in check, don't give them a key that decrypts to "Ha, Ha, got you!!!"
Then there's the one time pad. For any cyphertext of length N, there is a key that will decrypt to any text of length N (or less). What you could do is store your etext at Google, your key at Amazon, and a bogus key at Yahoo. Since any good cryptologist starts and ends their messages with gibberish, this could easily fool The Man when you point him to Yahoo as the key.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Encryption wouldn't do much good when a judge will just order you to reveal the password(s) under pain of a contempt charge and jail until you concede, regardless of claims of bad memory, etc.
Can't you plead the 5th when asked to give passwords? I've always wondered about that... Can you be forced to give information to the authorities? From my understanding you cannot be forced to testify against yourself.
Or maybe the "right to remain silent" doesn't always apply to certain situations?
Can anyone shed light on this?
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
But should not the coroner still be culpable of something? An official should not be spreading a password around like that, and unless proof of the paper (or someone else) hacking his password is found, there is only on explanation for how they got it.
The cancel button is your friend. Do not hesitate to use it.
What if that disclaimer was used to hide embarrassing but important facts? My knowledge of those facts may have nothing to do with your silly web page. Does the state get to raid your newspaper because I blew the whistle? Who's going to blow the whistle? Do you really want to live in a TIA world, where the government thinks it has the right to know everthing and decide who can know it?
There are serious issues of limited search and seizure and publication in this case. It is being argued that the state is using this as a fishing expedition.
Friends don't help friends install M$ junk.
That's fine - until they subpoena the reporter to provide the decryption key, with contempt of court as a whip. 5th amendment doesn't apply if they're investigating someone else's crime. Admittedly, this does put the reporter in the position to block it - potentially at considerable personal cost. And this assumes the encryption/security was done "right" and the password is nowhere to be found on the disk (like in the page file, "suspend" area, etc...)
The very last line in the article is chilling - "In a one-page order dated Wednesday, the Supreme Court declined to hear the case on procedural grounds, freeing the state to examine the hard drives."
First the elections in 2000, and now aiding and abetting the dismantling of the right to free speech.
Way to go, GW - you really packed the court with "objective" jurists - as long as they rule to keep restricting freedoms.
"Let us raise a standard to which the wise and honest can repair" - George Washington