Slashdot Mirror
US District Court Says Calculating a Hash Value = Search
bfwebster writes "Orin Kerr over at The Volokh Conspiracy (a great legal blog, BTW) reports on a US District Court ruling issued just last week which finds that doing hash calculations on a hard drive is a form of search and thus subject to 4th Amendment limitations. In this particular case, the US District Court suppressed evidence of child pornography on a hard drive because proper warrants were not obtained before imaging the hard drive and calculating MD5 hash values for the individual files on the drive, some of which ended up matching known MD5 hash values for known child pornography image and video files. More details at Kerr's posting." Update: 10/28 16:23 GMT by T : Headline updated to reflect that this is a Federal District Court located in Pennsylvania, rather than a court of the Commonwealth itself.
The courts are finally getting up to speed on technology.
"Ein Volk, ein Reich, ein Führer." -Adolf Hitler
"We are one Nation, we are one People." -The One 'leader'
you can't generate md5s w/o actually looking at all of the data in the file.
This sounds like the worse possible way to search for kiddie porn, because a suspect who wanted to conceal his activities could just change a single pixel, and the entire hash would change. They would need a signature method that doesn't change dramatically when a single bit changes, like something based on a frequency analysis.
Palm trees and 8
Hash is ~$30/gram depending on quality. Seems like those folks in PA have been smoking something else if they thought they needed to calculate an emmm-dee-five.
The guy whose computer was searched, abandoned the computer and gave up any rights at that point, the person who found the porn was computers new owner. Just like any trash tossed out becomes public domain, there should have been zero expectation of privacy at that point. I am not a legal scholar, but I do not see how the 4th amendment applies here. It would be no different than if this was a diary in a different language and the person who inherited the diary found a translator, upon finding criminal evidence it would be fully admissible.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Moreover, you should probably run ImageMagik on all your files anyway (assuming they are images) to confound any md5 checking. For video, you can transcode it to the same effect.
Don't be stupid. I am NOT advocating "child porn", but knowing whether a model is 17 or 18 is not something I would want to risk going to jail over.
Anyone who's not talking out their ass care to comment on this?
Calculating hash values isn't search. Calculating them and comparing them to a database is. Not only is it quite clearly search (searching for files that match known MD5 signatures), it's hard to imagine another way to describe it without being deliberately obfuscatory.
...are like a mistaken identity sitcom waiting to happen--especially when that mistaken identity is a pedophile. I mean, they've covered that in probably like four Seinfelds, three Curb Your Enthusiasms, and a couple of Arrested Developments, right?
"The enemy knows the system" --Claude Shannon
It would be really scary if I junked a computer and months to years later someone might accuse me of child porn.
Wouldn't you have to prove exatcly where the hard drive was and who had custody of it all all times?
Sounds kindof like those people who give away a junker car without getting the new owner to properly take the title. The new owner gets into a hit-and-run and the state goes after the person who is the owner of record.
Comment removed based on user account deletion
"some of which ended up matching known MD5 hash values for known child pornography image and video files." Wait, so law enforcement has a database of kiddie porn and kiddie porn md5's? Some perverted bureaucrat found himself the right job.
"A claim for equality of material position can be met only by a government with totalitarian powers." Hayek
Yes, I would qualify parsing someone's file system into file sized chunks and processing them bit by bit and feeding that data into a hashing algorithm as searching.
When I submitted this story, I gave it the headline "US Court:...". Someone changed that to "PA Court Says...". That's wrong. This is a ruling from a US District (Federal) court, not a Pennsylvania state court, and so carries much more weight. ..bruce..
Bruce F. Webster (brucefwebster.com)
Comment removed based on user account deletion
If they mantain such database, I would expect that ISP filters in some countries also check on traffic and compare against this database.
I wonder how many unsuspecting downloaders were caught this way. (there are many of them who probably know how to never get caught though).
Still, all this pedophilia hype shows how effective society can be at censoring certain information.
Unless there is more to the story, which is not obvious from the RTFA, the evicted party forfeits the rights to what they chose to leave behind during the eviction. I am a firm believer in due process (14th) and in the 4th amendment, but again, I do not see how they apply here. In this one rare case court seems to have gone overzealous on the technological aspect of the case.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Or maybe get a proper warrant and follow procedures properly? Sorry, I am no fan of kiddie abusers but if we bent the rules the way you'd like them for this instance then what comes next? I break down your door as an officer, find nothing, and suffer a fine for having made a mistake? Sorry, the officers must follow rules same as you and I or they will become simple bullies. Oh wait....
Better a few guilty men go free on a technicality than allow officers to become a law unto themselves.
Build it, Drive it, Improve it! Hybridz.org
Comment removed based on user account deletion
Quite honestly, the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd.
So you're saying you have no problem with warrentless searches? Shall we continue this thought to it's logical extreme conclusion?
There's a reason the judicial system has the structure it does: so there's a strong trail of evidence, to ensure the rights of everyone involved have not been broken by law enforcement, to ensure nothing has been tampered with.
The law HAS to follow the law, otherwise what authority does it really have to enforce it?
How would you feel about this man if it was your child's photograph on this man's notebook.
How would you feel if it was your laptop that was seized without a warrant? "Oh I don't have child porn" you say. Sure...but without that warrant the cops may just plant the evidence. Now what say you?
Or, that friend you let borrow your machine last week, remember him? Yeah, he's not the church going fun loving person you thought. On that USB key with all of his work related stuff was a nice folder of child porn. Its a good thing he copied everything to your machine so you could work together on that big project that boss is asking about.
Or, that teenager in your house, yeah dirty young man. He's out browsing the internet looking for pictures. He accidently clicks on a link with under age "actors". Fortunately, he's a good kid and backs out of the site right away. Didn't look at anything, didn't mean to go there. Hell, you've even trained him well enough to erase cookies and temporary files. Hear that knocking? Yeah, that's the police showing up without a warrent and taking your machine. Oh look, they just found deleted child porn images on your computer. You sick bastard.
Without the warrant you have one more leg to stand on to fight these charges. Its there to protect the innocent.
The man was clearly guilty and the evidence was there.
What evidence? Some md5 hashes that happen to match hashes from a select number of images? Odds are if we hash out every file on your hard drive we will also find matches to that same list. There for, by your own logic, we should arrest you, put your name on the sexual offenders list, and drag you into court, all with out a warrant.
If you really want to live in a country with that much legitimate power in the government, there are numerous flights to China every day.
In short:
Good: Civil liberties defended.
Bad: Possible case against alleged child porn possessor blown.
Worse: Cops too f'ing incompetent/lazy/ill-trained to get a freaking warrant.
The problem here is not civil liberties getting in the way of prosecution, it's the prosecution failing to follow the law.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
...we speak of finding now inadmissible evidence that someone is collecting/distributing child porn, and you guys tag it as "suddenoutbreakofcommonsense". Really, people.
BeauHD. Worst editor since kdawson.
What good is a phone call if you're unable to speak, Mister Anderson?
From one of my journals last year:
It also journals an attempted drug bust ("attempted" because there were no drugs).
Yeah, this SOUNDS like good news, but so long as law enforcement and the legislature holds the Constitution in the utter contempt that they do, it doesn't really matter what the court rules.
Liberty? What Liberty?
Free Martian Whores!
Comment removed based on user account deletion
"How would you feel about this man if it was your child's photograph on this man's notebook."
How would you feel if it was your notebook I said had a picture of a child in it?
If our judicial system doesn't work right, we should fix it; I'm not taking a position on whether it works right in general. But let's assume we carefully figure out a set of rules and get our judicial system to work right for all manner of crimes from shoplifting to murder; rules that properly balance the rights of the (possibly innocent) accused. Turning around and throwing those rules aside for certain crimes is madness. That's what we mean by "think of the children" stuff: it doesn't help children any to do an intentionally bad job running the justice system for crimes related to children.
What evidence? Some md5 hashes that happen to match hashes from a select number of images? Odds are if we hash out every file on your hard drive we will also find matches to that same list.
Actually, odds are the hashes will not match...
No, using wrongfully obtained evidence is madness. If you allow it to be used in court cases, then wrongfully obtained evidence will start happening more and more in different kinds of cases.
Due process will go out the window, and you'll end up with people either fabricating evidence or just walking in to houses w/o warrants and searching whatever they damn well please.
And whose to say that if a cop searches your computer for child porn, tjstork, and doesn't find any but you get charged anyway for some cracked game that you own (legally bought, still a DMCA violation!) because that evidence was collected without a warrant stating that is what they were looking for.
Or if they knew someone was in a particular neighborhood and just turned it all upside down without warrants or permission. Cases can get very personal, and it wouldn't surprise me for a cop to be willing to take a slap on the wrist to use illegal evidence.
The biggest issues I see with going 4th amendment rights on this is the fact that the defendant doesn't own the computer anymore. From the article he lost it because of problems not paying rent. It changed hands to an uninvolved third party who noticed the files were on, now his, computer. He did what I would see as the right thing reporting it. He allowed the policy to look over the computer.
Does it count as a search? Yes without a doubt.
Does it break 4th amendment rights? If it still belonged to the defendant, sure, but it didn't at this point.
The law exists to serve the public good, and if the public loses confidence in that law, then we have no law at all.
The public needs to stop and think. I for one don't care how much people would prefer to return to Dark Ages mentalities on crime and justice, it doesn't make it a good idea.
"It's for the children" stuff is not some abstract thing that you can so handily dismiss. With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography, by giving them a cash cow.
It most certainly can be dismissed. The entire argument boils down to "the ends justify the means." Exactly the opposite of what our founders wanted, and for good reason. Oh, this ruling doesn't give a license to kidnap kids; it means cops must follow proper Constitutional procedure and get a warrant before searching. There are plenty of cases where those exploiting children HAVE been arrested following the letter of the law.
How would you feel about this man if it was your child's photograph on this man's notebook.
Ahh, good old "pleas to emotion" argument. That doesn't change the fact that a warrant should be required. I for one think it's a bad idea for police to be able to barge into anyone's house with cause and perform a search. I feel children are more in danger from that kind of behavior than requiring a warrant.
This judiciary system is madness.
No, you're reactionary knee jerk reaction given the historical evidence of what happens WITHOUT a 4th Amendment is madness. The laws are there to protect the people from the whims of those in charge. You don't believe it's an issue, you don't think it could ever happen... but it can and does all the time, all throughout history. If you're really that scared for your kids, I suggest you never let them out of your sight.
The rest of us will go on, realizing that our children are not in any danger, and that predators are not around every corner.
Actually md5s are usually sufficient, it takes a lot of time and energy to determine if the photos really are children. Sometimes it's obvious, but when you're talking about teens, some adult women do look like kids. Unfortunately in many cases without knowing the person it's nigh impossible to determine with any real precision.
The reason why they'd want to use checksums would be that these images aren't generally one offs most pedophiles with pictures aren't making all of them themselves, the hope of using this technique was presumably to find a couple and then do a further search later.
It is also as the judge noticed an end run around the rules involved in procuring evidence and really shouldn't have been allowed into evidence.
don't child porn creeps and ordinary privacy obsessed /. ers have a utility whihc automatically changes any file of type x so that the hash changes ?
I don't know anything about computing, but it can't be that hard to have a utility which automatically edits any .tif or.doc or .mp4 so that the MD5 hash is changed ?
Better a few guilty men go free on a technicality than allow officers to become a law unto themselves.
The largest US gang has a well documented record that would seem to indicate your statement is out of date.
As another everyday example, here's a big surprise, no?
I'm not intending to troll/flamebait here, but MY perception is there is very little accountability for the 'on the job' crew in blue amongst themselves. It is also my perspective that there is very little integrity once one subscribes to the original meaning of the thin blue line.
"The law exists to serve the public good"
No, it doesn't. Government exists to uphold rights, and the law exists to provide government one of the tools to do that. Rights belong to individuals, not "the public".
What makes a child pornographer a criminal is the concrete harm he does to an individual -- not some abstract harm to "the public good".
The system is designed around that. The bill of rights gives weight to the rights of the accused for two reasons. First, it is the job of the justice system to protect everyone's rights -- to defeind the rights of the victim while still respecting the rights of the accused. Second, when we don't respect the rights of the accused, we tend to conflate "accused" with "guilty", and then nobody's rights (including the victim) are protected.
If you dont respect the rules of the system even when they make it harder to catch the bad guy, then you're really asking for a rule-less system that enforces your will. But watch out -- yours isn't the will that's going to prevail if the system heads that way.
"With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography"
No, they haven't. They have not made child porn legal; they have reminded the authorities that they still have to do their job according to the rules even when it's a job that really needs to be done.
"How would you feel about this man if it was your child's photograph on this man's notebook."
If we left 'justice' in the hands of how those harmed by the crime feel, it would be revenge (which is not the same thing -- and which incidentally doesn't serve the "public good", either).
"the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd. The man was clearly guilty and the evidence was there. Instead, fine the police for doing the wrong thing"
Here, I agree -- to a point. It doesn't change the fact that in the context of the system as it exists, the court's action is correct, though; today the remedy for illegal search is suppression of evidence.
But yes, I think holding law enforcement personally responsible when they violate the rights of the accused would be more just than penalizing the victim (and any potential future victims) by preventing a conviction when the accused really is guilty -- if such a system can be made to work.
There are two problems with that, though, which I don't know how to resolve:
1) Having performed an illegal search, which results in the conviction of a child pornographer, a police officer goes on trial. What jury will convict him? If the answer is none and that's ok with you, then you're really saying that the accused shouldn't have had rights in the first place.
2) Being personally liable for mistakes can create an incentive to do less work. I'm not saying this justifies a lack of personal accountability in general, but you do have to have a system in which the police are confident "if I do the right thing, I won't be punished". That's harder than it sounds.
Odds yes.
But no guarantee.
A better check is hash and file size, since it is more difficult for two files of the same size to have the same hash by chance. Especially using compression due to images or videos of the same dimensions reducing to different sizes.
Hash and file size checks are useful for checking if a file is intact and possibly not altered. They are great for lookups.
But, in the end, you still need the file to validate the correct item is found. Hashmaps store both the key and hash for this very reason. The hash is a quick lookup, but the key is needed to verify the right element has been found.
Unless the hash is the same size as the key.....
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
Miscegnation used to be against the law in many places. Our laws have improved since those days, but who's to say that they couldn't use more improvement?
Even if he thought the search was ok, if he wasn't 100% sure, the DA was just giving himself a second chance to win by arguing it wasn't a search at all. He wins if either argument holds up, so why not make both? (And he has to make them in that order; you can hardly argue 'the search was legal, and also, we didn't search it'.) This is standard legal tactics.
It's a Redundant Array of Independent Arguments.
He said the game was legally bought. The crack is (I presume) just for the convenience of not having to keep the CD it came on in the drive while playing. Instead, the CD can be safely kept out of harm's way.
Are you sure? MD5 is broken. If I were a child porn crusader in law enforcement, I might create matched pairs of images, one legit, one child porn (derived from an existing child porn image), with the same MD5, then put that MD5 in the "evil MD5" database. Then I'd distribute the legit ones (perhaps adult porn, perhaps anime, maybe lolcats, anything appealing to a group I think contains a lot of filthy pedophiles) far and wide. Then if I can do MD5 hashes of suspect's laptops without triggering 4th amendment scrutiny, I can use the "evil" hashes as evidence to search the laptop "for real". This ruling precludes that particular dodge.
>>>"Oh I don't have child porn" you say. Sure...but without that warrant the cops may just plant the evidence. Now what say you?
Even if they don't plant evidence, who wants to go through the hassle of losing their PC for one or two months while the cops scan it for hidden porn (or even stashed drugs). It's not about dishonesty by police, but stopping harassment of citizens. Nobody wants one or two months of their lives wasted just because the government agents have nothing better to do than grab private property.
"[the British government] has erected a multitude of new offices by a self-assumed power, & sent hither swarms of officers to harrass our people & eat out their substance;" - Declaration of Independence, 1776
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
NO, the argument is VERY sound. There is due process for a REASON. Yes, if it is my child I would want the person TOOK the pictures to go to jail or even be killed, but what if I was mistaken or what if it was accidentally downloaded. I know of a couple of cases were kids were taking pictures of themselves and then link baiting people so that they would go to the site and download these pictures, also a government agency put up a honey pot somewhere to catch child porn viewers, and someone found it and people started passing the link around and tricking people into clicking it. I would want that person to be locked up, BUT that is not MY job, in a free society, it is the job of a judge and jury to prove that that person did the deed and, if found guilty, to figure out what the level of punishment for that crime is, the judicial branch is there to protect those accused along with those that are offended and with that said laying down well established laws and procedures just so that we find maybe .01% instead of .009% of the people that have child porn on their computers even mistakenly, is not a freedom that i am willing to give up. I don't condone child porn, adult porn on the other hand is A-OK in my book, but i see the "ends justifies the means" augment that tjstrock seems to be condoning and the current law enforcement view is never a good idea.
-phuc
Pay attention to his post. He said the cracked game was one that was paid for and that a ridiculous clause of the DMCA makes that cracked copy of an application that he legally paid for and attempted to use in a use that falls under fair use, illegal. Two conflicting laws exist, making it impossible to truly know if you are breaking the law or not, or how it will play out in court - Fair Use Rights and DMCA.
Fair Use explicitly lays out when and how you can use the products you have bought. DMCA limits these rights without having gone through the required process of reforming the original law.
His point was that you should not be afraid of the government. You should not have to fear that having a photo on your laptop of your darling baby boy taking a bath will mean that you will spend years and years in jail for child pornography. His point is you should not have to fear that someone will just burst into your home and search through your entire house, hard drive, etc., without following due process of law. Whether or not the recipient of this illegal search is guilty of something or not is not the issue.
If you want to get angry at someone, get angry at the cops for not following the law and not receiving a warrant to search prior to running the search on this hard drive. It is their fault that this man is now free. It is their fault for not following the letter of the law.
It is better for a hundred criminals to go free and retain our rights to not having unreasonable search and seizure* than for a single innocent man to be placed in jail.
Sounds ridiculous until you are that innocent man.
The Fourth Amendment, for reference: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Before commenting on the Bible, please read it first
Odds of one innocent file's md5 hash matching one identified file's hash md5 is insignificant. But in this case we are talking about and entire hard drive's worth of files compared to a database of all known digital kiddie porn.
Take a PC that has been in heavy use for a few years, you might have a couple hundred thousand files, each of which could collide with any of the hundreds of thousands (millions?) of hashes for every known kiddie porn related file on the internet.
Think of it like rolling dice. Rolling a double 6 on a pair of 6 sided dice is a 1/36 chance, but rolling any doubles is a 1/6 chance.
The odds of any single file on your hard drive matching any single file they have on record is significantly better than a specific file on your hard drive matching a specific file they have on record.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
But since anyone can manufacture files that match known MD5s, the minute said "Child-porn hash database" gets published (which, if you look hard enough, they already have been), all bets are off.
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
I think you were spot on with your argument.
The hash on its own does nothing. The fact that they used MD5 is just complicating how people are looking at it. It's the algorithm behind the search.
What if they created a directory listing of every file name then compared it with one file name at a time from a pre compiled list of child porn image names? What if they use the search feature and typed in each name one at a time? What if it was not names, but full files. Do a bit by bit comparison of every file with a directory of known child porn files? Or what if they just used a MD5 of every file and compared it to the MD5 of known child porn files? Actually, that is what they did. How are any of those any different?
In this case, why didn't they have probable cause to search for porn after an eye witness reported the fact that porn was on the computer? Would it have made any difference if he left it on the display or showed it to the cops? They looked at the computer because they knew it had the child porn on it.
If I am in a car that gets pulled over and my passenger tell the cop I have drugs under my seat, does he need a warrant to search for it? (Honestly, I don't know. That's why I'm asking.)
Isn't it reasonable to conclude that they could still get a warrant based on the eye witness? That would show that they would have eventually found the same files another way to get it back in?
It is possible that I watch too much Law & Order.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
>>>Then don't break the law! What is so hard about not breaking the law.
Without the requirement for a search warrant, you don't have to break the law. The police can enter your home, take your PC, and keep it for a month without ever needing to justify the act. I call that "harassment" and it can NEVER be allowed to happen again.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Not only did they search the drive without a warrant, but they also got the defendant to confess to putting the files there by questioning him without reading his rights and telling him that he didn't need an attorney. Genius.
Even dumber: Based on the testimony of the guy who originally found the child porn, they could have gone to a magistrate and gotten a warrant. Then there would have been no issue of a warrantless search.
BTW, for those considering the abandoned-property angle -- the court goes into that. It wasn't a legal eviction and the defendant hadn't abandoned his stuff; he merely hadn't removed it all yet.
The asterisk was supposed to link to the Fourth Amendment comment at the bottom... I've really got to proofread my own stuff more often.
Before commenting on the Bible, please read it first
"[The government] has erected a multitude of new offices by a self-assumed power, & sent hither swarms of officers to harrass our people;" - Declaration of Independence, 1776
BTW:
I have a bomb in basement. Any police force who enters my home with warrant (or probable cause) is fine with me. No objections. But if they enter without warrant, then the rules change. I'm just one person and powerless to stop them, even when they are committing an illegal unConstitutional act. However the remote-controlled bomb will take care of them quite readily. BOOM. The message will be clear to police forces everywhere - don't violate the Supreme Law of the Land.
I'm just joking of course.
FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
Do you have any file in your computer whose MD5 hash matches the current Google logo?
Of course I am not defending using MD5 hashes as proofs of child porn, leave alone the computation of said hashes without a warrant. I was simply making a claim on the hash algorithm.
Because a lawyer's job is to make the strongest argument. The stronger argument is that the person who "owned" the computer called the police. The question then becomes did the owner give the police proper permission. If they did, then that's the strongest argument. If they did not, then they went with this argument because it's all they had.
And if someone screwed up, that person needs to be slapped around for not following proper procedure.
"All great wisdom is contained in .signature files"
Comment removed based on user account deletion
the same sort of people don't give a shit that future generations will have to clean up the crap we're putting out.
"Think of the children but only while it doesn't affect ME!" is the *real* cry.
I haven't read the whole opinion, because IANAL, and I hate the bloviating that goes on in them.
It seems, though, that if the property was forfeited by its original owner, and the new owner of the property provided it to the police because of things that the previous owner did to it, there should not be a legal issue.
It's kind of like when Paris Hilton failed to pay the rent on her Public Storage (or whatever) space, and the landlord sold the property inside. When the nudie pictures and private journals inside were made public, she had no legal recourse because it was NO LONGER HER PROPERTY by virtue of her non-payment of rent and the statutory forfeiture of the contents of the space.
Then again, I just tried to cite Paris Hilton in a legal argument. Whatever...
How would you feel about this man if it was your child's photograph on this man's notebook
If you're going to bring emotion, kicking and screaming, into a discussion on legal procedure, let's go all the way: How would you feel if it was your Constitution being ignored?
If I have been able to see further than others, it is because I bought a pair of binoculars.
Not having this problem, same version.
You are an idiot and others have already explained why. Even if you break *no* laws (which is almost impossible given how big and complex the legal code is now), should the police be allowed to barge into your place and snoop around whenever they feel like it? You do realize police are human beings, don't you, and can have personal beefs with people. What if a police officer believes you or your wife are the "wrong" color, and wants to continually harass the two of you? You want your door broken in and your house ransacked on a regular basis, even if they never find anything.
Please, go goose-step over to a dictatorship, since you would clearly prefer to live in one.
Similar to the upcoming US election results
Comment removed based on user account deletion
That's only true when comparing one-to-one. When you compare a big list of hashes against a big list of other hashes, you don't get nearly the same nice behaviour you get when comparing one hash against a list of other hashes.
Comment removed based on user account deletion
Comment removed based on user account deletion
Can you find a file in your harddrive with the same MD5 hash as the current Google logo?
A better check is hash and file size, since it is more difficult for two files of the same size to have the same hash by chance. Especially using compression due to images or videos of the same dimensions reducing to different sizes.
This isn't much good either, since most JPEG decompressors will ignore stuff appended to the file. A better check is to do some sort of fuzzy matching on the actual image. I guess the reason that law enforcement don't do this is because it's slower than doing "find / -type f | xargs md5sum | grep <badchecksums>".
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
I'd like to just add on to your post, because I think otherwise part of your point may be missed. The reason this judgement is good is not because it protects people who have child pornography, but because it protects people who don't have it.
If you make an exception and say that it's ok to do otherwise illegal searches so long as you're looking for child pornography, then you've opened a back door for police to search *any* computer under the guise of looking for child porn. So then, some day in the future, some police officer would be able to take your computer without a warrant, scan your hard drive, and then say, "Well, we were looking for child pornography, so what we did was legal, but we found instead this other information. Since the search was completely legal, we can use that information against you."
In effect, it would mean that they wouldn't need a warrant to search computers anymore.
Comment removed based on user account deletion
As they said, that's comparing one to one. As you start comparing many to many, the number of pairings rises fast and the chances of a hash collision become significant. It's similar to the way that there's a 1 in 365 chance that any given random stranger shares my birthday, but it only takes 23 random strangers to gather together before the chance passes evens that some pair of them shares a birthday - and 57 random strangers before the chance passes 99%.
Real Daleks don't climb stairs - they level the building.
Yeah, it only takes 23 people, because you're selecting from 1 in 365 possibilities.
There are 2^80 MD5 hashes. You're going to need around 2^40 files before you start to have even one collision, and you're still not getting close to matching a particular value, just any two random values.
So, unless the known hash list they are comparing against is larger than 1 million, there's almost no chance of a false collision.
http://lkml.org/lkml/2005/8/20/95
But the recent civil forfeiture provisions for copyright infringement they're trying to get signed (maybe already signed?) into law will allow them to do the same thing. The Feds can already seize your property on the mere suspicion that it is being used for illegal drug activity, and are not required to even file charges. When said seizure happens, the burden of proof is on the owner prove that it wasn't used for illegal activity.
The society for a thought-free internet welcomes you.
It wasn't a legal eviction, that's why that argument wasn't invoked. In effect, the computer was stolen. The defendant even reported it as stolen way before the child porn was reported.
It is a massive cock up by the police. If they had done things by the book it might have been alright, but to be honest I think the chain of custody of a stolen PC would pretty much erase any case they would have.
The biggest issues I see with going 4th amendment rights on this is the fact that the defendant doesn't own the computer anymore. From the article he lost it because of problems not paying rent. It changed hands to an uninvolved third party who noticed the files were on, now his, computer.
It's also impossible to prove that anything found on the computer is anything to do with the defendant. The rent dispute is an obvious motive for the former landlord to take all sorts of malicious actions.
The question of whom generated the illegal content then becomes an issue in my mind. Seems that there were at least three other people who have likely had access to the computer (Landlord, Sell, Hipple). So what's to say one of them wasn't downloading illegal content.
Moreover, let's say that the landlord has long-standing issues with the computer's owner (heck, I don't think you can just *seize* property anyways without a court order???), so he gets Sell or Hipple to plant a little "evidence" against his disliked tenant and then call it in.
The odds of any random non-child-porn file on a system having an MD5 collision with any file in the child porn database is vanishingly small. MD5 is broken such that there may be ways of generating files with the same hash, but random files are going to be so unlikely to match as to be practically impossible.
Still, it's a far better thing to use at least SHA1 hashes, or preferably SHA256 or higher.
You can never go home again... but I guess you can shop there.
Odds yes.
But no guarantee.
Beyond a reasonable doubt is enough, and while it's never really been put into law what that means it's probably around 99%-99.9% somewhere. I certainly wouldn't have a problem believing it if you told me one in a thousand people in jail really is innocent. Even if you have a billion files and they have a billion files, the chance of any one of their hashes matching yours is way, way below that. Anyway the whole discussion is rather silly because I thought the first step in any such procedure is to make a full disk image and work with that, never with live evidence.
Live today, because you never know what tomorrow brings
My question would be: what if the age of the girls themselves is in question. Does that mean that the jury has to review a ton of nasty pictures and make the assessment, or is the testimony of an "export" good enough?
Jury duty in those cases would really suck. But then again jury duty on any cases involving kids as victims probably isn't very pleasant.
This sounds like a good ruling to me at first blush.
The functional effect of an md5 hash is effectively equivalent to taking a photograph if the item were something visual. Consider the following hypothetical:
Why would the police, having this power, not just prospectively photograph all aspects of everything all the time "just in case"?
An md5 hash is weaker than a photo because there are other things that could decode to the same hash, but for the most part what it will do is serve as a way of telling that nothing changed, and in fact will be a way of verifying that the image you're looking at now is "reliable" (to some degree) as a picture of what you had before. And so in effect, it's a way of (almost) getting a picture of what you had before--certainly it transforms a picture of what you have now into something that can be claimed to be a picture of what you had before. And so it's a way of reaching into the past and creating evidence at that time and, constructively, it amounts to the taking of evidence before-the-fact.
It's often hard for people to understand why that's bad, since it falls easiliy prey to the "if you have nothing to hide, why do you care?" argument. But it depends on what you value about a free society. If you're comfortable with the idea of police searching your house any time they want just because they're not going to find anything, I guess there's no issue. But me, I don't even like my friends rummaging my house. I value the concept of privacy as an intrinsic thing.
Naturally we all want the "evil doers" brought to justice, and this case probably troubles most people, but the issue is that it sets a precedent that's usable in other cases, and you don't want that precedent to be that just because it was convenient to get one guy on one day, all of our rights suffer forever after. So I'm happy that it sounds like there was a conservative ruling on this. (Where I mean "conservative" in the traditional meaning of the word, not the neocon meaning.)
Kent M Pitman
Philosopher, Technologist, Writer
How would you feel about this man if it was your child's photograph on this man's notebook.
I would ground him for disobeying me. I specifically told him no posing naked for pictures!
'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%'... if you're reading this, it didn't work.
Exactly. MD5 checks are damn stupid ways to do anything. The only reason the police were doing them is so they could claim it's not a search, and they don't need a search warrant.
When something matches, as it almost certainly will with such a large database of hashes, they then have probably cause and can get a warrant to actually look at files.
If corporations are people, aren't stockholders guilty of slavery?
Yes, that's the birthday paradox. I'm not sure offhand how big the NCMEC database is, which is usually what they're comparing against, but let's try some math.
Let's say your hard drive has N files and the database has M items (so, comparing a list of N to another list of M hashes). Your hard drive doesn't actually contain any of the files used to generate the "bad" hash list. The probability of a hash collision is approximately P = 1 - exp( -N*M / (2 * 2^128) ). Assuming the value in the exponent is small, this is approximately P = N*M/2^129. 2^129 is in the rough vicinity of 10^43. In order for you to have a one in a billion (10^9) chance of a false positive, the product N*M would have to be ~10^34. If the hash list has a billion items (I think it's smaller than that, by quite a lot), you'd need 10^25 files on your disk -- well beyond the capacity of readily-available desktop storage.
MD5 hashes are useful because they're resilient to even birthday collisions. What they're not resilient to, it turns out, is intentionally creating two files with the same MD5 hash. (Even then, it is infeasible to generate two files with the same MD5 hash and the same size.)
I wasn't aware that you could _easily_ create collitions of an MD5 hash of a file that still keep some sort of order (like creating a perfectly valid jpeg that dosen't turn to show like noise, but an actual meaningful picture, from a MD5). Mind to share your algorithm?
DON'T PANIC.
To further this point, it is more likely that you'll have a duplicate finger print than a matched hash or hash collision.
Not to mention the "guilty when accused" attitude of the public. Suppose the police arrest you, seize your laptop, "leak" your name to the media, and they say "Oops, our bad" and let you go. You might not have a single blemish on your record, but the public will think of you as a child pornographer who somehow evaded the police. Every place you go you'll get wary looks. If you have kids, Child Protective Services might make your life a living hell. (I know someone who had CPS called on them by a vindictive neighbor. Even if there's no evidence of any mistreatment, they can still make your life hell.) You might find yourself "downsized" from your job. All because the police were able to arrest you/search you on a whim without any real evidence.
The warrant system isn't perfect. Innocent people still wind up going through the above troubles. But warrants help keep those incidents to a minimum.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
It's worth pointing out that literally 99.999999% of child porn is made by people who have legitimate possession of the children. Either actual guardians or people temporary watching them.
There is almost no instances of child porn being made with kidnapped children, and it extremely unlikely someone would kidnap children for that, as opposed to incidentally doing it to children they already kidnapped.
Hence, 'child porn' is not placing anyone's children in danger. Not people possessing it, and not even people making it.
The danger is child abuse. It is not child kidnapping, and it's certainly not the entirely hypothetical 'child kidnapping to make porn'.
Child abuse happens almost entirely by people who are entrusted with children, not random strangers.
If corporations are people, aren't stockholders guilty of slavery?
And it is a triviality to apply a filter to all images you own in order to change the hash under any has algorithm you can come up with...
Do you have any file in your computer whose MD5 hash matches the current Google logo?
Try: "Do you have any file in your computer whose MD5 hash matches any of the top 130,000 images in Picasa?"
But:
My Windows box has some 120,000 files on it. Let's round that up to 131,072 or 2^17.
Let's assume a perfect hashing algorithm that spreads its hashes through a 128 bit space.
So the chances of any of my files colliding with the hash of a single kiddie porn file are 2^17 / 2^128 = 1 / 2^111
If the police have a database of hashes that's also 2^17 items long, then the chances increase accordingly: 2^17 / 2^111 = 1 / 2^94
2^94 is a very large number.
Even if MD5 isn't perfect, the chances of an accidental false positive are vanishingly small.
Just thought I'd get some facts in. Personally, I still support due process in any criminal investigations.
This is one of the things that hashes have a hard time with. The chance that a random file will match the porn list is about 1 in 2^128. The chance that some file on the hard drive will match the porn list is closer to 1 in 2^64. It's still a big number, but not quite as big as you might expect
It's so refreshing to read slashdot and hear intelligent reasonable rational people who are concerned with the freedom and legitimacy of the American Republic. God Bless Slashdot and God bless America.
Well, actually, "It's for the children" is a statement that tends to have no factual basis, be unconnected with real children, and be used solely for political force and shock value. Even if you ignore that, it's still a vague, highly abstracted statement.
This statement is also based on third-rate logic and abstraction. As best I can parse it, your theory is that, by preventing convictions under unwarranted searches, this will ensure a thriving pedophile economy to boom, driving profits up for child pornographers. If you're going to say something makes something more profitable, say that, instead of "gives license to." Also, I suspect that you're just wrong there, honestly.
I have my own questions on whether discarding the evidence regardless of severity of crime is a good thing, but the tradition itself is important; it's the only real way to control the government's use of search and seizure. A fine won't do it; at the very least, the station could just have an unofficial kitty, and put five bucks a paycheck in to cover the fine if someone wants to bust down a door illegally.
http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/A5DA99A5DC85587B862574F0000EB107?OpenDocument
Sigh.
There are good cops, there are bad cops. There are stations where police are the problem, and there are stations that do their job by the rule of law.
This is a reductionist argument that comes out of the fact that abuses of police power are news, and "Policeman does his job" isn't.
To exceed a .1% chance of finding a match with MD5 (a 128-bit hash) you would need to compare
n(p;H) ~ sqrt( 2*H*ln (1/(1-p)) )
n(.001;2^(32-1)) ~ 2^60
pictures. So to have a .1% of finding a collision of a legitimate picture and malicious picture in the FBI database one would have to compare about 830,000,000,000,000,000 pictures (8.3*10^17). You don't understand what it means to say that "MD5 is broken." Please leave the cryptography to the cryptographers.
I wish I could remember the author and book name but I can't so take this as anecdotal until someone comes up with references.
A while back, there was a book getting some attention on CSPAN and in the literary and legal press that posited warrants were not conceived as common things. A warrant, so the thinking went, would indemnify the police from damages if they searched an innocent party. If the police searched someone without first getting a warrant and that person turned out to be guilty, then the search was fine in a "no harm, no foul" sense. If the police did not get a warrant and searched someone innocent, then the person searched would take legal action and be directly awarded large penalties from the police.
The position of the book was that warrants were originally conceived to be rare things, only gotten when there was an edge case where the police reasonably suspected wrongdoing but weren't absolutely sure of their facts. Supposedly, if the police were absolutely sure, they should be free to go ahead and kick in doors. Generally, though, the police were assumed to be unwilling to do so in any but the most obvious cases because to do so incorrectly would bring major penalties down on their heads.
The book cited old English and colonial cases where police made mistakes and courts then ordered the police to directly pay damages to the former suspect.
Such a system could have worked back in the day. Nowadays, not so much. So much of what is illegal these days is invisible or not easily discernible that the need for warrants, even under the old criteria, is huge. Add to that the common practice of police not acting with integrity (I came of age in Houston, Texas in the 1970s. If you learned to deal with cops in that time and place, you'll never, ever, ever trust any cop to tell the truth about anything. You will forever assume that any evidence found by cops was planted. Period.), and the whole "Cops won't hurt innocents because they're afraid of the repercussions" notion simply falls apart.
I said all that to say this - I have some appreciation of the reasonableness of the attitude that if evidence of a crime is found, it doesn't really matter how it was obtained. On balance, I don't agree with that position but I do believe that it should not dismissed out of hand. It has some theoretical merit. It has no practical utility these days, but the theory isn't all crap.
Couldn't this be a precident that affects anti-piracy taskforces, as Bittorrent uses Distributed Hash Tables, which are a form of MD5 Checking if I recollect correctly. So in order to catch someone seeding something illegal they have to get a warrant to even delve into the DHT stream?
-Thomas maerz HKEY_LOCAL_MACHINE
Ummmm.... I'm going to quote you here, alright?
Such as the laws governing unlawful search and seizure?
Also, if you'd actually read his post, he stated a cracked game that was legally paid for (i.e. using a NoCD hack on a game he owns so that he wouldn't have to use the CD, or perhaps getting past copy protection that was misfiring and preventing him from playing the game he purchased).
But even ignoring that, is there relative importance of laws? Yes, sentencing being variable proves that handily. And is it possible to disagree with certain laws, or even believe them invalid based on conflict with higher laws (i.e. DMCA falling before fair use [note: Not claiming this position, just claiming it exists])? I would say yes.
"Oh won't someone please think of the children!" - Helen Lovejoy
"I'm a well-wisher, in that I don't wish you any specific harm."
I apologize for interrupting the false dilemma here, but would it be a reasonable option to prosecute both the criminal who was caught and the cop who violated the Constitution to catch him? I know, I know, we've got two guilty people on our hands, and our natural, rational instinct is "let them both go unpunished, then set fire to our own hair"... but perhaps there's a way to disincentivize police excesses without giving criminals a get-out-of-jail-free card.
I suppose there's an argument that anyone who would violate the Fourth Amendment can't be trusted as part of a chain of evidence... but in that case, shouldn't the guilty cop be kicked off the force entirely, not just distrusted regarding a single case?
Those are just thoughts in general, though, not necessarily a recommendation for this particular case. Even if it was admissible, I'm not sure I'd want to prosecute someone with evidence like "Look at what we found on his computer, thanks to the help of some guys who felt cheated by him, took his computer, reported incriminating files to us, and totally pinky swear that neither of them put them there themselves."
KIDDIE PR0N -> MD5SUM -> [MAGIC HAPPENS] -> LOLCATZ
The creator of this post (Jacob Smith) hereby releases it, and all of his other posts, into the public domain.
That sort of law varies from state-to-state, with various time limits on it.
Incidentally, evicting someone from their apartment requires calling the police in many jurisdictions, even if they aren't residing there anymore. You have to fill out forms and the police have to formally turn the abandoned property over to you and whatnot. You can't just call it abandoned and randomly sell it. There are procedures you have to follow, like trying to contact the person.
It really sounds like this landlord was operating in violation of the law. I don't really know what's happening, but the story, as told, seems to be glossing over the legal aspects of this.
If corporations are people, aren't stockholders guilty of slavery?
There are good cops, there are bad cops.
But the good cops will cover for the bad cops, so you still have no accountability.
By definition, the good cops WILL NOT. They cease being the good cops, there.
And this ignores the existence of internal affairs, whose whole purpose is to maintain accountability and reduce corruption.
The view of the police as solely an evil or oppressive force is massively reductionist, and at least as naive as the view of them as being solely capable of good actions.
Apparently it is you who misunderstand what it means to say that "MD5 is broken", as the numbers you gave were for an unbroken hash.
It is possible to generate MD5 collisions in reasonable amounts of time. It is possible to generate different meaningful files which have the same MD5 hash in reasonable amounts of time. It is not currently practical to generate a different file which has the same MD5 hash as another existing file, but that's not what I was suggesting.
Here's what our crusader would do
1) Select an existing child porn file
2) Generate two new files. One is crafted to render pretty much the same as the existing child porn file. The other is crafted to look like something which isn't contraband. Both have the same MD5 hash (different from the existing CP file).
3) Enter the new child porn file, and its MD5, in the child porn database. (or, more subtly, distribute it to known child porn purveyors who are about to be busted, and let someone else enter it in the database)
4) Distributed the non-contraband file via legitimate channels.
5) Go after people who are likely to have the non-contraband file, search computer using MD5 tool, and find evil MD5 (on legit file).
6) Use existence of evil MD5 to get warrant to do a thorough search of the computer
See
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
for an algorithm for creating meaningful files with the same MD5 hash.
I don't see how the issue of exactly *how* the drive was searched by the police matters all that much. The thing that troubles me is the way they got their hands on the drive to begin with. It was given to the police by a third party. One that had an ax to grid against the accused.
Imagine if I want to crucify my tenant, what I do is go in, grab his computer, fill it full of bad stuff and then hand it to the police. You'd think the police would think twice about where the stuff is coming from and whether it is legitimate evidence in the first place. My take is that it is no more evidence against the accused than against the landlord or his accomplice.
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
H. L. Mencken
A more accurate question by way of analogy here would be to ask "Can you find a file on your hard drive that matches the MD5 hash of any corporation's logo?" This is a many-to-many match, hashing isn't terribly well suited to that and the odds of a collision raise dramatically that way.
To fight the war on terror, stop being afraid.
GP didn't advocate breaking the law. Realize that, and understand what he actually said, and maybe you'll understand why you're wrong and are racking up the Troll mods in this thread.
Here, I'll help: nobody (not even the evil heathen liberals) posting in the thread likes child molesters. You can safely make that assumption about every post you read.
--Jeremy
Jesus was a liberal
Not quite. Actually, until they get due process, they ARE normal; they're called citizens.
The same judge also said:
A hard drive is not analogous to an individual disk. Rather, a hard drive is comprised of many platters, or magnetic data storage units, mounted together. Each platter, as opposed to the hard drive in its entirety, is analogous to a single disk as discussed in Runyan.
Which is thoroughly asinine.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
You people cast yourself as a minority, and here I am with -17 karma on this thread... the outrage and mob is you guys, demanding that the police be hobbled at every turn, no matter how ridiculous. Your position is the popular one, and dogmatic.
I argued that letting a bad guy go because the cop screwed up is a losing proposition. You let the bad guy go and did nothing about the bad cop. What good did this decision serve, other than to let bad guys go?
The fact of the matter is that the undercurrent of this argument is in fact where you value children. Plenty of people had no problem with hacking into Sarah Palin's emails, which is a clear mob behavior - hey, she's bad, let's break into her house, which is what you people supported. But, god forbid, someone goes and finds kiddy porn on the notebook, and you want to let the guy go because your constitution has been trampled. That's just crazy talk.
If the constitution is a living document for the left wing, it is a living document for the right wing too. If you can trash the 1st amendment and the 2nd amendments, and the commerce clause, then certainly other people can trash the constitution in ways they see fit.
Ultimately, the whole point of this board is to prove that the constitution is NOT a living document. It is a treaty among the states and the people and you cannot lightly alter its terms to affect the pet causes. But, if the left wants to have the supreme court impinge upon the states in any manner of causes, grant congress the right to redistribute wealth, or any of its other causes, in the name of social justice, then I'm sorry, but we on the right are going to throw child molesters in jail, even if the cops bend the rules from time to time.
This is my sig.
No clear chain of custody for the evidence. Sell, Hipple, and the landlord all had access to Crist's computer; any one of them (and anybody else who had access to the apartment) could have placed the images on the hard drive. The landlord even had a motive for getting Crist in trouble -- not paying your rent tends to piss people off. That being said, if Hipple claimed he saw kitty porn on the drive, that should have been sufficient cause to get a search warrant -- the cops messed up by not following proper procedures.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Seems like a no-brainer. the process of generating the MD5/SHA/etc is going to require you to scan the contents of the files. Sounds pretty invasive to me. Maybe I don't see the significance of this ruling?
“Common sense is not so common.” — Voltaire
This is a reductionist argument that comes out of the fact that abuses of police power are news, and "Policeman does his job" isn't.
Which 'abuse of power' was not covered up well enough?
Which policeman 'did his job' was covered up successfully?
By definition, the good cops WILL NOT. They cease being the good cops, there.
The good cops may not cover by directly blowing the whistle (har!), however simply not saying anything is the same thing, no? THAT is the basis of the thin blue line.
And this ignores the existence of internal affairs, whose whole purpose is to maintain accountability and reduce corruption.
Cops monitoring cops? Yeah right. Civilians need to monitor cops.
The view of the police as solely an evil or oppressive force is massively reductionist, and at least as naive as the view of them as being solely capable of good actions.
YMMV, your opinion may be different, but I choose not to trust a single one of them. If their own won't say anything because of their 'on the job' brotherhood', how am I supposed to know which one is good or bad?
This is false. Case in point: the first MD5 collision announced by Wang and his team in 2004 affected 2 data blocks of the same size. More generally, all cryptographically secure hashing algorithms are designed to output a hash as random as possible, no matter what the input size is.
A lot of posts are talking about the defendant as if he is a proven sexual predator... I think that even if he downloaded child porn on purpose and enjoyed it that hardly proves that he's a predator. There's a world of difference between a man who's intention is to masturbate to some pictures and a man who's intention is to find someone to rape.
Better a few guilty men go free on a technicality than allow officers to become a law unto themselves.
If innocence is no protection from the law, what incentive is there to be innocent?
I don't remember the source or exact wording, but I read that somewhere, and it seems appropriate.
Comment removed based on user account deletion
Comment removed based on user account deletion
That's actually a terrible argument. I mean, the last part is ok, but the paragraph preceeding it really does *not* make your case.
If you've actually got something to hide, you don't have much standing to complain. The protections aren't intended to give criminals the right to get away with stuff, so people getting caught for crimes they did commit, but otherwise wouldn't have been discovered is not a particularly compelling argument against an investigative tool.
Can you be Even More Awesome?!
Rodney King (Random example, not perfect, police scandals exist and have been documented throughout history), and your cover-up argument is moronic to begin with, given that what I was actually saying is that "Police do their job" isn't news. No one needs to hide or not hide it, it's just normal (or, at the least, expected/required behavior) and thus below the radar for non-malicious reasons.
My point is that the "Thin Blue Line" mentality you are talking about is not universal or inherent to police or police work. It is a problem WHERE IT EXISTS.
Acknowledging the possibility and existence of corruption is good. Saying "Oh, everything and everyone is corrupt and it's unfixable oh noes!" is worse than useless.
"maybe-underage girls" reminds me of an old joke I heard once.
A cop is driving his beat when he sees a car parked in a location commonly used by young couples for various forms of irresponsible behavior. He pulls up beside it, and walks up, and taps on the window.
Rather than finding the occupants engaged in anything untoward, he finds a man with a magazine and a young woman with a spool of yarn.
He asks the young man: "What are you two doing up here tonight."
The young man replies: "Well, I'm catching up on the financial times, and she's knitting a sweater."
The cop is a bit confused by this, but follows through with another standard question:
"And how old are the both of you."
The young man replies rather glibly: "Well, I'm 25, and in about 15 minutes from now she'll be 18"
Bull.
The fact is that there are so many laws on the books that, no matter how clean you are, someone could probably find some evidence that maybe you committed some kind of crime, even if only by technicality.
The protection against unreasonable searches is to prevent harassment. Without that protection, the police could just search your home and your computer on a regular basis, just because they didn't like you or didn't agree with your politics. If someone does that long enough, they can find some obscure law that you've technically broken even if it's something so innocuous that they wouldn't normally prosecute it, and go ahead and arrest you.
The purpose of the 4th amendment isn't particularly to protect criminals who are rightfully under investigation, and though it might protect law abiding citizens from embarrassment, that's not particularly the purpose either. The purpose is specifically to prevent agents of the government from harassing citizens, targeting particular people and digging through their lives looking for acts that might possibly be stretched to be criminal.
Law enforcement can't investigate people they think are bad until they find crimes, but instead they have to go the other direction-- investigating particular crimes until they find the guilty parties.
LOLCATZ -> KITTY PR0N
The dhs and local police showed up at my door, said a bad conversation was had with a minor.
I was perplexed, so I let them in, showed them my computer, out of terabytes of stuff they found an image, not a collection, AN _IMAGE_, i have no f**king clue where it came from. 4chan possibly......
So I signed the computer over, have heard nothing and am waiting to be cuffed at some point in the next day or so.
I will be leaving this country after time served, to fuck with being branded a witch (sexual preditor).
Even if they let ,me go and give my stuff back, I'm selling it all, and going to a third world country and building some massive data infrastructure.
FUCK AND JUSTICE FOR ALL, STUFF IT UP YOUR ASS, IT IS AN ILLUSION, NEED WE REHASH THE VOTES NOT BEING COUNTED
IF YOU HAVE SKILLS, LEAVE THE USA, THEY DO NOT VALUE YOU
The basic reason why what you propose is a horrible idea is because there are two outcomes to it:
1) Every officer who looks vaguely like they're acting improperly gets terminated and criminally charged. This might cause some problems with motivation, since doing anything opens one up to accusations of doing it improperly.
2) The punishments are insufficient to deter, and every so often a cop takes a fall to get "that guy we just knew was dirty". Note that the cop doesn't have to know he or she is going to take the fall, though he or she might if the punishment is lenient enough.
Bad idea all around.
pedobear approves this ruling
My point is that the "Thin Blue Line" mentality you are talking about is not universal or inherent to police or police work. It is a problem WHERE IT EXISTS.
Where else does it matter as much? Don't say government, because I don't trust them either. Those two aside, where else does it matter?
Acknowledging the possibility and existence of corruption is good. Saying "Oh, everything and everyone is corrupt and it's unfixable oh noes!" is worse than useless.
I don't think I said that. I said I didn't trust a single one of them, and I thought that there should be a better review. I do not think IAD is worth the time.
Hint: Both my parent work(ed) for a police department. I do have some insight into 'how things work', and I don't buy your utopian 'not all of them are bad/corrupt/silent' for a minute.
Free parking, ripped up tickets, or not bothering to even stop known 'on the job' and sometimes extending that privilege to families is an everyday occurrence. Not all that are -really- corrupt fall into that category.
That's a slippery-slope fallacy. There is no reason to assume that making an exception once, for a mild breach of procedure, in a case where the accused seems very likely to have committed the crime they're accused of, would inevitably lead to exceptions always being made for serious breaches of procedure in cases where the accused turns out to have been obviously completely innocent.
You are probably right that society as a whole is still better served by allowing guilty men to go free on technicalities, but you have not produced a valid argument to support that position.
cryptographic hashes don't collide so easily (not even the less than perfect md5 hash). File size is already accounted for.
The chances of a collision in the absence of malice are low enough that if the md5 of two files matches, the most likely explanation is that the contents (and lengths) of the files is identical.
Every officer who looks vaguely like they're acting improperly gets terminated and criminally charged.
Interesting theory. Does every officer who looks vaguely like they're acting improperly get evidence rendered inadmissible? No? Then you've got an interesting, clearly incorrect theory.
The punishments are insufficient to deter,
I'd prefer that the punishment be: "whatever a non-cop would get for the same crime". Breaking and entering, wiretapping, etc. are crimes. If our anti-wiretapping laws are sufficient to deter blackmailers, for instance, they ought to also be sufficient to deter jackboots. If they aren't, then that's a separate problem that needs to be fixed regardless.
and every so often a cop takes a fall to get "that guy we just knew was dirty".
Could be. And then we either end up with a crooked cop and a criminal getting punished (good and good) or a crooked cop getting punished while a clean suspect gets reparations (good and not good). Sounds like a win or a wash to me.
Note that the cop doesn't have to know he or she is going to take the fall
So your third theory is that the cops have the ability to frame each other for crimes but not to frame suspects? After all, if you can get someone to take the fall for something they didn't do, why wouldn't a crooked cop just do that to the suspect and cut out the middleman?
You sure? I'd like to see a proof of that. Speaking out of my ass really, but it doesn't seem logical to me. After all, MD5(b+pad2) still *is* an MD5 of an image file, call it c if you want. So MD5(a+ pad1) = MD5 (c). Perhaps I am missing something very obvious but I don't see how that can be true.
Where is that guy who'd die defending what I had to say when I need him?
Eh. "I don't trust a single one of them" seems pretty much in line with "Everything and everyone," and you didn't actually make any mention of better review in a fundamental way, just claimed that any review that is internal to the police force is worthless.
"Not all of them are corrupt" isn't utopian by a longshot; it's right down the middle. "They're all corrupt" is dystopian.
Have your parents been involved in every police department in every city in the world? This is part of the problem: people who have experience with some members of a group making sweeping generalizations.
Hi, I know it's an oft-used analogy, but it's false...
I feel fantastic, and I'm still alive.
I'd be with you on this if I didn't see thin blue line stickers on so damned many cars driving the roads in my area! I can sit at a light, look around, and often see at least one of those stickers placed on a vehicle around me. Speaking to someone I know who was married to an officer I got quite the education on how she had been let go out of speeding tickets and other infractions after first proving that she was married to an officer. The sticker is seen and infractions allowed to slide by. An officer who tickets someone who is "family" isn't treated well by fellow officers.... So yeah, I have an issue there. There should be NO distinction and yet there is - and a very clear one at that it seems.
Build it, Drive it, Improve it! Hybridz.org
I do have to say that this mentality IS a big problem in law enforcement, and does need to be dealt with. I'm just very uncomfortable with the "It's 100% of cops" aspect, and with viewpoints that only take into account the bad things police do, and ignore the actual services and benefits that police provide to citizens.
I think you should start smoking again.
What a pity, i have mod points but your already at -1.
Not as good as this guy though.
The problem with overly numerous laws, as you mention, is actually separate from the problem of overly permissive policing policy, even though they are both exacerbated by the other.
Can you be Even More Awesome?!
Care to provide us with two files that have the same md5 and are images?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
It's not about dishonesty by police, but stopping harassment of citizens.
On the contrary, it is indeed about dishonesty by the police. Have you heard of the abuses by the members of the LAPD Ramparts division? They terrorized and tortured anyone they wanted. They carried "throwdown guns and knives" to plant on anyone they executed as a reason to claim their lives were in danger. They were as corrupt as anyone outside the present administration.
Cops in general have it far too easy -- whatevr errors they commit are usually dismissed with a wave of the hand and an assertion that "they were acting in good faith."
An ungodly number of boats, cars and homes have been seized in Florida by corrupt cops who carried a little pot to cast into a corner to be "detected" by drug sniffing dogs. And all because of some fucked-up, purchased legislators who wiped their collective asses with the due process clause when they allowed preemptive seizure of "presumed fruits of drug trafficking" with no meaningful due process.
The first thing they should be doing in these cases is to corral every god-forsaken cop who has had access to the property and scope thm out with the drug sniffing dogs. Only if they come up clean should they be allowed to check out the property in question. And there should be no allowance for bullshit excuses like "the poor dumb cop must have stepped on the property owner's pot during the initial investigation."
Resilient sure, but collisions can still occur with any hash, no matter that the possibility is extremley remote. There's already a flawless way to see if two files match - diff. MD5s should be used to streamline the investigative process, not as a proof of guilt.
Oh, and some disagree with your analysis.
In addition, the 128-bit output is arguably not long enough to make generating collisions using a birthday attack infeasible.
Another post in this thread also noted that you can generate a collision with identically sized files.
What about MD5 collisions? I know that the probability is really, really small. But can you really prove something with a match between two md5 hash ?
Actually, the hash function already includes the file size. The padding algorithm for all widely used cryptographic hashes uses the byte length of the file as part of the padding.
So, simply using a longer hash function is a much better way to reduce false-positives. SHA-256, for example, would make the chances of collision on the order of 2^(-128). SHA-512 or Whirlpool would result in collision probability of 2^(-256).
They're not proof of guilt, just used to streamline the investigative process.
While I agree that computing MD5 hashes constitutes searching, one of the useful properties of doing that first is that it's less invasive than looking at all the individual images on the hard drive. It's also less time-consuming.
The major motivation for MD5 hashing is that the database of known child pornography is not distributed in its entirety to every state and local investigative group. The database of hash values, however, is. If there are files on the investigated machine whose hashes match hashes for known CP files, then further investigation is done.
If you tried to convict someone based off of a hash match, and the files didn't actually match bit-for-bit, any competent defense lawyer would be able to kill the value of that "evidence".
just claimed that any review that is internal to the police force is worthless.
I am in favor of civilian review. I am in favor of harsher penalties for those who break the same laws they are tasked with enforcing.
This is part of the problem: people who have experience with some members of a group making sweeping generalizations.
If I would only see a police officer driving normally, it would go a long way towards changing my mind. However if the simplest of traffic laws are not important enough to be adhered to or enforced there really is no evidence to suggest that other laws are either.
I do respect your opinion, but I don't consider my choice to be terribly moonbat-ish. I have a lack of faith in the system, a lack of trust for the relatively unsupervised and unaccountable officers, and a very little voice in changing that. My only recourse is open distrust.
That is close to your comment a post or two ago, but without the 'flapping my arms, yelling at the rocks' slant I inferred from that comment.
An excellent point as well. I was attempting a more general argument, as it seems that there's a growingly popular perception that government can do no wrong.
Specifically though, I saw a local news report interview a local sherrief, how said exactly what you have stated. The sherrif then proceeded to push for police to protect children from strangers and the need for the Amber alert system. It was truely mind boggling that he felt police efforts and resources were best spent going after the 3% of strangers that would abuse a child and not the families.
It's similar because, honestly, my position is the same. You're still arguing for a fairly dystopian view of law enforcement in total, and I still don't buy it.
For instance, while I don't know if there is a particularly bad set of cops where you live, I've seen plenty of cops driving normally. I've also seen them speeding and/or ignoring traffic laws.
What I've seen much more often is them obeying traffic laws. But what's much more memorable is them not obeying traffic laws, because it stands out.
Also, I'm not seeing where I have been rude or irrational in this thread, and I'm sorry if you've felt yelled at.
Also, I'm not seeing where I have been rude or irrational in this thread, and I'm sorry if you've felt yelled at.
You haven't been rude or irrational. I'm not upset. The quote I inferred the ranty-arm-flapping from is this:
Saying "Oh, everything and everyone is corrupt and it's unfixable oh noes!" is worse than useless.
The mental picture "ohnoes!" has a story that I associate. I've said that in the past on purpose, complete with arm flapping along with something about stoleded megahurtz.
Although we disagree in outlook, and philosophy to an extent, its been an enjoyable, thought-provoking discussion from my point of view.
Did you even read the parent post? I don't think you did. Certainly nothing you said indicates you did.
A match of a legitimate image that was intentionally planted to match an illegal image who's hash is in the database has nothing to do with chance at all.
The reason people oppose these types of things isn't because they support child molestation and child pornography. It's because they understand how easy it is to falsely accuse somebody, and how effective that would be at removing the target from society. Nobody wants to be that guy who had his life essentially ended due to a false kiddy porn rap.
Glad to hear it.
Occasionally my desire to inject humorous phrasing into my slashdotting backlashes on me ;-)
I did account for the weaknesses of md5. To achieve the collision, one has to have the ability to control or modify both images. The file you linked managed to do it because they could just add garbage onto the end of an executable. Even if you could enter it into the database, the first thing that I would compare to check if two files are equal is if they are the same size. It's completely obvious and simple. Your attack may work in theory, but it would never work in practice.
That's an interesting argument, and I can see your point. One issue I could see with it though is that for serious crimes like murder or child pornography, the cop might be more willing to violate the constitution to catch the person... assuming they're guilty.
This could lead to lots of cases of cops violating the constitution with an "ends justify the means" mentality, unless we also put some pretty harsh punishment on violating rights.
Really, I think we'd end up with just as many people locked up as we have now, only half of them would be cops who decided it was worth it to push their luck.
+++OUT OF CHEESE ERROR+++ REDO FROM START +++
My argument is that maybe the reason they couldn't or didn't bother to get this warrant is because the evidence wasn't trustworthy anyway.
Well, no.. because, you could always throw out the evidence because the chain of custody wasn't there. A broken chain of custody of evidence is independent of the warrant issue. What's going on here is that the defendent abused the 4th amendment to avoid the argument of chain of custody. Instead the police are going to the jury compelled to -lie- about the situation, and the truth is, there -is- evidence with a dubious chain of custody. Justice is about truth and your position of the 4th amendment compels dishonesty.
This is my sig.
I'd like to add another scenario:
Your innocent 16 year old daughter? Yeah. She wants attention too. And she's not above showing her tits off on 4chan with the camera she borrowed from you without you even knowing.
Now explain why you have these pictures of your daughter which are clearly taken by your camera -- both EXIF info and the fact that portions of the pictures are recoverable off your SD card.