Slashdot Mirror
US District Court Says Calculating a Hash Value = Search
bfwebster writes "Orin Kerr over at The Volokh Conspiracy (a great legal blog, BTW) reports on a US District Court ruling issued just last week which finds that doing hash calculations on a hard drive is a form of search and thus subject to 4th Amendment limitations. In this particular case, the US District Court suppressed evidence of child pornography on a hard drive because proper warrants were not obtained before imaging the hard drive and calculating MD5 hash values for the individual files on the drive, some of which ended up matching known MD5 hash values for known child pornography image and video files. More details at Kerr's posting." Update: 10/28 16:23 GMT by T : Headline updated to reflect that this is a Federal District Court located in Pennsylvania, rather than a court of the Commonwealth itself.
The courts are finally getting up to speed on technology.
"Ein Volk, ein Reich, ein Führer." -Adolf Hitler
"We are one Nation, we are one People." -The One 'leader'
you can't generate md5s w/o actually looking at all of the data in the file.
Slashdot janitors are of no use.
Why the hell are the stories pushed all the way down to the bottom of the page in Firefox 3.0.1?
The Sections menu and the Slashboxes are taking up a lot of real estate and leaving dead space to scroll through to reach the submitted articles.
This sounds like the worse possible way to search for kiddie porn, because a suspect who wanted to conceal his activities could just change a single pixel, and the entire hash would change. They would need a signature method that doesn't change dramatically when a single bit changes, like something based on a frequency analysis.
Palm trees and 8
Hash is ~$30/gram depending on quality. Seems like those folks in PA have been smoking something else if they thought they needed to calculate an emmm-dee-five.
The guy whose computer was searched, abandoned the computer and gave up any rights at that point, the person who found the porn was computers new owner. Just like any trash tossed out becomes public domain, there should have been zero expectation of privacy at that point. I am not a legal scholar, but I do not see how the 4th amendment applies here. It would be no different than if this was a diary in a different language and the person who inherited the diary found a translator, upon finding criminal evidence it would be fully admissible.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Moreover, you should probably run ImageMagik on all your files anyway (assuming they are images) to confound any md5 checking. For video, you can transcode it to the same effect.
Don't be stupid. I am NOT advocating "child porn", but knowing whether a model is 17 or 18 is not something I would want to risk going to jail over.
Anyone who's not talking out their ass care to comment on this?
Calculating hash values isn't search. Calculating them and comparing them to a database is. Not only is it quite clearly search (searching for files that match known MD5 signatures), it's hard to imagine another way to describe it without being deliberately obfuscatory.
...are like a mistaken identity sitcom waiting to happen--especially when that mistaken identity is a pedophile. I mean, they've covered that in probably like four Seinfelds, three Curb Your Enthusiasms, and a couple of Arrested Developments, right?
"The enemy knows the system" --Claude Shannon
It would be really scary if I junked a computer and months to years later someone might accuse me of child porn.
Wouldn't you have to prove exatcly where the hard drive was and who had custody of it all all times?
Sounds kindof like those people who give away a junker car without getting the new owner to properly take the title. The new owner gets into a hit-and-run and the state goes after the person who is the owner of record.
It's not that child pornographers shouldn't be prosecuted, but like it or not, they're still entitled to the same due process as normal, "non-pervert" criminals. This "it's for the children" stuff shouldn't fly when we claim to follow the rule of law
The law exists to serve the public good, and if the public loses confidence in that law, then we have no law at all.
"It's for the children" stuff is not some abstract thing that you can so handily dismiss. With this decision, the courts have just given license to all of those who kidnap or exploit children to make this pornography, by giving them a cash cow.
How would you feel about this man if it was your child's photograph on this man's notebook.
Quite honestly, the judicial tradition of suppressing evidence entirely because it was produced without a proper warrant is absurd. The man was clearly guilty and the evidence was there. Instead, fine the police for doing the wrong thing, take it out of their pay, but, still keep the evidence.
This judiciary system is madness.
This is my sig.
Comment removed based on user account deletion
"some of which ended up matching known MD5 hash values for known child pornography image and video files." Wait, so law enforcement has a database of kiddie porn and kiddie porn md5's? Some perverted bureaucrat found himself the right job.
"A claim for equality of material position can be met only by a government with totalitarian powers." Hayek
Yes, I would qualify parsing someone's file system into file sized chunks and processing them bit by bit and feeding that data into a hashing algorithm as searching.
When I submitted this story, I gave it the headline "US Court:...". Someone changed that to "PA Court Says...". That's wrong. This is a ruling from a US District (Federal) court, not a Pennsylvania state court, and so carries much more weight. ..bruce..
Bruce F. Webster (brucefwebster.com)
Comment removed based on user account deletion
If they mantain such database, I would expect that ISP filters in some countries also check on traffic and compare against this database.
I wonder how many unsuspecting downloaders were caught this way. (there are many of them who probably know how to never get caught though).
Still, all this pedophilia hype shows how effective society can be at censoring certain information.
Unless there is more to the story, which is not obvious from the RTFA, the evicted party forfeits the rights to what they chose to leave behind during the eviction. I am a firm believer in due process (14th) and in the 4th amendment, but again, I do not see how they apply here. In this one rare case court seems to have gone overzealous on the technological aspect of the case.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Comment removed based on user account deletion
...we speak of finding now inadmissible evidence that someone is collecting/distributing child porn, and you guys tag it as "suddenoutbreakofcommonsense". Really, people.
BeauHD. Worst editor since kdawson.
What good is a phone call if you're unable to speak, Mister Anderson?
From one of my journals last year:
It also journals an attempted drug bust ("attempted" because there were no drugs).
Yeah, this SOUNDS like good news, but so long as law enforcement and the legislature holds the Constitution in the utter contempt that they do, it doesn't really matter what the court rules.
Liberty? What Liberty?
Free Martian Whores!
Comment removed based on user account deletion
The biggest issues I see with going 4th amendment rights on this is the fact that the defendant doesn't own the computer anymore. From the article he lost it because of problems not paying rent. It changed hands to an uninvolved third party who noticed the files were on, now his, computer. He did what I would see as the right thing reporting it. He allowed the policy to look over the computer.
Does it count as a search? Yes without a doubt.
Does it break 4th amendment rights? If it still belonged to the defendant, sure, but it didn't at this point.
don't child porn creeps and ordinary privacy obsessed /. ers have a utility whihc automatically changes any file of type x so that the hash changes ?
I don't know anything about computing, but it can't be that hard to have a utility which automatically edits any .tif or.doc or .mp4 so that the MD5 hash is changed ?
Even if he thought the search was ok, if he wasn't 100% sure, the DA was just giving himself a second chance to win by arguing it wasn't a search at all. He wins if either argument holds up, so why not make both? (And he has to make them in that order; you can hardly argue 'the search was legal, and also, we didn't search it'.) This is standard legal tactics.
It's a Redundant Array of Independent Arguments.
But since anyone can manufacture files that match known MD5s, the minute said "Child-porn hash database" gets published (which, if you look hard enough, they already have been), all bets are off.
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
Not only did they search the drive without a warrant, but they also got the defendant to confess to putting the files there by questioning him without reading his rights and telling him that he didn't need an attorney. Genius.
Even dumber: Based on the testimony of the guy who originally found the child porn, they could have gone to a magistrate and gotten a warrant. Then there would have been no issue of a warrantless search.
BTW, for those considering the abandoned-property angle -- the court goes into that. It wasn't a legal eviction and the defendant hadn't abandoned his stuff; he merely hadn't removed it all yet.
The asterisk was supposed to link to the Fourth Amendment comment at the bottom... I've really got to proofread my own stuff more often.
Before commenting on the Bible, please read it first
Because a lawyer's job is to make the strongest argument. The stronger argument is that the person who "owned" the computer called the police. The question then becomes did the owner give the police proper permission. If they did, then that's the strongest argument. If they did not, then they went with this argument because it's all they had.
And if someone screwed up, that person needs to be slapped around for not following proper procedure.
"All great wisdom is contained in .signature files"
Comment removed based on user account deletion
the same sort of people don't give a shit that future generations will have to clean up the crap we're putting out.
"Think of the children but only while it doesn't affect ME!" is the *real* cry.
I haven't read the whole opinion, because IANAL, and I hate the bloviating that goes on in them.
It seems, though, that if the property was forfeited by its original owner, and the new owner of the property provided it to the police because of things that the previous owner did to it, there should not be a legal issue.
It's kind of like when Paris Hilton failed to pay the rent on her Public Storage (or whatever) space, and the landlord sold the property inside. When the nudie pictures and private journals inside were made public, she had no legal recourse because it was NO LONGER HER PROPERTY by virtue of her non-payment of rent and the statutory forfeiture of the contents of the space.
Then again, I just tried to cite Paris Hilton in a legal argument. Whatever...
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
But the recent civil forfeiture provisions for copyright infringement they're trying to get signed (maybe already signed?) into law will allow them to do the same thing. The Feds can already seize your property on the mere suspicion that it is being used for illegal drug activity, and are not required to even file charges. When said seizure happens, the burden of proof is on the owner prove that it wasn't used for illegal activity.
The society for a thought-free internet welcomes you.
It wasn't a legal eviction, that's why that argument wasn't invoked. In effect, the computer was stolen. The defendant even reported it as stolen way before the child porn was reported.
It is a massive cock up by the police. If they had done things by the book it might have been alright, but to be honest I think the chain of custody of a stolen PC would pretty much erase any case they would have.
The biggest issues I see with going 4th amendment rights on this is the fact that the defendant doesn't own the computer anymore. From the article he lost it because of problems not paying rent. It changed hands to an uninvolved third party who noticed the files were on, now his, computer.
It's also impossible to prove that anything found on the computer is anything to do with the defendant. The rent dispute is an obvious motive for the former landlord to take all sorts of malicious actions.
The question of whom generated the illegal content then becomes an issue in my mind. Seems that there were at least three other people who have likely had access to the computer (Landlord, Sell, Hipple). So what's to say one of them wasn't downloading illegal content.
Moreover, let's say that the landlord has long-standing issues with the computer's owner (heck, I don't think you can just *seize* property anyways without a court order???), so he gets Sell or Hipple to plant a little "evidence" against his disliked tenant and then call it in.
My question would be: what if the age of the girls themselves is in question. Does that mean that the jury has to review a ton of nasty pictures and make the assessment, or is the testimony of an "export" good enough?
Jury duty in those cases would really suck. But then again jury duty on any cases involving kids as victims probably isn't very pleasant.
This sounds like a good ruling to me at first blush.
The functional effect of an md5 hash is effectively equivalent to taking a photograph if the item were something visual. Consider the following hypothetical:
Why would the police, having this power, not just prospectively photograph all aspects of everything all the time "just in case"?
An md5 hash is weaker than a photo because there are other things that could decode to the same hash, but for the most part what it will do is serve as a way of telling that nothing changed, and in fact will be a way of verifying that the image you're looking at now is "reliable" (to some degree) as a picture of what you had before. And so in effect, it's a way of (almost) getting a picture of what you had before--certainly it transforms a picture of what you have now into something that can be claimed to be a picture of what you had before. And so it's a way of reaching into the past and creating evidence at that time and, constructively, it amounts to the taking of evidence before-the-fact.
It's often hard for people to understand why that's bad, since it falls easiliy prey to the "if you have nothing to hide, why do you care?" argument. But it depends on what you value about a free society. If you're comfortable with the idea of police searching your house any time they want just because they're not going to find anything, I guess there's no issue. But me, I don't even like my friends rummaging my house. I value the concept of privacy as an intrinsic thing.
Naturally we all want the "evil doers" brought to justice, and this case probably troubles most people, but the issue is that it sets a precedent that's usable in other cases, and you don't want that precedent to be that just because it was convenient to get one guy on one day, all of our rights suffer forever after. So I'm happy that it sounds like there was a conservative ruling on this. (Where I mean "conservative" in the traditional meaning of the word, not the neocon meaning.)
Kent M Pitman
Philosopher, Technologist, Writer
It's so refreshing to read slashdot and hear intelligent reasonable rational people who are concerned with the freedom and legitimacy of the American Republic. God Bless Slashdot and God bless America.
http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycounty/story/A5DA99A5DC85587B862574F0000EB107?OpenDocument
I wish I could remember the author and book name but I can't so take this as anecdotal until someone comes up with references.
A while back, there was a book getting some attention on CSPAN and in the literary and legal press that posited warrants were not conceived as common things. A warrant, so the thinking went, would indemnify the police from damages if they searched an innocent party. If the police searched someone without first getting a warrant and that person turned out to be guilty, then the search was fine in a "no harm, no foul" sense. If the police did not get a warrant and searched someone innocent, then the person searched would take legal action and be directly awarded large penalties from the police.
The position of the book was that warrants were originally conceived to be rare things, only gotten when there was an edge case where the police reasonably suspected wrongdoing but weren't absolutely sure of their facts. Supposedly, if the police were absolutely sure, they should be free to go ahead and kick in doors. Generally, though, the police were assumed to be unwilling to do so in any but the most obvious cases because to do so incorrectly would bring major penalties down on their heads.
The book cited old English and colonial cases where police made mistakes and courts then ordered the police to directly pay damages to the former suspect.
Such a system could have worked back in the day. Nowadays, not so much. So much of what is illegal these days is invisible or not easily discernible that the need for warrants, even under the old criteria, is huge. Add to that the common practice of police not acting with integrity (I came of age in Houston, Texas in the 1970s. If you learned to deal with cops in that time and place, you'll never, ever, ever trust any cop to tell the truth about anything. You will forever assume that any evidence found by cops was planted. Period.), and the whole "Cops won't hurt innocents because they're afraid of the repercussions" notion simply falls apart.
I said all that to say this - I have some appreciation of the reasonableness of the attitude that if evidence of a crime is found, it doesn't really matter how it was obtained. On balance, I don't agree with that position but I do believe that it should not dismissed out of hand. It has some theoretical merit. It has no practical utility these days, but the theory isn't all crap.
Couldn't this be a precident that affects anti-piracy taskforces, as Bittorrent uses Distributed Hash Tables, which are a form of MD5 Checking if I recollect correctly. So in order to catch someone seeding something illegal they have to get a warrant to even delve into the DHT stream?
-Thomas maerz HKEY_LOCAL_MACHINE
"Oh won't someone please think of the children!" - Helen Lovejoy
"I'm a well-wisher, in that I don't wish you any specific harm."
That sort of law varies from state-to-state, with various time limits on it.
Incidentally, evicting someone from their apartment requires calling the police in many jurisdictions, even if they aren't residing there anymore. You have to fill out forms and the police have to formally turn the abandoned property over to you and whatnot. You can't just call it abandoned and randomly sell it. There are procedures you have to follow, like trying to contact the person.
It really sounds like this landlord was operating in violation of the law. I don't really know what's happening, but the story, as told, seems to be glossing over the legal aspects of this.
If corporations are people, aren't stockholders guilty of slavery?
I don't see how the issue of exactly *how* the drive was searched by the police matters all that much. The thing that troubles me is the way they got their hands on the drive to begin with. It was given to the police by a third party. One that had an ax to grid against the accused.
Imagine if I want to crucify my tenant, what I do is go in, grab his computer, fill it full of bad stuff and then hand it to the police. You'd think the police would think twice about where the stuff is coming from and whether it is legitimate evidence in the first place. My take is that it is no more evidence against the accused than against the landlord or his accomplice.
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
H. L. Mencken
Not quite. Actually, until they get due process, they ARE normal; they're called citizens.
The same judge also said:
A hard drive is not analogous to an individual disk. Rather, a hard drive is comprised of many platters, or magnetic data storage units, mounted together. Each platter, as opposed to the hard drive in its entirety, is analogous to a single disk as discussed in Runyan.
Which is thoroughly asinine.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
You people cast yourself as a minority, and here I am with -17 karma on this thread... the outrage and mob is you guys, demanding that the police be hobbled at every turn, no matter how ridiculous. Your position is the popular one, and dogmatic.
I argued that letting a bad guy go because the cop screwed up is a losing proposition. You let the bad guy go and did nothing about the bad cop. What good did this decision serve, other than to let bad guys go?
The fact of the matter is that the undercurrent of this argument is in fact where you value children. Plenty of people had no problem with hacking into Sarah Palin's emails, which is a clear mob behavior - hey, she's bad, let's break into her house, which is what you people supported. But, god forbid, someone goes and finds kiddy porn on the notebook, and you want to let the guy go because your constitution has been trampled. That's just crazy talk.
If the constitution is a living document for the left wing, it is a living document for the right wing too. If you can trash the 1st amendment and the 2nd amendments, and the commerce clause, then certainly other people can trash the constitution in ways they see fit.
Ultimately, the whole point of this board is to prove that the constitution is NOT a living document. It is a treaty among the states and the people and you cannot lightly alter its terms to affect the pet causes. But, if the left wants to have the supreme court impinge upon the states in any manner of causes, grant congress the right to redistribute wealth, or any of its other causes, in the name of social justice, then I'm sorry, but we on the right are going to throw child molesters in jail, even if the cops bend the rules from time to time.
This is my sig.
No clear chain of custody for the evidence. Sell, Hipple, and the landlord all had access to Crist's computer; any one of them (and anybody else who had access to the apartment) could have placed the images on the hard drive. The landlord even had a motive for getting Crist in trouble -- not paying your rent tends to piss people off. That being said, if Hipple claimed he saw kitty porn on the drive, that should have been sufficient cause to get a search warrant -- the cops messed up by not following proper procedures.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Seems like a no-brainer. the process of generating the MD5/SHA/etc is going to require you to scan the contents of the files. Sounds pretty invasive to me. Maybe I don't see the significance of this ruling?
“Common sense is not so common.” — Voltaire
A lot of posts are talking about the defendant as if he is a proven sexual predator... I think that even if he downloaded child porn on purpose and enjoyed it that hardly proves that he's a predator. There's a world of difference between a man who's intention is to masturbate to some pictures and a man who's intention is to find someone to rape.
Comment removed based on user account deletion
Comment removed based on user account deletion
"maybe-underage girls" reminds me of an old joke I heard once.
A cop is driving his beat when he sees a car parked in a location commonly used by young couples for various forms of irresponsible behavior. He pulls up beside it, and walks up, and taps on the window.
Rather than finding the occupants engaged in anything untoward, he finds a man with a magazine and a young woman with a spool of yarn.
He asks the young man: "What are you two doing up here tonight."
The young man replies: "Well, I'm catching up on the financial times, and she's knitting a sweater."
The cop is a bit confused by this, but follows through with another standard question:
"And how old are the both of you."
The young man replies rather glibly: "Well, I'm 25, and in about 15 minutes from now she'll be 18"
The dhs and local police showed up at my door, said a bad conversation was had with a minor.
I was perplexed, so I let them in, showed them my computer, out of terabytes of stuff they found an image, not a collection, AN _IMAGE_, i have no f**king clue where it came from. 4chan possibly......
So I signed the computer over, have heard nothing and am waiting to be cuffed at some point in the next day or so.
I will be leaving this country after time served, to fuck with being branded a witch (sexual preditor).
Even if they let ,me go and give my stuff back, I'm selling it all, and going to a third world country and building some massive data infrastructure.
FUCK AND JUSTICE FOR ALL, STUFF IT UP YOUR ASS, IT IS AN ILLUSION, NEED WE REHASH THE VOTES NOT BEING COUNTED
IF YOU HAVE SKILLS, LEAVE THE USA, THEY DO NOT VALUE YOU
pedobear approves this ruling
You sure? I'd like to see a proof of that. Speaking out of my ass really, but it doesn't seem logical to me. After all, MD5(b+pad2) still *is* an MD5 of an image file, call it c if you want. So MD5(a+ pad1) = MD5 (c). Perhaps I am missing something very obvious but I don't see how that can be true.
Where is that guy who'd die defending what I had to say when I need him?
Hi, I know it's an oft-used analogy, but it's false...
I feel fantastic, and I'm still alive.
Not as good as this guy though.
The problem with overly numerous laws, as you mention, is actually separate from the problem of overly permissive policing policy, even though they are both exacerbated by the other.
Can you be Even More Awesome?!
College-Pages.com - Online Colleges, Degrees, and Programs
What about MD5 collisions? I know that the probability is really, really small. But can you really prove something with a match between two md5 hash ?
My argument is that maybe the reason they couldn't or didn't bother to get this warrant is because the evidence wasn't trustworthy anyway.
Well, no.. because, you could always throw out the evidence because the chain of custody wasn't there. A broken chain of custody of evidence is independent of the warrant issue. What's going on here is that the defendent abused the 4th amendment to avoid the argument of chain of custody. Instead the police are going to the jury compelled to -lie- about the situation, and the truth is, there -is- evidence with a dubious chain of custody. Justice is about truth and your position of the 4th amendment compels dishonesty.
This is my sig.