UK Cops Want "Breathalyzers" For PCs

An anonymous reader writes "One of the UK's top cyber cops, detective superintendent Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers, a simple tool that could be plugged into a machine during a raid and retrieve evidence of illegal activity. McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."

So they want GOV spyware?

[Joe+The+Dragon]

So they want GOV spyware? They will still need people to look at the data.

Re:So they want GOV spyware?

[blueg3]

Good job managing to misread the summary.

Re:So they want GOV spyware?

[sexconker]

What?
It's an apt post.
Spyware snoops around and grabs whatever it finds and deems to be unbecoming of a law abiding computer user.

They then hand that off (and the pc itself, likely) to a group of people who will do the analysis.

The post above you implies that this tool will not be of much actual help, and I agree. A "clean" report from the tool means nothing, and for any actual raids the computers will still be combed over by a forensic team. Any "dirty" report from the tool will result in the same outcome.

What this is really about is passing the buck and keeping face - the cops don't want to look incompetent, so they create this tool and publicize it.
Any failure of the cops will be blamed on the tool still being a work in progress, hackers actively working against the tool, etc.
Any responsibility on the part of the cops will be passed off immediately to the forensics teams. When the tool gives out a "dirty" report, the cops will fill out the green "Suspicion of Illegal Digital Bits on Electrical Personal Computing Device" form and hand over the report and the pc to the forensics team.

Once the tool is accepted as good and trustworthy, departments will find any excuse at all to use them to harass and extort money from the public.

Noise complaint?

Let's bang on the doors, give them shit, and check their computers for illegal activity. You just KNOW that music isn't paid for.

No, sir, since we heard music from the street, and we clearly can see you have a computer, and sound system, and a lack of physical CDs/tapes/records, in plain sight. We have reason to believe a crime has been committed. We don't need a warrant to perform a cursory search. If the search turns up anything, your equipment will be confiscated as evidence.

Re:So they want GOV spyware?

McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer.

I misread the article myself and thought "Wow, they need to breathalyze the cops before they even investigate computers?"

Re:So they want GOV spyware?

[Yetihehe]

Actually, if you can hear music from the street, it can be called "unlicensed public performing/playing".

Re:So they want GOV spyware?

[ATMD]

The summary suggested two things to me: either they have a problem with PCs (Police Constables) being drunk on the job, or they want to reimplement Google's "mail goggles" for some reason. Fortunately the summary clarified things somewhat.

I think it's a good idea, if executed responsibly: if they have a warrant to raid a property anyway, then a handy program on a USB key that automatically scans for things like kiddie porn or databases of credit card numbers seems like a pretty good idea. I'm for it as long as it doesn't try to install itself on the machine and keep watching the user even after the cops have gone away.

Re:So they want GOV spyware?

[LingNoi]

I think it's a good idea, if executed responsibly: if they have a warrant to raid a property anyway

Just like when they had a warrent to raid the minister of parliament's office?

lol, yeah like not having a warrant has even stopped them.

Re:So they want GOV spyware?

[ATMD]

Assuming the rest of the system is functioning properly, I think it's a good idea. If we start to see events like the warrantless raiding of Damian Green's office becoming commonplace, I think irresponsibly designed "computer breathalysers" will be the least of our worries.

Re:So they want GOV spyware?

[blueg3]

Conducting a search due to a crime in progress or evidence in plain sight is significantly more difficult -- at least in the US -- than you make it out to be. Never mind that copyright infringement is, except in a few cases, a civil matter and not criminal (meaning the police cannot investigate it, and could not possibly claim there was open evidence of a crime).

The problem with the original post is that it called the desired tool spyware. Spyware has a particular meaning: it is software that is installed surreptitiously (or installed intentionally under the auspices of legitimate software) that actively monitors or alters the computer's actions and/or your interactions with it. What they want is actually a first-response forensic tool, where when they serve a warrant for the seizure of computers, they can run first run this tool to quickly scan for obvious evidence of interest, rather than simply conveying the seized computers to a forensic lab.

In other words, it's very much like a breathalyzer, whereas spyware is somewhat more akin to a network of cameras with automated behavioral monitoring software in a mall.

Re:So they want GOV spyware?

[d3ac0n]

Indeed. Wouldn't it be more helpful to just HIRE a Computer Forensics Department? I'm sure there are plenty of CS guys would wouldn't mind bustin' some bad guys CSI style. Heck. If it paid well I'd take the job.

As long as I got a shiny badge. ;)

Re:So they want GOV spyware?

[sexconker]

The cops can and will search and bust you with a reasonable suspicion / in plain sight excuse SO easily. Yes, in the USA.

Do you really think that such a tool, if created, would not be spyware?

Spyware has no particular meaning. Malware, Adware, Spyware, Greyware, Foistware, Crapware, Bloatware, etc. have all been coined in a feeble attempt to classify and categorize programs. There is no official designation or definition.

The term is a merging of the word "spy" and the word "software". Literally, spyware is software that spies. What is spying? Spying is looking for and collecting information, often secretly.

Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?
Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?
Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?

You jumped at the chance to shoot someone down and farm some karma by accusing them of not reading the summary.
In doing so, you missed the point of the post entirely (that people will still need to look at the data).
I called you out on it.
You got pedantic, saying the problem with the original post was the use of the term "spyware".
I'm calling you out again.

Re:So they want GOV spyware?

[Neanderthal+Ninny]

... McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer.

This is skill issue so they should send some of the cops to school to learn about forensics for computers.
They should not change how computers works to make it easier for cops to read your data. Also this will make your system easier to criminals to read your data also.

Re:So they want GOV spyware?

[severoon]

Let me get this straight. McMurdie is basically saying, We need a pervasive technology solution to compensate for the fact that I have the wrong and/or incompetent personnel.

Yea....

Re:So they want GOV spyware?

[phillips321]

Sadly if you were part of the police they'd expect you to take some kind of fitness test. The problem is the majority of geeks only have decent muscles in their fingers and right hand (from the mouse of course).

Re:So they want GOV spyware?

[blueg3]

Spying is the surreptitious gathering of data. If you're doing it openly, it's investigation.

You're apparently defending someone out of boredom. They clearly didn't bother reading the summary very well, since they miss both the approach (it's not spyware) and the point (it doesn't matter that people will have to look at the data).

"Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?"

To my knowledge, they're not required to if they're conducting a search under a warrant.

"Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?"

That's certainly not the motivation for the creation of the tool. If they wanted to monitor you surreptitiously, it's not that easy, and requires trained personnel -- who can already do such things without the creation of such a tool.

"Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?"

It's actually a requirement of forensic software, if evidence gathered by it is to be used in court, that it modify the machine it's used on as little as possible and that these changes are well-documented both in general and on a per-investigation basis. A software tool that leaves traces on your system is worthless.

Re:So they want GOV spyware?

[spazdor]

To my knowledge, they're not required to if they're conducting a search under a warrant.

And to my knowledge, in the US search warrants usually have to specify what in particular they're looking for and where they're looking.

Re:So they want GOV spyware?

[sexconker]

Spying is often done in secret, not always.
And investigations aren't done openly, idiot, especially when you're in the gathering evidence phase, which is what the tool is wanted for. This is why we have stake outs and undercover cops.

TFA and TFS state that they want to use the tool to speed up the analysis of computers.

People will still have to look at any data found, so this will not speed things up any, if at all since they're going to be using the tool on machines seized in raids.

Re:So they want GOV spyware?

"It's actually a requirement of forensic software, if evidence gathered by it is to be used in court, that it modify the machine it's used on as little as possible and that these changes are well-documented both in general and on a per-investigation basis. A software tool that leaves traces on your system is worthless."

He didn't ask what the requirement was, he asked what you believed would happen. Radar guns are supposed to be routinely calibrated and cops are supposed to be routinely trained in using them. Roads are supposed to be routinely measured and analyzed to determine speed limits. Cops are supposed to routinely undergo psychiatric evaluations, gun training, etc. It doesn't happen, and there's no accountability.

Standard forensics practice is to clone the drives and work on the cloned data. This is about cops wanting a quick tool, NOT what forensics people do. As such, it would not be considered a forensics tool.

"That's certainly not the motivation for the creation of the tool. If they wanted to monitor you surreptitiously, it's not that easy, and requires trained personnel -- who can already do such things without the creation of such a tool."

The motivation of the tool is to gather evidence. If you think ethics or the law come into play with how the cops treat people when they're trying to get a conviction, you've never dealt with the cops, especially cops who are looking to pawn off work on others and are openly claiming ignorance in dealing with computers.
Spyware requires trained personnel? Doesn't seem to stop all the spyware on the internet from being developed and updated constantly. How can they monitor you surreptitiously without the aid of such a tool? The goal here is to dig through computers for evidence of illegal activity, such a tool used surreptitiously, as you suggest, is spyware. If they used something to do that instead of using this proposed tool, then what is the distinction between what they already do, and the new proposed tool? What would be the need for the new tool, if, as you suggest, they already have tools to do this?

"To my knowledge, they're not required to if they're conducting a search under a warrant."

Exactly, and therefore, what they do, would be spying. Thus the tool, under YOUR definition, is spyware.

Re:So they want GOV spyware?

[Dan541]

Just disable your USB ports.

Re:So they want GOV spyware?

[ozmanjusri]

So they want GOV spyware? They will still need people to look at the data.

They're not trying to make spyware.

What they're suggesting is an extension of ECU's Image Preview System (SiMPLE) and Laptop Inspector And Recovery System (LIARS) live CDs.

They want a simple, forensically valid tool for quickly checking computers in situ. Presumably it'd be something like a version of SiMPLE which had an interface for choosing what to inspect on the target machine (ie, Kiddie porn, chat logs, financial docs, etc). The cops on site would use the tool to quickly screen any computers they find/suspect, then take any positives back to a better-equipped lab for proper analysis.

Re:So they want GOV spyware?

>. We don't need a warrant to perform a cursory search. If the search turns up anything, your equipment will be confiscated as evidence.

UK Cops. Notice the UK.

You spook stories only apply to the US and perhaps China.

Re:So they want GOV spyware?

[blueg3]

You don't get the point. Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number. So, say you are investigating Joe Smith, who has 3 computers, a PDA, and a cell phone. You deliver all these to the forensic analysts. At least half a year passes before you get any information from them. At that point, the information is only really useful in a trial, but not in the investigation.

They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).

Re:So they want GOV spyware?

[blueg3]

That's correct. They don't have to provide a report of what exactly they looked at, what exactly they did, etc. (although it needs to be documented to be usable in court) -- but the search warrant does need to specify what they're searching and what they're looking for.

Re:So they want GOV spyware?

Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number.

There are tons of people out there that could do this work, the problem is that the computer crime labs are run by police bureaucracies that use the good ole boy system of advancement. Rather than hiring computer specialists and training them what little they would need to know about police work, they take police officers who have put in their time on highway patrol and spend huge amounts of money for computer forensics training.

Virtually any computer science grad could be trained to do computer forensics in *weeks*. The problem is that you will never recruit a computer science grad when you tell them that they will have to put two years in the highway patrol before they can even *think* about applying to transfer to the computer crime unit. And then there is the issue that the computer crime unit spends 90+% of its time investigating child porn, and quite frankly, who the *hell* wants to do that?

All this info is from the state where I live. I imagine its the same other places, but hopefully it's not, lol.

Re:So they want GOV spyware?

[syousef]

Good job managing to misread the summary.

Yeah! I didn't read the article or the summary and I can tell you I have the following strong opinion: There's no need for breathalizers for computers because if I pour alochol onto my computer it would short out. Therefore to determine if a computer has had alcohol just try and switch it on. If the power comes on and it boots, it hasn't had anything to drink.

Re:So they want GOV spyware?

[Hal_Porter]

I dunno, Landon Dyer of Atari regrets taking part in busts

http://www.dadhacker.com/blog/?p=1031

Re:So they want GOV spyware?

[blueg3]

In our state, most of them are police investigators that were interested in forensics and are fairly technically inclined. The main hiring problem here is that non-police people who would make good forensic specialists can earn better money in almost any job -- including computer forensics for companies.

Re:So they want GOV spyware?

[The+Grim+Reefer2]

And to my knowledge, in the US search warrants usually have to specify what in particular they're looking for and where they're looking.

Times may have changed, but years ago I remember some friends in law enforcement told me something that I found interesting. They said that when in doubt it was better to get a warrant for drugs because it pretty much gave them carte blanche and anything that was found would be admissible.

Re:So they want GOV spyware?

[The+Grim+Reefer2]

Yeah! I didn't read the article or the summary and I can tell you I have the following strong opinion: There's no need for breathalizers for computers because if I pour alochol onto my computer it would short out.

Either that or attain sentience.
http://www.imdb.com/title/tt0087197/synopsis

Re:So they want GOV spyware?

What? You can't run to work every day and get there on time? You must be incompetent and be wrong for the job you have. Shame on you for trying to use technological solutions like a bicycle or a car or a bus to make up for your shortcomings!

But yeah, I agree. This is a stupid idea.

Re:So they want GOV spyware?

[blueskies]

Not official but an attempt to define these things:

http://www.antispywarecoalition.org/documents/definitions.htm

Re:So they want GOV spyware?

illegal material - pc. deal?

Re:So they want GOV spyware?

[Jurily]

What the UK needs is common sense.

I came here from a former Communist country, and the laws here... let's just say it's more like what my dad used to tell stories about.

Re:So they want GOV spyware?

So you're saying that any cop who can't personally perform forensic analysis on any computer system (or other data storage device) they encounter is incompetent?

Re:So they want GOV spyware?

[Impy+the+Impiuos+Imp]

> McMurdie said the device was needed because of a record number of PCs were being seized
> by police and because the majority of cops don't have the skills to forensically analyse a computer.

Well if you dumbass computer programmers would stop building them tools, you would have less to worry about.

Re:So they want GOV spyware?

[spazdor]

"illegal material" is too broad. PC is just fine.

Re:So they want GOV spyware?

[syousef]

Yeah I still love that movie. A fairytale for geeks^H^H^H^H^Hcomputers

Re:So they want GOV spyware?

[dimeglio]

Dude, ethanol/alcohol does not conduct electricity. So technically speaking, your computer would not short-out if you pour alcohol on it. However, it has to be fairly pure ethanol. Otherwise you will in fact cause a short but it would be the water contained in the drink doing this.

Re:So they want GOV spyware?

[Hognoxious]

It's nothing like a breathalyser. A breathalyser detects one specific chemical compound in exhaled air and estimates the concentration of it in the blood.

What will this thing do, put up a progress bar with "Scanning for evidence of wrongdoing..."? It's just too generic and vaguer a target for it to work. Except on TV.

Re:So they want GOV spyware?

[trewornan]

They didn't need a warrant because they had the permission of the Speaker. Analogy: The managing director of a company giving police permission to search a cubicle in the company's offices.

Re:So they want GOV spyware?

[meringuoid]

Occasionally, pouring alcohol into a computer really can work. Just how far can you overclock a 486SX/25?

Re:So they want GOV spyware?

[neomunk]

Everclear advantage number 43: You can do shots with your best friend, even if that best friend is a inanimate machine surrounded by old pizza boxes.

Re:So they want GOV spyware?

[gboss]

(pure)Water does not conduct electricity either.

Re:So they want GOV spyware?

[bob.appleyard]

Good luck keeping it that way inside a PC.

Re:So they want GOV spyware?

[zildgulf]

They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).

McMurdie would also like it if he had regular officers do valid autopsies without a well-paid fully medically trained coroners, or have his regular officers do valid DNA tests without the expense of highly trained lab technicians. And I bet he wants the laws changed to make this possible as well.

McMurdie should shut his stupid trap, man up, and either hire the proper personnel or have some of his people properly trained.

Re:So they want GOV spyware?

[clone53421]

They don't have to provide a report of what exactly they looked at, what exactly they did, etc. (although it needs to be documented to be usable in court)

...where you'll be shown the evidence and have an opportunity to argue against it. Unless they don't show it to you, which was GGP's concern.

Re:So they want GOV spyware?

[clone53421]

If the company policy states that any employee's cubicle/computer can be searched at any time without cause, then correct, no warrant was needed. If no such policy exists, it's an illegal search, and if the company did have such a policy, but such a policy was against the law (depends on the laws in effect in that location, naturally), the search was still illegal.

Re:So they want GOV spyware?

Paid well? We're talking about the government. The only people who are paid well are the ones who got to decide on their own wages.

Re:So they want GOV spyware?

With a name like youssef, he probably never touches the stuff.

Re:So they want GOV spyware?

[sexconker]

"In our state, most of them are police investigators that were interested in forensics and are fairly technically inclined."

And how many of those people do you have?
The issue is that the coppers don't have enough people to go through the number of computers they get. The people they do have are not professionals, and are slower, less accurate, and end up deferring to professionals.

This is a large cost (time and money), and they want a tool to minimize this.

They don't want cops to be looking through computers. They want to be able to know what computers to hand over to the professionals.

Re:So they want GOV spyware?

[sexconker]

Uh, my point was that there are tons of definitions out there, none of which are official, are complete, or can classify every new nasty software into any of the said categories.

Re:So they want GOV spyware?

[blueg3]

I'm well aware of that -- that's what I've said elsewhere.

The computer forensic people we have are professionals and generally do not defer to private-industry professionals. But of course there are few of them, there's not much funding for more of them, and they have a huge work backlog.

Re:So they want GOV spyware?

[trewornan]

That may be the case in the US but it's not necessarily true in the UK. I don't know, and given that we've got some of the best lawyers in the country arguing the rights and wrongs of it at the moment I suspect it's not that clear cut.

Anyway, what I was really pointing out was that the police believed they didn't need a warrant for this reason and weren't (at least as they saw it) blatantly conducting an illegal search.

Re:So they want GOV spyware?

[severoon]

No, I'm saying that an entire department occasionally has to do forensics. And they should hire people that can do that. You know, like CSI.

Re:So they want GOV spyware?

[blueskies]

So what? Because there isn't a perfect system, we shouldn't try to describe "stuff?" What committee makes these official definitions? There is a committee trying to come up with terms and classifications, but i'm not sure how you want them to become "official."

Calling it spyware is like calling google's spiders spyware because they "spy" on your website. Sure it builds a report from someone's hard drive, but it's not secretly installed and running unbeknown to the user.

Re:So they want GOV spyware?

[sexconker]

"it's not secretly installed and running unbeknown to the user."

You don't know much about the police, their ethics, their accountability, and their downright laziness, do you?

Right

[Endo13]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Re:Right

Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such. But what they describe is simply ludicrous:

McMurdie said such a tool could run on suspects' machines, identify illegal activity - such as credit card fraud or selling stolen goods online - and retrieve relevant evidence.

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Re:Right

[CaptainPatent]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Or like exploiting three people capable of seeing into the future in order to generate police reports and make arrests.

As we learned, nothing can possibly go wrong!

Re:Right

[theaveng]

Well put.

But the governments of this world routinely ignore law (obtain warrant naming specific evidence desired) and instead do exactly what you described - go on a fishing expedition. "Well we came here to get marijuana, but instead we discovered porn on your PC, so you go to jail buddy."

They do this same ____ in the U.S. with random searches of cars. They are supposed to be looking for illegal immigrants, but instead they bring in the dogs and have them sniff for marijuana/cocaine. Then they arrest you.

This shouldn't be allowed.

Re:Right

[Endo13]

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Duh! They're looking for Illegal Activity, which is the specific reason they seized the computer!

Re:Right

[thesqlizer]

I don't recall where (or if) the US Supreme Court handed down a decision on the concept of "Are computer files more like what's in your brain or in a file cabinet."

IMHO, searching a computer is akin to searching someone during questioning.

Questioning someone who has been Mirandized: fine.
Going through their belongings with a search warrant to find something specific: fine.
Going through a computer willy-nilly on a fishing expedition: not fine.

Re:Right

[CannonballHead]

Doesn't this kinda depend? Just because you found something else while looking for your actual thought doesn't mean you have to IGNORE it. If you came looking for credit card fraud and found, say, illegal hacking activity, should they just ignore it? If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

Now, if they pull you over for "presumably" running a stop sign and sniff your car, that's different. On the other hand, since illegal immigrants and drugs seem to go together, since drug trafficking and immigrant trafficking is a similar thing (smuggling), I don't actually see a problem is searching for both at the same time.

I'm not saying they should be allowed to just randomly show up and search your house without giving a reason, by the way.

It's a fine line between hampering catching criminals by giving "too many rights" and stepping over the bounds of innocent until proven guilty...

Re:Right

[blueg3]

Actually, that's not the problem they're trying to solve. I don't know about in the UK, but in the US, any kind of searching (including hash comparisons and automated tools like this) require a search warrant that covers the computer.

What they're really interested in is not conducting fishing expeditions, but trying to find some useful information -- even just narrowing down which machine they actually need to fully analyze -- within the machines covered by a search warrant. Generally the procedure is to box these things up, hand them over to computer forensic experts, and wait 6-12 months for them to perform a full analysis. Cutting down the amount of work they have to do by giving them only the one computer out of ten that is actually interesting, or being able to pull some small amount of useful information to use in the investigation immediately, is of great value.

This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.

Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.

Re:Right

[pwnies]

Those are easy. Just,

return true;

Re:Right

[morgan_greywolf]

Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.

No. Bricks are smarter. I'm pretty sure bricks have heard of encryption.

Re:Right

[rhsanborn]

The point is that rights like this exist to protect people who haven't done something wrong from police (the state) who can abuse their position to harass, unreasonably punish, and generally pervert their positions for personal and political gain.

We didn't find kiddie porn, but this Anarchist Cookbook is suspect. Also, you DO seem to be the source that gave the reporter evidence against candidate X. We said we were looking for kiddie porn, but we'll mention this in our report anyway. Etc.

Re:Right

[Luke-Jr]

If you think warrants are needed in the US, you are dead wrong. Perhaps in theory, but if they come with no basis and insist on searching you, how are you going to stop them? Going to take it up in court after the fact, even though they threaten to simply perjure? Since they're law enforcement, their statements are more "credible" up against yours.

Re:Right

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Not always. Sometimes you have a warrant for someone's arrest at their home, so you go to their home and arrest them. As part of the arrest, police are often allowed to go through their belongings looking for evidence.

Or, the police have a warrant to go through a house looking for evidence of a crime, but they are entitled to go though the entire house looking for the evidence.

Re:Right

This Anonymous Judge (we aren't all technophobes, and some of us even have game consoles) doesn't hear many warrant applications that smell strongly of fish, and routinely refuses to grant those which do.

Re:Right

[Rude+Turnip]

Speak for yourself.

Re:Right

[johnsonav]

IMHO, searching a computer is akin to searching someone during questioning.

If you're hinting that personal computer files may be protected by the fifth amendment, I think you're dead wrong. Even personal diaries can be subpoenaed. Personal computer files are no more protected than the contents of a file cabinet. I'd be interested to hear your reasoning behind your opinion.

Going through a computer willy-nilly on a fishing expedition: not fine.

I agree. Much as a traditional warrant for a home has a limited scope, so should computer warrants. If you're looking for fraudulent banking activity, you shouldn't be able to search out other, illegal, materials. But, some equivalent to "plain sight" has to hold. If you have a folder on your desktop named "KiddiePorn", and the cops are looking for stolen CC data, well... tough luck.

I think the idea of an automated computer program, tasked only to find appropriate data spelled out in the warrant, would be a boon to law enforcement. Computer crimes don't just take place in large cities with well funded computer forensics labs, but also in Podunkville, USA. It is simply unrealistic to require every small-town police department to keep up with the latest in computer forensics. Possessing a simple "crime detector" would allow the police to forward the computer to a real forensics lab if evidence exists. It would also save falsely accused computer owners from having to wait months or years to get their computers back.

Re:Right

[JLennox]

As an employer, I use to run background checks on people. One man in his early 50s had a "drug possession" charge from decades before. He got busted with a joint. As much as I agree with keeping a lot of drugs off the streets, it's hard to agree when the legal punishment for some drugs is far more damaging than the drug it self.

Re:Right

Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such.

Keep in mind, anything that matches a crypto hash, at least in the U.S., means the media depicts an actual child who was found to be sexually assaulted/violated. It's not just someone who may or may not look underage; it's someone who was proven in some court to be underage.

Makes you wonder ... as SHA-1 collision attacks become more prevalent (it's a guarantee they will), how will law enforcement ensure accurate results? Will they compare SHA-1 hashes plus file sizes in bytes, to account for files that have been "padded"? Will they just inspect content (what does it say about somebody who wants that job)? Will they switch over to whatever NIST picks from their hash function competition? In which case, how do they recompute hashes? Do they wipe their database clean and start over, or compare against 2 sets of hash functions (the old SHA-1 and the new [insert whatever here])? Or, are they stashing full copies of the media where they could just re-compute the new hashes? And if they are, why in the world are they hanging on to it? Is that Constitutional? What about pervert insiders who leak it back out, thus creating more "child porn traffic"? What about power tripping cops who sneak copies of it and plant it on people's computers?

And a better question ... How long will it take the _actual_ child porn traffickers to figure out that flipping a single bit defeats a crypto hash? And what happens if that becomes an epidemic? Would a bit twiddling epidemic result in law enforcement's supposed right to maintain copies of known child porn? How does that affect the victims' rights to privacy? Or will law enforcement do something else entirely?

All questions, no answers.

Re:Right

[causality]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do? Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

They cannot even keep illegal drugs out of prison (don't take my word for it -- do the research yourself). How do you propose that we do this in a relatively free society? The way it has worked is that some amount of crime is tolerated in exchange for having a free society with things like legally recognized civil rights. With drugs and lately with terrorism the (dangerous) mentality has been that we need to stop $EVIL_THING no matter how high the cost is to the rest of society. This is tunnel vision at best, a step towards a totalitarian government at worst.

But I am curious. Once you see for yourself with your own research that they cannot even keep drugs out of prisons, I would like to know this: what environment even more restrictive than prison would you propose for the entire population in order to better meet your 100% detection/punishment rate? I'd also like to know whom you would entrust with the management of this environment.

Re:Right

[Ironica]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do? Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

100% detection would require surveilling everyone, all the time, for activity that might indicate smuggling. You feel like giving the gov't the keys to your private life?

OTOH, I think that our immigration and drug laws are way f'ed up anyway, and current enforcement methods are an enormous waste of resources, so I don't even agree with the premise.

Re:Right

Yeah! How the hell could YOU have known the immigrant you had stashed in the trunk was carrying cocaine? ;)

Re:Right

[gnick]

Except we want cops to catch people with illegal drugs etc..

What do you mean "we", white man?

Why restrain the cops from doing what we all need them to do?

So that they don't trample all over innocent people in their race to jail stoners? So that we can maintain some sort of privacy instead of throwing our doors open to anyone with a badge so that they can rifle through our homes in case we may have been doing something wrong? So that we can keep some kind of checks on the cops so that they might work to protect us while respecting our rights instead of just busting people and feeling like tough-guys on a power trip?

Pick which ever one speaks to you best.

Re:Right

[theaveng]

>>>doesn't mean you have to IGNORE it.

According to the U.S. Supreme Court, that is exactly what it means. Mapp v. Ohio establishes that if the police are searching for one item (in this case a fugitive) may not then collect other items and prosecute for that crime (they found porn in the basement).

Re:Right

[badfish99]

Isn't it standard police procedure, when they suspect someone of something but haven't got any evidence, to arrest them for some other trivial thing, and use that as an excuse for a search?
What else are all the laws forbidding ordinary everyday behaviour for, if not to allow the police to do that?

Re:Right

[blueg3]

What statements? They're not going to be able to lie about whether or not they had a warrant.

Re:Right

[Firehed]

At least in the US, evidence found against you found in an illegal search* cannot be used against you. If the search was legal (warrant attained or reasonable suspicion of wrongdoing), then it's your fault for having done whatever other stuff you get hit with, regardless of why you/your home/vehicle was searched. Don't confuse this with secondary offenses, like not having your seat belt on in many states (they can't pull you over specifically for that, but can add it to the ticket).

* if they can see the bag of weed (or whatever) on your back seat through the window, not only is it legal for them to arrest you for it, but it also gives them reasonable suspicion to search the rest of the vehicle without attaining a warrant, even if you protest.

IANAL, YMMV, laws vary by state, etc. And all bets tend to be off at border stops, especially internationally. As far as I'm aware, they have the legal (USA PATRIOT act legal, anyways) right to search your vehicle entirely at any international border.

But back to the topic at hand, if your computer is legitimately siezed, I think you should at least be able to know what processes were used to search for X when Y was found. If they want to arrest you for possession of goat porn, and then they find CP, you should be able to find out that the latter came up when they did a general search for porn, rather than when they explicitly searched for it. Or if they find pirated media when searching for CP, which would be a lot harder to accidentally find by the same 'legit' search. It'll never happen, and good luck auditing the police's methods even if you had the right to do so. Just encrypt all of your crap, and don't have illegal stuff.

My 2c

Re:Right

[HTH+NE1]

It's a fine line between hampering catching criminals by giving "too many rights" and stepping over the bounds of innocent until proven guilty...

Oh yes, it's so fine a line that it is in fact the same line approached from opposite sides.

Re:Right

[jebrew]

To hell with that. The current classification for which drugs are legal and illegal is totally messed up in my opinion. We need to re-evaluate what we're banning before we go off on such tangents.

Re:Right

[MaskedSlacker]

Define "we"

Re:Right

[theaveng]

That's fine for the UK - your rules are different. But here in my home country, the U.S. Supreme Court forbids that practice. If the police warrant says "Search for fugitive" but instead they find pornography, they may not prosecute the citizen. Mapp v. Ohio decided that is not allowed, for the purpose is to protect US and defend US from police harrassment.

Think about it:

Would you want the cops to say, "We're searching for an escaped convict in the area" and then scour every drawer, ever closet, every nook-and-cranny trying to find SOMETHING to prosecute you for (like illegal music/videos on your PC)??? That doesn't sound good to me.

Re:Right

They do this same ____ in the U.S. with random searches of cars.

All well and good except random searches of cars is illegal in the US. Which makes your point either glaringly obvious or just stupid.

Re:Right

[blueg3]

Just because you don't have the answers doesn't mean there aren't answers.

NCMEC, who publishes the US hash database, has the original material as well. However, this original material is not simply readily available to forensic investigators, only the hash list is. However, if an image matches a NCMEC hash, the potentially-illicit data is examined and, if necessary, is compared to the original offending image.

It's already well-known that CP traffickers can make trivial manipulations to images to render the hashes entirely different, defeating hashlist comparison. That's why a full investigation involving sorting and viewing all images on the machine is done. The big value of the NCMEC database is enabling you to connect a particular image to known data relevant to the case -- the identity of the pictured individual, legal investigations that determined the image was of an underage individual, related cases, et cetera.

Re:Right

[Firehed]

Well hopefully the cameras they have in their car or that you have pointed at your door streaming live 24/7 can be used as evidence against the cop for conducting an illegal search.

Don't count on it, but if you're able to prove that it was an illegal search (no warrant, no reasonable suspicion, and you didn't give them permission), then anything they find would be inadmissible in court.

IANAL.

Re:Right

[nurb432]

Not if you toss 'national security concerns' into the warrant.

Re:Right

[timepilot]

No, that's not what Mapp v. Ohio established. Mapp v. Ohio established that evidence found in searches *in violation of the 4th amendment* may not be used.

Mapp v. Ohio doesn't say anything about not being able to use evidence found during legal searches, such as those conducted with a warrant.

Re:Right

[jebrew]

How do you know he's white? What's with the racism?

Re:Right

[johnsonav]

Just encrypt all of your crap, and don't have illegal stuff.

Amen. With all the practically unbreakable, freely available encryption solutions out there, I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.

Anyway, I guess nobody complains when the dumb criminals make it easy.

Re:Right

[sexconker]

If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

People being tortured? No, they stop it right then and there.
Evidence of people being tortured? Yeah, you have to get another warrant.

Re:Right

[bitslinger_42]

According to US law, at least (and not always followed by US cops, I might add), whether the evidence on the secondary offense is admissible or not depends on how it was found. If a cop pulls over a car for speeding and sees an open container of beer sitting on the seat next to the driver, the open container is typically admissible. If, on the other hand, the cops raid a house looking for a stolen 62" television and, as long as they're in the house, decide to check in the toilet tank and find a stash of cocaine, that typically is not, since searching the toilet wouldn't have been part of the search for the big TV. Likewise, the original warrant would probably not allow the cops to bring along drug-sniffing dogs on a search for a stolen TV. Of course, I'm generalizing here, and am not a lawyer, but you get the picture.

Thus far, the same principles apply to computer searches. If the warrant says that the cops are looking for evidence related to illegal gambling operations on the computer, the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.) unless such terms show up in documents found by the warranted search. If, in reviewing a document named IllegalGamblingProfits.doc, they see a reference to cocaine sales, the cops may have just cause to perform another search looking for cocaine. Since they've already got the computer at that point, though, they'd be better off to go back to the judge and get a 2nd warrant that authorizes the cocaine search, but given the similarities between finding the information in an admissible piece of evidence and seeing the open container in plain sight, I can see how a judge would give the benefit of the doubt in court.

I can't quite tell what the cops in TFA are asking for, though. If, on the one side, they want to be able to bring along a device that's pre-configured with the search terms for the warrant (gambling terms, from the above example), such a device would theoretically be legal in the US, since it would simply be automating the search that would otherwise have been performed by the trained analyst. If, on the other side, they want a device that identifies any illegal activity, that should be unconstitutional for 4th Amendment reasons.

All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.

The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.

Re:Right

[sexconker]

So the best place to dump the body is at the wharf...

Re:Right

[agm]

It'll be pretty easy to get around. Run a source based operating system (like Gentoo) and ever so slightly modify the executable file format and file system allocation table format. Then only binaries you compile on that computer will work on it, and they won't be able to read your disks unless booted into your OS (which won't run their skying app anyway).

Re:Right

[HTH+NE1]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

You seem to be excluding people with illegal drugs from this group you erroneously label as "all". Be careful you do not find yourself similarly excluded.

And sometimes they're not even caught with drugs but rather caught with "too much" cash on their person.

Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

"Vote Fascist for a Third Glorious Decade of Total Law Enforcement."

If every law is enforced 100% of the time, you live in a police state and have no real freedom, where even the tiniest of harmless infractions will bring harsh penalties:

A much-fatter Mrs. Krabappel writes "Homework: eat a stick of butter" on the blackboard. "Since so many students have been put on permanent detention," she begins, burps, and continues, "we've merged everyone into a single class. I trust there are no objections?" Bart, Lisa, Milhouse, Wendell, and Ralph say nothing. Wendell shivers in fright and his pencil falls to the floor. Mrs. Krabappel looks up, points to the hall, and says, "Detention." Wendell looks appealingly at Milhouse and Ralph who look away, and he leaves the class.

Re:Right

It's the punch line to the old Lone Ranger & Tonto joke...

Re:Right

[timepilot]

P.S. http://en.wikipedia.org/wiki/Mapp_v._Ohio

Re:Right

[Unordained]

Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such.

... which will quickly be defeated by "nearly-the-same" images, the result of a tool that modifies all images on a drive, changing them in visibly imperceptible (or at least unobtrusive) ways, but leaving the files with radically different hashes -- without even having a copy of the list of hashes the authorities already have.

Re:Right

[causality]

To hell with that. The current classification for which drugs are legal and illegal is totally messed up in my opinion. We need to re-evaluate what we're banning before we go off on such tangents.

The problem is that there's not much political power to be had under this sort of reasoning. No new bureaus and departments to be created, no new positions to staff with your cronies, and no excuses to expand budgets and governmental power. It's such a good idea that it'll never happen without radical changes to the way things are done.

Re:Right

[AndrewNeo]

What? I thought that movie was about the innovations in user interface!

Re:Right

[corbettw]

Isn't there a plain-sight provision with that rule? If the cops have a warrant to search your house for crack, and see a dead body laying on the kitchen floor, they can go ahead and arrest you for murder.

On advice of my lawyer, I can't really say anything else.

Re:Right

I don't believe that's how it works. If your stopped while driving on a public road, they ask for consent to search your vehicle. Failing getting that, they detain you and bring a canine cop to your car. If from the outside the dog indicates there may be drugs, that gives them reasonable suspicion. At that point, by law they may search your car without a warrant. Of course, they could always call up a judge and get a warrant quick enough if the law changes. Thus the entire process is legal and by all accounts constitutional since they did not enter your personal property (i.e. car) to begin the search, they merely observed it from the outside and reacted to what they found.

Of course, coming across the border is an entirely different matter, and there they can search your car without any particular suspicion.

Re:Right

[Philip+K+Dickhead]

Yeah.

But the story is for POMs, not Seppos. No 4th, or any thing else like that, across the pond. Brits are "Subjects of Her Majesty, the Queen". This is different in basis of fact, if not actual function, than say, "Citizens of the United States of America".

Despite common law and the whole lot, there's no Constitution in Great Britain.

Re:Right

[Midnight+Thunder]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Yup, but I wonder how long some new age fascist ^H^H^H^H^H^H government official wants to implement thought-crime.

Re:Right

[pegr]

"What do you mean "we", white man?"

Explanation for the yung'uns out there...

Lone Ranger: "Tonto! We have a problem! We're surrounded by Indians!"
Tonto: "What do you mean "we" white man?" //Stupid, old, joke... //Not racist... //Well, maybe a little //Stole slashies from fark ;)

Re:Right

what does the SCOTUS have to say about its precedent applying in the UK?

Re:Right

[idontgno]

There's an object lesson here.

Don't hide your crack stash inside the dead body laying on the kitchen floor. It doesn't work, it provides no cover in court, and the necessity of the search really pisses off John Law.

Re:Right

[Shakrai]

I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.

Because most criminals are idiots to begin with. Seriously. Ask any cop how many criminals they've arrested whom would have gotten away with whatever crime they committed if they had kept their mouths shut. Combine that level of stupidity with the fact that the typical criminal isn't going to be very computer savvy and you can see why few of them use encryption.

Re:Right

[gnick]

No racism intended - I'm as white as they come. It's from an ancient joke. Basically, the Lone Ranger and Tonto have a horde of angry Indians bearing down on them. The Lone Ranger says, "It looks like we're in a lot of trouble this time, Tonto." Tonto replies, "What you mean 'we', white man?"

Basically, I was just trying to point out that b4upoo was making an assumption that we're all in the same camp here, when we're definitely not - I don't want to sacrifice my rights so that the cops can catch a few more pot smokers. That excludes me from his inclusive "we" in:

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

The joke isn't remotely a perfect parallel, but I thought it would be amusing. Sorry if it came across racist (although feel free to nail me for calling Native Americans "Indians" when explaining the joke - At least I refrained from including the phrase "feathers, not dots".)

Re:Right

[Jawn98685]

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Ermm... Where have you been for the last 7 years? Under a rock? If we were to let you actually invoke those civil rights they taught you about in school, the terrorists would win! Stop being silly and just admit that we're all much better off with a government and it's goons... er, "law enforcement agencies" who can make sure that we're all "safe", no matter what the cost to our so-called liberty.

Re:Right

[AnalPerfume]

They don't want to keep drugs out of prison, the more stoners there are walking about, the easier they are to be controlled and less likely to cause trouble. The less people they have all edgy because they can't get their heroin fix, the easier they are to control. Anytime an addict comes off their addiction they have withdrawals, which can show in many ways. It's one thing to be willing to stop, knowing the withdrawals are temporary until your body adjusts.....it's another to be forced off. It does sound like the Police want a simple "catch-a-crim.exe" program to run while they get on with searching our MP's offices for material likely to embarrass the Government.

Is it only me who can visualise a Microsoft lobbyist / sales-drone already selling them the (never gonna work) solution for millions of tax-payers pounds?

Re:Right

[clone53421]

Easy? I doubt 50 people on here could do that. For starters you'd have to write your own compiler before you could build the OS – recall you've modified the executable file format so that that normal executables won't run? Then once you have a compiler that's able to create executables for the system (and the compiler would have to run on the system too, unless you wrote a driver for a "normal" system to read your abnormal filesystem so you could copy files onto it – and that same driver could be used to defeat your precautions later, so you'd have to destroy it or hide it well), you'd then have to also build all your software from source, too. Firefox, whatever else you want to use... I hear OpenOffice.org is a bitch to compile.

Re:Right

[StikyPad]

That's for things laying around in your car when you get pulled over (or maybe on your front lawn). No warrant is required for something like that, period.

As to searches, any evidence obtained during a legal search can be used as evidence, or as the basis for additional and/or alternative charges. Just because they were looking for drugs doesn't mean they have to ignore the bodies they find under your floorboards, or vice versa.

Re:Right

[Arcane_Rhino]

As far as I'm aware, they have the legal (USA PATRIOT act legal, anyways) right to search your vehicle entirely at any international border.

No. The US Border agencies have had the authority to search you and your accompanying articles long long before the Patriot Act. You with mere suspicion, your articles with no suspicion. (They must still have probable cause to enact an arrest of you or seizure of your merchandise but may detain with reasonable suspicion.)

Re:Right

[Mister+Whirly]

Why restrain cops at all? Why not just let them murder anyone they think might be guilty of something? We would all be so much safer then. *rolls eyes*

Re:Right

But if there is no downside to the illegal searches, then LE is going to do them. One way to discourage them is not allow evidence to be used. However, I could see paying people $10000 a stop if they don't find what they are looking for to cover your time and trouble. Another option would be to fine or imprison the officers making the illegal searches.

Re:Right

[johnsonav]

Because most criminals are idiots to begin with.

Sigh... You're right. Which is probably why there are so few elaborate bank-jobs, cunning cons, and ridiculously over-the-top plots to blow up buses that fall below 55mph, in the news. I like movies better than real life. Sigh...

Re:Right

[Garrett+Fox]

I wish I had the book I have about this in front of me. As I understand it, the question is still up for debate, partly because the courts consist of English majors trying to apply old decisions to new technology. However, it does seem to be settled in the US that electronic transmissions are like physical mail; that there are no restrictions on searching mail at the border, and that border searches don't need to be done physically right along the borderline. That combination of ideas would justify elimination of 4th Amendment search-and-seizure limits on Internet traffic, and authorize ISP monitoring. You never know whether someone's packets might be straying through Canada, eh? Correct me if I'm wrong; I wish I were on this point.

As a writer, your question is why I'm especially disturbed by the reports of entire computers being seized for a fishing expedition at the border. I keep many of my thoughts in writing.

Re:Right

"Specify what you're looking for" Yea right! Been in fantasy land long.

Re:Right

This whole idea insaine.

Everyday we lose more rights and because of Bush and his "Patriot Act" the police can do more now then they have ever been able to.

In washington state they are cutting the funding for the D.E.A. programs and giving local cops more power to the point where even if your car doesn't smell of drugs or what not, the first thing an officer will ask is "So where is the marijuana" not "May I see your licance". People are getting pulled over for going 5 over and end up in jail because someone spilled something in there back seat or used the bottom of your lighter for something not intended.

A program like they are talking about would steal all of the rest of the rights we have. Whats stopping them from walking right into your house and plugging this thing in, even if you are the one that called them there to make a report? NOTHING!

This is out of the world and if it goes threw i might just buy my own island.

Re:Right

[Hurricane78]

The point is, that the original suspicion - the one they got the warrant for - is completely made up and fake. Our whole law system is set up in a way, that there always is something you did "wrong". Always. That's the basic idea of laws nowadays.

So the trick is, that they can put anyone to jail if he does not fit their agenda.

It's like a mafia you can bribe. They will go, make up some "suspicion", search your house, find some obscure thing that's in law book 5000, paragraph 9574 section v, subsection 385, (that of course "every citizen has to inform himself about"), and put you to jail.
Same thing with the terms and conditions of contracts. Deliberately written so that you can't understand it, in tiny fonts, on 20 separate pages, that you first have to download on "www.companysite.com" (notice the omission of a direct link). If they can fuck you, they will.

It's the rule of power like in the times where people still used clubs to beat each other. It's just better hidden nowadays.

Re:Right

[clone53421]

True, but if they're looking for a stolen car they have no business ransacking your attic or checking your cupboards. (Somebody else used the example of a 42" plasma TV, but this is /. so I figured we needed a car analogy.)

Re:Right

Truecrypt.

Re:Right

[agm]

I was thinking along the lines of making minor mods to glibc, gcc and ext3 source. OO.o is a piece of cake to compile ("emerge openoffice" is all it takes). Same with firefox.

My point is that if such a spying device became prevalent, then it's technically possible to circumvent it. Will they cater for all operating systems, all executable formats, all filesystem types (no matter how obscure)? I doubt it. I'd say that as soon as they see a PC running Linux they'd be shit-out-of-luck.

Re:Right

[kingrooster]

Nah, it's called the Plain View Doctrine.
http://en.wikipedia.org/wiki/Plain_view_doctrine

Basically, anything found that isn't on the warrant needs to be in plain view and they can't move items looking for it unless moving items might yield what is specified in the warrant.

Having said that, those are some vague rules and I'm sure a cop could justify looking anywhere he damn well pleases.

I guess if they are looking for a dead body but they look inside the books on your bookshelf and find some drugs, it might not hold up.

Re:Right

Thanks for the clarification - for a moment I was worried my ethanol-powered PC would test positive. Maybe I should uninstall Alcohol 52 and 120 to be on the safe side.

Re:Right

[clone53421]

I'd say that as soon as they see a PC running Linux they'd be shit-out-of-luck.

I expect their USB device to be bootable and contain a bare-bones OS to run the diagnostics, but then, who knows.

Re:Right

Except we want cops to catch people with illegal drugs etc.

Really? And why is that?

Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

If you are an American, please renounce your citizenship and leave. You are the enemy of freedom.

Re:Right

[Shakrai]

Which is probably why there are so few elaborate bank-jobs

And I could actually understand the motivation for an elaborate bank-job. You disable the alarm, tunnel into the bank, break open the vault and walk away with a cool million or so. I could get behind that. A million bucks is worth the chance of going to prison......

What isn't worth the chance of going to prison is the dumbass who holds up the bank with a gun and walks away with a lousy $10,000. Even worse is the dumbass who holds up the gas station with a gun and walks away with less than $100. Clearly they didn't do a proper cost benefit analysis ;)

Re:Right

[blueg3]

Yes, you managed to mention TrueCrypt, which comes up in essentially every Slashdot article about forensics.

The vast majority of criminals don't use TrueCrypt. Even those that do use encryption screw it up -- communicate over insecure channels, communicate with people who they can't verify aren't police agents, use encrypted files on an unencrypted system so trace evidence is left behind, etc.

The major objective is to make investigating the 95% of criminals that take no counterforensic measures faster and cheaper.

Re:Right

[iansocool]

although feel free to nail me for calling Native Americans "Indians" when explaining the joke

Actually according to wikipedia (my course for all things factual), "A 1995 US Census Bureau survey found that more American Indians in the United States preferred American Indian to Native American"

Re:Right

"Well we came here to get marijuana, but instead we discovered porn on your PC, so you go to jail buddy."

I didn't know porn was illegal? Shit, about %90 of the male population is in trouble then.

Re:Right

[clarkn0va]

and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list

I believe that's why Vista introduced Instant Search. Johnny Law just needs to call ahead and ask the suspect to ensure that it's enabled and properly configured. And that the suspect has at least 4GB of RAM installed, and dual 64-bit CPUs. Also, it would be helpful if the suspect left the computer on so the police don't have to wait around for Vista and Norton and HP to spin up. Hmm. I'm starting to see your point.

Re:Right

[deggs]

Actually yes, that's exactly what it means. Warrants are in place to protect people from illegal search and seizure. If during the course of a legal search items not covered in the original warrant are found the officers are required to attain a secondary warrant for the new items. In regards to your stop sign example, they do that too, and that's exactly the problem. Law enforcement agencies constantly step over the line, which is unacceptable. they often act no better than the criminals they're trying to catch, illegal wire taps, illegal broad scope searches, excessive force... On the west coast of Canada -where I live- the police have been accompanying "electrical inspection teams" whenever a house has a higher than normal power consumption. They are illegally searching for pot grow operations under the guise of a safety inspection, our own courts have deemed this unlawful. Take the examples of the RIAA and law firms in the UK sending out random letter to "possible" copyright infringers demanding payment for downloaded music. This is nothing more than extortion, there is rarely sufficient evidence of the crime. It amounts to the enforcment of criminal law by civilian persons through civil litigation, which... Is against the law. The list goes on. We live in a society where our civil rights are supposed to be protected, this "well I have nothing to hide so search away" attitude just diminishes the freedoms and protection we are guaranteed by our charters. Personally I never agree to willful searches or any other conduct I dont explicitly have to agree to. I'm not hiding anything, but the rules are in place for a reason.

Re:Right

[arminw]

....Except we want cops to catch people with illegal drugs etc.....

They tried to prohibit the drug alcohol. It was called prohibition. They even made prohibition a constitutional amendment! That benefited no one but the criminals. How is it any different with other drugs still under prohibition? It would be far better to sell and tax other drugs now illegal the same way that alcohol and tobacco are sold and taxed.

Re:Right

[triffid_98]

Which is exactly why we'll code our application to flag any encrypted files or hidden partitions, plus a full scan of your unencrypted swap file.

Since this is the UK you will hand over your encryption keys, have a nice day.

Just encrypt all of your crap, and don't have illegal stuff.

Amen. With all the practically unbreakable, freely available encryption solutions out there, I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.

Re:Right

[iamhassi]

"That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that."

Yeah, or they want remote access:
"McMurdie also discussed the possibility of setting up a "central forensic server", where digital forensic experts from across the UK could log in and analyse whatever systems were plugged into it."

Wow, are police in the UK really that dumb? They either want a magic wand that tells you if a computer has "illegal" content on it, or they want what has already existed since before the internet?

Re:Right

[ZekeSpeak]

Which is exactly why we'll code our application to flag any encrypted files or hidden partitions, plus a full scan of your unencrypted swap file.

I don't have swap files. I have swap partitions and they are encrypted with a random key at boot time using dmcrypt.

How can forensics easily tell the difference between an encrypted file and a file filled with either random or binary data?

Re:Right

[lucifuge31337]

Doesn't this kinda depend?

Kinda. But when in actual practice, things are routinely done such as pulling over cars going through sections of state and national forests by game wardens so that the local K9 unit can sniff the car for drugs you have to take notice. Why game wardens? Because they have broad powers to search a vehicle on any park land, even through roads, looking for game poaching. This is being used TODAY all the time to pull "suspicious looking" people over, search their cars, and end up making a drug or DUI arrest. I know this from second hand experience, as a family member is married to a former Virginia park ranger who's job, for the most part, is to do exactly this. He told me this directly. I have no reason to not believe him, as he doesn't even think he's doing anything wrong. Just telling me what he does for a living.

Enjoy your freedom, America.

Re:Right

This.

/ You're doing it wrong
// Slashies
/// Lots of them!

Re:Right

There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.

The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.

Sadly, it's simpler to make a tool that adds evidence and just post dates it. That's what they really want, because otherwise it would be hard to do their jobs.

Re:Right

[Iamthecheese]

This is somewhat off-topic, being about American law, but the "probable cause" and "reasonable suspicion" laws are abused continually. Police can and do search wherever they feel like by lying and saying they "smelled something." Flex your rights.

Re:Right

[LunaticTippy]

Yeah, the 7-11 bandits that get <$10 plus some beer and cigarettes crack me up. A lot of crime seems very inefficient. $200 for a new car window, $200 for a new stereo, $200 for the dashboard repairs, and the thief got $20.

I knew a bank robber. I didn't know he was knocking over banks at the time, but he later was in a long distance high speed chase ending in suicide by cop. Pretty surprising to everyone that knew him. I think he got ground down by his circumstances for too long. He spent so many years having to scrimp and do without it made him crazy. I remember him going out to eat a lot and buying little gifts for his friends and seeming happier than usual. I guess for him a lousy $60k (assuming he got $10k per bank) was worth dying for.

The truly weird thing was when he got away from the 5th bank it was very close. He was driving on medians and shoulders, through fields like a maniac during rush hour with dozens of cops on his tail. Somehow he got away and instead of ditching the car and going straight he laid low for a month and did it again.

Re:Right

[agm]

Yes, you are probably right. But then what luck would it have in reading an uncommon file system?

Re:Right

[Inda]

They all carry warrant cards in the UK. You cannot stop them coming in and doing a search. Well you can, but you'll get done for something else, like obstruction.

Re:Right

[triffid_98]

Well, you're in the minority?

Automated methods for finding hidden partitions could mean checking the bios report on the device against it's partitioned size, or just looking for large binary files that don't have known signatures.

FOREACH [file] in device
IF [file].size>MAX_SIZE && !hasKnownSignature([file])
ARREST_FOR_THOUGHTCRIME('Zekespeak')
IF isImage([file]) && fleshTones([file])>5.0
flagForAnalysis([file])

END FOREACH

I don't have swap files. I have swap partitions and they are encrypted with a random key at boot time using dmcrypt.

How can forensics easily tell the difference between an encrypted file and a file filled with either random or binary data?

Re:Right

[winwar]

"Well hopefully the cameras they have in their car or that you have pointed at your door streaming live 24/7 can be used as evidence against the cop for conducting an illegal search."

They won't. Tapes, videos, etc. generally dont need to be preserved by the police after review. In other words, they can be transcribed, described and then erased (common for interrogation). The only things that tend to be kept are things that help the police. There are exceptions of course. Cops, like the rest of us, are lazy.

Re:Right

[Kazrath]

Problem with that flawed database idea is as soon as the criminals figure out that is going on they just start modifying the content slightly and you end up with an infinite amount of slight variants of the same content.

And yeah that tool is a horrible idea.

Re:Right

[Alarindris]

At least I refrained from including the phrase "feathers, not dots".

O rly?

Re:Right

[spazdor]

That hasKnownSignature() function will be a bitch to implement.

Just how many file formats do you plan on documenting exhaustively?

Re:Right

[triffid_98]

Why exhaustively? Normally you can check the header data/check file associations. If you're trying to hide a partition in a file I'd assume it to be of fairly large size.

Just how many file formats do you plan on documenting exhaustively?

Re:Right

Yeah, I know...

Originally I wrote, "At least I refrained from including the phrase "feathers, not dots", until now..." I changed it 'cuz I figured the point was implied and didn't figure I'd offend anybody if that statement was included at the end rather than the explanation. Point well taken...

-gnick

Re:Right

Not slurpy indian. Casino indian.

Re:Right

[gandhi_2]

You almost sound like that lady on NPR that reports on the US Supreme Court.

Re:Right

[spazdor]

Yeah, but assume that I, like any normal computer owner, have several games installed as well as a host of productivity apps and so on.

The games' installations will likely have a lot of really big files. And the files may be in formats which were invented specifically for that game.

How will your function reliably distinguish between a Fallout 3 savegame file (which can balloon to over 1GB!) and a crypted partition file?

Assuming you will do that using headers and program-specific knowledge about Fallout 3, will you do the same for the file formats used by every other game that's ever been published?

Re:Right

[muridae]

Don't assume. I would hide a partition in the empty sectors between files.

Re:Right

[TapeCutter]

Leagal does not mean unregulated, there are plenty of expansion opportunities for an imaganitive politician.

Re:Right

Maybe they read this story 'A Linux-Based "Breath Test" For Porn On PCs' (http://yro.slashdot.org/article.pl?sid=08/11/04/1746220) which links to this article http://www.australianit.news.com.au/story/0,25197,24597325-15306,00.html about a linux live CD which scans the computer to help decide if it needs to be taken for forensic analysis and decided it could be applied to all situations.

Re:Right

Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity

Couldn't they just check the evil bit on the hard drive?

Re:Right

[clone53421]

Not much, but creating the filesystem would be a real trick.

Re:Right

[Pichu0102]

So the trick is, that they can put anyone to jail if he does not fit their agenda.

Then why not just go along with the agenda so you don't get bothered, even if you don't agree with it?

Re:Right

[j0nb0y]

Really, its not very limiting. If the police have a warrant to look for, say, marijuana joints, they can look anywhere that a marijuana joint could be hidden. On that warrant, they could look practically everywhere, and anything they found would be admissible.

The unrealistic example that is an actual limited warrant: If the police have a warrant to look for stolen grand pianos, they can't go rifling through all your drawers, and anything they find in your drawers is going to be inadmissible.

Re:Right

"Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such."

True, though I'm not convinced of how useful that would be. If the 'suspect' has been taking new kiddie porn pictures, you wouldn't have them in the database. I'm not sure how much 'old' kiddie porn stays 'in circulation' for very long. Even if it does stay in circ, all it takes to defeat a hash of the file is to make some minor modification (change the color of one or a small number of pixels, or just mess with the brightness/contrast, or crop the image a little bit, or resize it, etc, etc).

Now, it might be that there are more advanced algorithms for image identification than a simple hash, and so maybe they could do something like that, but a hash, I think, would not be of much use.

I would also imagine that for every kiddie porn pic the cops know about, there's hundreds or thousands that they've never discovered.

Re:Right

[adamchou]

the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.)

wait, so are you saying to hide my online cocaine operation, i should rename all my files to lolitaXXX.jpg?

Re:Right

[Ragein]

Small problem with encryption in the Uk, your legally bound to give the police the key if you don't then I believe the sentence for not doing so is pretty hefty.

Re:Right

[dangitman]

Except we want cops to catch people with illegal drugs etc..

Why? What difference does it make if someone uses "legal" or "illegal" drugs?

Re:Right

[dangitman]

How do you know it's a "he"? What's with the sexism?

Re:Right

[Gordonjcp]

They all carry warrant cards in the UK. You cannot stop them coming in and doing a search.

Warrant card != search warrant. It's a badge, that's all.

Re:Right

[Inda]

I still stand by what I said. You cannot stop them.

Re:Right

[meringuoid]

A lot of crime seems very inefficient. $200 for a new car window, $200 for a new stereo, $200 for the dashboard repairs, and the thief got $20.

Ultimately, that's why it's crime in the first place. The thief does $600 of damage to profit himself by $20 - net loss to the economy, $580. And even if the thief is skilled in his art and does no damage, he steals a stereo that costs $200 to replace and gets $20 for it from the fence. Not exactly a Pareto optimum here, is it?

If the thief could get more for the stereo than it would cost his victim to replace it, he wouldn't bother being a thief in the first place. He'd buy the stereo fairly and sell it on for a profit. Then he'd do it again, and again, and he and his sometime 'victim' profit handsomely together, and after a while find that they're running a small business in the car stereo wholesale trade.

Re:Right

[ciderVisor]

Since this is the UK you will hand over your encryption keys, have a nice day.

http://www.truecrypt.org/docs/?s=plausible-deniability

I could do with a breathalizer on my PC, but only to stop me writing regretable e-mails and postings when I'm pished.

Re:Right

All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour

1. Regexp search shouldn't be significantly slower than a search for fixed text, and it shouldn't get slower as the regexp complexity increases (e.g. multiple disjunctive sub-expressions). The DFA's state table gets larger, but it's still just one lookup per byte. This assumes that you are actually using regexps and not e.g. PCRE's, and that your software wasn't written by an idiot who thinks that repeated strcmp()s at successive byte offsets is a reasonable way to search a large amount of data.

2. An on-site scan isn't going to examine the entire disk at the sector level. For text searches, just scanning anything which looks like a "document", mail folder, web cache, or the like will suffice. They're not going to get much benefit by performing a text search on a file whose name ends in ".jpg" and whose contents begin with "JFIF". This is supposed to be a breathalyser (sufficient to justify allocation of resources), not a blood test (conclusive evidence).

Re:Right

[alecwood]

Yes, but Mapp v Ohio has no bearing in the UK, and as such is irrelevant in this particular discussion.

Re:Right

[Hognoxious]

Even worse is the dumbass who holds up the gas station with a gun and walks away with less than $100. Clearly they didn't do a proper cost benefit analysis ;)

If they could do a cost-benefit analysis, they could probably get an MBA.

If they had an MBA they'd get a nice job in a bank[1].

If they had a nice job in a bank[2] they wouldn't need the gun.

[1] or Enron
[2] or Worldcom

Re:Right

[Hognoxious]

P.S. "Kimo Sabi" mean "horse's ass".

Re:Right

[bickerdyke]

man file

it does a pretty good job already.

Re:Right

Not something you need to worry about if you don't have any marijuana/cocaine in your car though.

When did the drug-addict crowd start migrating to Slashdot, anyway?

Re:Right

[Harin_Teb]

WRONG.

If you find evidence of people being tortured the cops DON'T have to go back and get a new warrant. plain sight rule. If the Cops were there legally (IE searching for marijuana with a warrant) and they see evidence of an unrelated crime while they are searching within the scope of the warrant they can seize it for prosecution.

Examples:
Searching for weed in a file cabinet, stumble across credit card fraud documents. OK to seize.
Searching for dead body in a murder case, find weed in a shoebox in the top of the closet. most likely not OK to seize, as a dead body could not have been hidden in a shoebox in the top of a closet, so searching the box exceeded the scope of the warrant. (this presumes the box didn't accidentally fall open during a legitimate search.

IAAL, this is not legal advice, and it is "dumbed down" so all the nuances are not here.

Re:Right

"Vote Fascist for a Third Glorious Decade of Total Law Enforcement."

+1 Red Dwarf

Re:Right

At least I refrained from including the phrase "feathers, not dots".

Indeed. Everybody knows the correct phrase is "casinos, not call centers".

Re:Right

[plumby]

They can't (although looking at your startup scripts and seeing dmcrypt in there may be a clue), but if I remember correctly, under the UK RIP act it's up to the defendent to prove that it's NOT encrypted - not sure exactly how you'd do that - and you'll be done, and probably sent down, for refusing to hand the key over if you can't.

Re:Right

[neomunk]

Yep. Living 45 minutes from Windsor, Canada (and growing up in southeast Michigan) I've crossed the border a lot, and I've been searched numerous times, detained once. The detention was because I had spare computer parts in the back of my car, and they stopped me from going across because they suspected I might be doing work without a Canadian version of a green card.

So, yeah, they've always had enhanced abilities to search at international borders, and as someone who will not give easy consent to search (I tell cops no most of the time, and get away with it because I'm polite) I really don't have a problem with that. There is real reason to make an attempt at watching your borders, and I can respect that.

Re:Right

[LunaticTippy]

I see it the opposite way: There would be an enormous, highly taxable, highly profitable market. Every level of government would take a juicy slice, numerous corporations would profit obscenely, and users would have sharply higher quality goods for a lower price. Not to mention an instant freeze on criminal syndicate funding.

I'm pretty surprised no canny pol or CEO has figured this angle and done something to tap this gigantic fountain of cash.

Re:Right

I bet you'd be surprised at how many of your personal acquaintances do drugs without your knowledge. I've known people from all walks of life that do either one or both of the drugs you mention above. Wearing a suit to work doesn't mean someone doesn't smoke pot, and let's not even talk about upper-middle management and coke habits. Wow.

Re:Right

[absoluteflatness]

At least I refrained from including the phrase "feathers, not dots".)

So close...

Re:Right

[zildgulf]

This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.

What if the story was about a detective superintendent saying that these autopsy investigations are being completely backlogged because we don't have enough coroners and he wants the law changed so that anyone that can hold a bone saw can do an autopsy.

I am hoping you would say to him "hire more coroners, you wimp!"

Re:Right

[blueg3]

An inappropriate analogy, though one you already used elsewhere. The article is so kind as to provide an appropriate analogy, even going so far as to explain it.

First, he doesn't want the law changed to enable anything -- not that I read. Did you just toss that in?

Providing tools to do a preliminary, lesser version of a skilled job to be done by less-skilled individuals is quite common. Breathalyzers, home pregnancy tests, home blood-glucose meters, portable cardiac defibrillators. Even things like CO monitors are essentially laboratory tests made automatic and user-friendly, albeit incomparable to the real thing. These have their own uses, independent of the applications of the trained professionals.

The fact of the matter is that an untrained person could not provide court-usable forensic evidence. They can, however, reduce the number of items the experts have to look at and can get inaccurate preliminary results to assist in investigation.

Re:Right

[causality]

I see it the opposite way: There would be an enormous, highly taxable, highly profitable market. Every level of government would take a juicy slice, numerous corporations would profit obscenely, and users would have sharply higher quality goods for a lower price. Not to mention an instant freeze on criminal syndicate funding. I'm pretty surprised no canny pol or CEO has figured this angle and done something to tap this gigantic fountain of cash.

That's because you think money is the goal. If it were, then legalizing these things and taxing/regulating them makes a lot of sense. Our politicians are already wealthy and so are the people who got them into office; more power is what they want. The very monetary system itself always has more debt than dollars in circulation. That's right, there are never enough dollars in circulation to pay off all debt, there never will be, and this is by design because debt is also a form of control. Therefore, they are not interested in taxing drugs and using the proceeds to pay down the national debt or anything like that, because if they succeeded in paying off all debts there would be no money in circulation. They are interested in an entirely artificial, ubiquitous "crime" that the average person fears or despises that can be used to increase police power and police surveillance.

Drugs are perfect because this amounts to making a crime of things that are not crimes in and of themselves (that is, what adults do with their own bodies). As a result, it creates laws that are nearly unenforcable in that they would require a police state to enforce. Nothing has done as much damage to the Fourth Amendment as the War on (some) Drugs. Read up on the asset forfeiture laws alone to see what I mean. If you can weaken or ignore one part of the Constitution and get away with it, then you can weaken or ignore the rest as well.

Re:Right

[leereyno]

Drugs make you stupid, they interfere with your ability to think clearly. Many damage a person's sense of self and objectivity. There is no upside to be had by taking them. They will also get you arrested, prosecuted, and incarcerated.

If someone is stupid enough to be carrying drugs while driving around in a vehicle that shows up as a bogie on a cop's internal radar then I have no sympathy.

I have a friend who has many stories to tell of his misadventures as the driver of a VW Bus with a huge deadhead sticker on the back. Cops pulled him over several times a month and always asked if he had any weapons or drugs on him. As soon as he stopped driving a perp-mobile and self-advertising as a probable dope fiend, they stopped paying attention to him. He bought a truck and has not been pulled over in almost 5 years now.

If someone gets busted from a "random" traffic stop, odds are they were attracting the wrong kind of attention. Doing drugs is stupid, but if you're going to be that kind of stupid, at least be smart about it and don't advertise the fact that you're a loser.

Re:Right

[clone53421]

Interestingly enough, appending something onto the end of a JPEG still results in a valid, openable image file. Obviously, a 200x200 pixel image isn't going to be 2.4GB, but you could passably hide a document of a few hundred KB within a fair-sized JPEG. You would, of course, need to know the byte offset where the JPEG ends and the hidden file begins when you wanted to get the hidden file back.

I know this because I wrote a program that did it... it was slow and clunky, but it worked. It appended the byte length of the hidden file's filename followed by the filename, then the contents of the hidden file, and finally the original file length at the very end. To restore the hidden file, it read the last several bytes of the file to point back to the beginning of what it had stored before and copied it back into a file with the original filename.

Fun thing was, you could embed another file onto the end of that, and another, ad infinitum... well, I think I used a 4-byte int to store the length, so that would have been the limit :)

I never used it for much of anything, but it was a neat little project... I experimented around with seeing which file formats would still open if you appended stuff and which wouldn't.

Re:Right

[sexconker]

Incorrect.
They could seize credit card fraud stuff because it could have been used in the sale or purchase of drugs. Cops love to serve warrants for drug related stuff, because they can finagle just about anything into the "possibly related" category.

Evidence of unrelated crimes can NOT be seized, nor can the finding of it be used to justify a separate search warrant.

They have to get a new warrant to search for anything else. They cannot legally seize property that is suspected to have been used in another (unrelated) crime. They cannot legally arrest anyone at the scene for suspicion of any crime unrelated to the search.

If they're searching a crackhead's house for crack, and find diaries detailing how the crackhead killed JeanBenet Ramsey, they can't do squat.

Even getting a warrant to search that house for evidence relating to JeanBenet Ramsey is (legally) difficult. Cops have to begin an investigation, find evidence (NOT anything found during the previous unrelated search), present it to the judge, and get a warrant. Likely, the cops would conveniently receive an anonymous tip that the killer was a crack addict who was in that same area.

Of course it happens all the time. People who are being served warrants tend to not have good attorneys. Cooperating with the cops will get you far (if you have nothing serious to hide), and being a dick can get you into some serious shit, even if you've done nothing wrong.

Re:Right

[Cederic]

..even if it's genuinely random data that can't be decrypted.

Re:Right

[_ivy_ivy_]

And all bets tend to be off at border stops, especially internationally. As far as I'm aware, they have the legal (USA PATRIOT act legal, anyways) right to search your vehicle entirely at any international border.

This right predates the Patriot Act buy decades. You can be searched and detained as they see fit at a border. The government also has broad search and seizure rights within 50 miles of the border. This also predates the Patriot Act.

Re:Right

[ZekeSpeak]

They can't (although looking at your startup scripts and seeing dmcrypt in there may be a clue), but if I remember correctly, under the UK RIP act it's up to the defendent to prove that it's NOT encrypted - not sure exactly how you'd do that - and you'll be done, and probably sent down, for refusing to hand the key over if you can't.

They can't (although looking at your startup scripts and seeing dmcrypt in there may be a clue), but if I remember correctly, under the UK RIP act it's up to the defendent to prove that it's NOT encrypted - not sure exactly how you'd do that - and you'll be done, and probably sent down, for refusing to hand the key over if you can't.

Well, I've only got my swap partitions encrypted. I cannot supply the key to decrypt the swap partition because it is randomly generated at boot time. I do keep a few secrets (passwords etc) in an encrypted file (which is loop mounted as an encrypted partition). The file is not specially named and would look like a binary data file if examined.

Re:Right

[harry666t]

I thought of something else.

If it has read access, and execute access, then it also most probably has write access. And then, "evidence" could be very easily forged.

Re:Right

[badkarmadayaccount]

Are you living in Australia, and just stink at geography or something? Only there can generic (read non-child) porn land you in jail.

Re:Right

[badkarmadayaccount]

That can read the file system of the month out of the box? I'd like to see that, seems quite feasible.~

Re:Right

"Doesn't this kinda depend? "
          No.
"Just because you found something else while looking for your actual thought doesn't mean you have to IGNORE it."
          But it's inadmissable in court, if you were there to search for something else.

"If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back? "
        Yes. There's procedures for getting an emergency warrant, they should be used. I mean, in the case of *people*, the police could ignore it, the people could testify against the torturers anyway. The *police* testimony would be null and void, though, since they didn't have a warrant. If it's anything but people (call it Q), the police testimony that they saw Q would be inadmissable, and furthermore any Q the police take with them as evidence would be inadmissable, as they did not have a warrant for Q. (Unless they get the house owner to say "sure, come in and look for whatever you want".)

"On the other hand, since illegal immigrants and drugs seem to go together, since drug trafficking and immigrant trafficking is a similar thing (smuggling), I don't actually see a problem is searching for both at the same time. "
          They don't go together, the gov't has just found that if they have INS agents looking for drugs, etc. instead of immigrants, that they can use the laws in place giving INS much extra power to catch immigrants (roadblocks, searches, etc.) These powers are ONLY for border control, and it IS illegal to use it for anything else, but they don't care. They are NOT looking for drugs coming in from mexico, from what I've seen a LOT of these roadblocks are right in the middle of towns, just to catch locals with dimebags.

"I'm not saying they should be allowed to just randomly show up and search your house without giving a reason, by the way. "
          Yes you are. If people like you are OK with police and gov't breaking the law, you're OKing the police to do whatever they want. In the INS example above, bush-appointed officials have already said *anywhere* within 200 miles of a border can be searched by the INS at any time, so they ARE already extending their existing illegal activities into being allowed to just randomly show up and search your house without giving a reason.

Re:Right

[kraut]

If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

That's a hypothetical question. The cops would hardly raid Guantanamo for marijuana, would they now?

Re:Right

also they can't get a warrant based on what they saw while they were acting on an unrelated warrant.
 
so if they see bloody chains in the basement when searching for weed, they basically have to just let it go.

Re:Right

[Mister+Whirly]

It has little to do with "more stoners walking about" and a lot more to do with the millions of dollars that are generated by the sale of the drugs. The guards can make a tidy sum just for "looking the other way" a few times.

DWG

[XTrollX]

Drinking while gaming.

Re:DWG

[mcgrew]

DWG? No, I think more like DRM -- completely unfeasable and unworkable. It sounds like an idea from someone who knows absolutely nothing about computers.

They should never have called geeks "computer wizards", because non-geeks think computers are some kind of magic.

Re:DWG

[Beefaroni]

that helps my WOW game play

Re:DWG

They should never have called geeks "computer wizards", because non-geeks think computers are some kind of magic.

Any sufficiently advanced technology is indistinguishable from magic.
Arthur C. Clarke, "Profiles of The Future", 1961 (Clarke's third law)

Heck, anyone remember the glass eyed stares that "Pinball Wizards" used to get when they worked their "magic"? With some it doesn't take very advanced technology to leave them in the dark.

Wonder how those devices will read a non-Microsoft OS and file systems? Automatic positives?

But...

[Jonah+Bomber]

Won't that only work with alcohol cooled systems?

Re:But...

[Chris+Burke]

Won't that only work with alcohol cooled systems?

Yeah, but unless the alcohol cooled computer is driving a car, I don't see how that's illegal.

But seriously, people, don't let your PC drive under the influence. Yeah, yeah, it says that it's "overclocked' and much more efficient than when it's just running on water, but then it'll kill a little old C64 crossing the street and wind up in "Pound Me In the USB Port" Prison.

Re:But...

[NewWorldDan]

A better idea might be a breathalyzer/keyboard interlock. If it stops people from drunk posting to blogs, it might not be entirely a bad thing. Actually, I also know some people who should only be allowed to post under the influence. It could be a filter for twitter, only get updates depending on who is sober and who isn't.

Re:But...

[sexconker]

So did I.

Re:But...

[sexconker]

I've got a fetish for parallel ports myself.

Re:But...

[hansamurai]

I once had a bourbon cooled CPU. Then it overheated, because I drank it all.

Re:But...

[jackchance]

When i read the title, i actually thought they wanted to prevent people from using the internet while drunk.

Re:But...

Yeah, but unless the alcohol cooled computer is driving a car, I don't see how that's illegal.

Now I know why Microsoft's Auto PC project was scrapped.
Minimum hardware requirement...
alcohol cooled PC

Re:But...

[Chyeld]

Random factiod - standard USB and Mini-USB are designed to allow 500 insertion/removal cycles. Micro-USB however is designed for 10,000. I'm not sure which your machine should hope it has.

It may be in luck however, if it's equiped with "USB On The Go". This would allow it to switch roles of master and slave device on the fly as necessary.

Re:But...

[__aasqbs9791]

Yeah, I was thinking this could be a good thing, maybe it was just an expansion of Google's email beer goggles thing, but then I read a bit more and realized what they want is a hacker-in-a-box. Well, not really a hacker, but a data-forensics-specialist-in-a-box, but that doesn't roll off the tongue as nicely. The biggest problem I see with it is if they are running the software on the system, they can't prove the integrity of the system. Something like this needs to be duplicated with a write blocker first, and then run on the duplicate to insure they didn't add data to the system (not that that really proves anything since it isn't foolproof, but people like to pretend that it does.)

Re:But...

[Chris+Burke]

It may be in luck however, if it's equiped with "USB On The Go". This would allow it to switch roles of master and slave device on the fly as necessary.

Yeah well the 'as necessary' part might be the problem.

"Can I be the master now?"

"No, bitch!"

"*whimper*"

Re:But...

Won't that only work with alcohol cooled systems?

Yeah, but unless the alcohol cooled computer is driving a car, I don't see how that's illegal.

My computer's only three years old...

Re:But...

[badkarmadayaccount]

So it works only under Windows ME?

I have four words for them...

This should be entertaining.

crutch

[eleuthero]

This strikes me as a bad idea, not because it will not be extremely useful if they manage to implement it correctly but because there are always ways around any detection device. Once word gets out that the London police use this, they will end up having more crime, not less. There needs to be training for personnel involved in such raids--at least one per team (or however it works). This might be expensive, but it will yield better results in the long run--and you'd have someone with a conscience running the show rather than an arbitrary piece of hackable code.

Re:crutch

[FooAtWFU]

This strikes me as a bad idea, not because it will not be extremely useful if they manage to implement it correctly but because there are always ways around any detection device.

For instance: does it work with Linux?

Re:crutch

[netsharc]

"It looks like you are doing something illegal. Would you like me to record this information for the police? (Y/n)"

This is easy...

Surely RFC 3514 will make identifying the 'evil' computers very easy...

Good luck with that

[Foofoobar]

Steganography, encryption, log erasing, etc. There is no 'out of the box' solution. Every computer is going to require a computer forensics team to go over it unless the OS manufacturer builds in those tools. And you can guarantee that NO manufacturer wants people to know that anyone can just open up your system via a backdoor at anytime.

Re:Good luck with that

[Endo13]

Not to mention running programs from a flash drive so they never touch the hard drive at all.

Re:Good luck with that

[apoc.famine]

Heh....and I bet it won't work under linux....NOTHING works under linux....


*Disclaimer: Most everything on my linux box works.

Re:Good luck with that

[Foofoobar]

There is only so much you can do via a program forensically. And again, it's a case by case by 'computer case' basis. An unexperienced person can't just plug in a flash drive with some programs on them, let them run and get an 'all clean' and expect that to be good or get a false positive from a crappy automated script and expect to haul someone in.

Can you imagine how many people could get hauled in for false positives due to some badly written automated script rather than an intelligent user checking the system? How do you check for child porn, how do you check for drug activity? etc etc. Even if you choose to do very basic things like scan email, which email client are they using; Gmail, Outlook, Evolution, Pine??? Or would you be hacking their SMTP server?

It is all very subjective and differs from system to system, from crime to crime and from user proficiency level to user proficiency level.

Re:Good luck with that

Heh....and I bet it won't work under linux....NOTHING works under linux.... *Disclaimer: Most everything on my linux box works.

Ah but that's the beauty of it! If the program doesn't work, then it's obstruction of justice. Muahahaha!

Re:Good luck with that

Every computer is going to require a computer forensics team to go over it unless the OS manufacturer builds in those tools.

Oh, great, now you've done it....

Re:Good luck with that

[windex82]

I used to do a bit of work at the local police department. In my time I set them up a forensics station for PC's.

The most important part of the entire project was ensuring the data was not tampered with (or deleted on accident!) in order to actually use what was found for anything useful.

Wasn't a very hard project what we did was setup a PC with two removable bays and a write protect jumper and showed the officers which part needs to come out of PC brought in as evidence and how to put it into the removable caddy and launch the script that made an image of the drive. At no time while in police custody would the hard drive have power unless it was write protected, and was in an sealed evidence bag if not being used. Once the image was completed they would remove the original and do all the forensics on the copy, which got the same evidence bag treatment as the original.

Re:Good luck with that

unless the OS manufacturer builds in those tools.

Stop giving them ideas....

Re:Good luck with that

[hamstercups]

Actually, Microsoft did release a suite of tools very similar (Albeit lacking the 'magic' aspect of this man's request) a while ago called 'Cofee'. Excerpt from the Seattle Times: "The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer. It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.Full Article

Re:Good luck with that

[Calydor]

And you can guarantee that NO manufacturer wants people to know that anyone can just open up your system via a backdoor at anytime.

Well, it's working great for Microsoft, isn't it?

Re:Good luck with that

I'm sure Theo is putting that into OpenBSD as I type this thanks to your parent's post.

Re:Good luck with that

[scamper_22]

True, however the police are also claiming they lack the skills to properly investigate PCs.

I see potential:
Unionized government jobs for some IT people!
We just don't see the positives do we?

Re:Good luck with that

[Endo13]

I think you missed the point I was trying to make. One simple step to help hide your tracks is running your "illegal activity" programs from a flash drive instead of the hard drive. Flash drives are much easier to effectively dispose of than hard drives.

Re:Good luck with that

that is of course assuming that the electronics of the original harddrive havent been tampered with.

It might not be too hard to reprogram the harddrives firmware to only allow access to the boot sectors of the drive before being unlocking the rest via certain read sequence. (The sequence might be entered at boot time.)

But of course only the ultra paranoid would do such stuff.

Re:Good luck with that

[Jesus_666]

Steganography, encryption, log erasing, etc.

...Linux...

Seriously, any slightly-out-of-the-ordinary system will break this device. But then again they want this device to find evidence for things like "selling stolen goods" so I don't think their expectations are reasonable to begin with.

Don't quit your day job, detective superintendent

[konigstein]

Because it's painfully clear your don't understand computer forensics either.

Outlaw encryption

[TheMeuge]

The next inevitable step for the UK gov't will be to outlaw using encryption on personal computers, because it's "too hard" to break.

This isn't a slippery slope for the UK anymore, it's a landslide, rushing down the mountain, annihilating everything in its way.

Sad.

Re:Outlaw encryption

[rlp]

Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).

Re:Outlaw encryption

[orzetto]

What happens if you "forget" the key? Like this: "Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty." How can they prove you are lying, short of breaking the encryption and finding the evidence?

Re:Outlaw encryption

[Chris+Burke]

It's never too late for a revolution to get those rights...

Re:Outlaw encryption

[Still+an+AC]

This is exactly why you use something like TrueCrypt which will allow you to have two encrypted volumes in the same file. You give them the key to the volume that has your tax returns or something else you'd likely encrypt but isn't illegal.

Re:Outlaw encryption

[Xugumad]

Then it's a crime, and they can put you in jail.

There's a reason people hate that law.

Re:Outlaw encryption

[glacote02]

Plausibly deniable encryption tools are common place these days. E.g. Truecrypt, dm-crypt, etc.

Re:Outlaw encryption

[whoever57]

Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).

Has anyone challenged that law at the European Court of Human Rights? The same court that found that using statements made to the DTI under duress (threat of prosecution for not talking) at their trials breached the rights of the Guinness defendents?

Re:Outlaw encryption

[mdm-adph]

That's when the "rubber-hose" encryption-breaking procedures start.

(England prevails.)

Re:Outlaw encryption

[fluch]

Can one get busted for a non-existing encryption key? I have part of my encryptionkey on paper and if I ever have suspcicion that I would be forced to reveal it I'll burn or lose it. Then there exist nowhere in the universe a copy of the key (not even in my mind) and I won't be able to give the key even if asked...

Re:Outlaw encryption

[Constantine+XVI]

That scheme falls apart when the investigators know what TrueCrypt does.

"Give me your password. No, the one for the hidden volume."

Re:Outlaw encryption

[Strep]

Or just use steganography to hide all your "illegal" documents within your vacation pictures?

Re:Outlaw encryption

[jlarocco]

You're missing the point. It doesn't matter if you're lying. The point is that you're not turning over the keys, and not turning over the keys when requested is against the law.

Re:Outlaw encryption

[mlwmohawk]

You give them the key to the ..
  In the U.S.A. you don't have to give your keys. The 4th amendment is a wonderful thing.

Re:Outlaw encryption

[badfish99]

Assuming you are in the UK, then yes, you would go to jail for doing that. Even forgetting the key is illegal, so deliberately destroying it would probably get you an increased sentence.

Re:Outlaw encryption

[berend+botje]

With external drives the size of a calculator and even wireless NAS devices, you can store your sensitive data on a medium hidden somewhere in a brick wall or something.

If you aren't completely dumb, there are always ways to keep your data private.

Re:Outlaw encryption

Using TrueCrypt you can specify an Under Duress key that you can give to authorities that will appear for all practical purposes as a successful key and unlock the contents of garbage files.

Re:Outlaw encryption

GJ on failing to understand the premise behind steganography..

Re:Outlaw encryption

[SpottedKuh]

"Give me your password. No, the one for the hidden volume."

"There isn't a hidden volume."

Re:Outlaw encryption

Perjury...one of my favorite crimes.

Re:Outlaw encryption

[tylerni7]

This is why TrueCrypt (and other encryption programs) can make partitions that are indistinguishable from random data.

So basically, say oh that 2TB of disks? I accidentally typed in `cat /dev/urandom > /dev/md0` while logged in as root. There's no encrypted files there!
And (well if they are being legal and reasonable) there is no way to prove otherwise, and they can't legally hold you responsible.

Re:Outlaw encryption

In the UK you use multiple hidden volumes to provide plausible deniability.
In the US (well Cuba, if you want to be pedantic) they pump water into your stomach until you suffer brain damage from lack of oxygen, and maybe they will get you to reveal some of the hidden volumes in the process.
Tough choice.

Re:Outlaw encryption

[Butterspoon]

Assuming you are in the UK, then yes, you would go to jail for doing that. Even forgetting the key is illegal, so deliberately destroying it would probably get you an increased sentence.

No, genuinely forgetting a key is legal, but you have to convince the court that you really forgot it and aren't just saying so. (Could be tricky...)

Re:Outlaw encryption

[MaskedSlacker]

It's a 5th amendment protection actually. See http://yro.slashdot.org/article.pl?sid=07/12/15/1459243

Re:Outlaw encryption

[MaskedSlacker]

They cannot prove that a hidden volume even exists, that is the whole point.

Re:Outlaw encryption

[tylerni7]

Unfortunately, that is obstruction of justice.

If you were going to do something like that, you might as well just destroy your hard disks with thermite or something to ensure that no one can read them.

In either case you are destroying evidence that you know the police are looking for, so you'll still be in trouble.

Re:Outlaw encryption

There is no hidden volume. It's just unpartitioned random junk.

Re:Outlaw encryption

[mlwmohawk]

Good call, I remember that discussion.

Re:Outlaw encryption

[Petrushka]

"Give me your password. No, the one for the hidden volume."

"There isn't a hidden volume."

"Well we think there may be. So until you give us the password, we're putting you in preventive detention. Oh, and because this is preventive detention rather than a punitive sentence, you don't get to take this to court. Ever."

Yes, the UK police do use that kind of thinking. They don't need to prove, or even have evidence, that there's a hidden volume. Suspicion alone is enough. Against that kind of thinking I suspect TrueCrypt may be more a liability than a protection.

Re:Outlaw encryption

[gweihir]

Indeed. "What encryption keys? I just erased that disk with strong randomness." Incdidentially that is what I do for disks with sensitive information. I expect that the first time this defense is used in teh UK, the useless of this law will become obvious. It is fundamentally impossible to prove you just ounted a dm-crypt volume with a random key and then filled it with zeros (or weak randomness). In fact the procedure with the random key is generally recommended for encrypted swap....

Re:Outlaw encryption

[Petrushka]

They cannot prove that a hidden volume even exists, that is the whole point.

They don't need to prove it. In the UK at least.

Re:Outlaw encryption

Go directly to jail - 2 years if it is a normal case, 5 years if they suspect terrorism, oh and if they suspect child porn, then you are registered as a sex offender.

I wish this was a joke.

Great system isn't it.

Re:Outlaw encryption

[Chris+Burke]

They don't need to prove it. In the UK at least.

How does that work, exactly? They charge you with perjury or obstruction of justice or something for not providing the password to an encrypted file that they can't prove even exists? What if it doesn't exist? Or what if it exists, you give them the password, there's nothing illegal in it, so they ask for the password to the hidden-hidden volume? Is this a guaranteed way for them to put you in jail -- just keep asking for the passwords for successive hidden volumes until you can't because there aren't any more, then get you for not giving up the non-existent password?

Re:Outlaw encryption

[clone53421]

Ah, but you have TrueCrypt installed, so you must have been aware of those features! We'll be having that password now.

Re:Outlaw encryption

Well, the universe is a big place, I'd reckon copies of (parts of) your keys are there somewhere.

The exercise would then be finding them... :p

Re:Outlaw encryption

[clone53421]

You're lying. There's obviously a hidden volume or you wouldn't be using TrueCrypt.

Re:Outlaw encryption

[roc97007]

> Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).

Seems to me that steganography could come to the rescue here. Imagine an encrypted file which, when decrypted using one key, spits out the kind of stuff normal people want to keep encrypted -- personal information, their own credit cards, web passwords... what the police would expect from the keypass database of an upstanding citizen. But when decrypted using a different, perhaps much longer key, disgorges the real payload.

Or, I like the idea of the "fake" payload being a bunch of "Page 3" photos, to keep the officers distracted.

Re:Outlaw encryption

Know a guy who does that with records of his illicit business. And brags about seven layers of encryption or some such. I think it's hilarious. Anyone could put a keylogger on his system and he'd never know.

'Course, I guess if police want to bang down the door before doing some legwork, then he's alright.

Re:Outlaw encryption

[tylerni7]

Well, the idea isn't to just have all of your disk(s) encrypted, you should break it up a bit.

If you have 10, 1TB RAID arrays, and one of them happens to be a random mess, it's not going to hold up in any reasonable court of law that it is actually encrypted.
As for why you have TrueCrypt, well just encode confidential stuff like receipts from legal purchases and credit card records.

I actually have TrueCrypt installed and was planning on encrypting my main RAID array and never got around to it, but I did encrypt a 10GB partition to test it, and immediately forgot the key. Rather than fixing it (I'm not running out of space anytime soon, why bother?) I just wrote random bits to it for the hell of it.
Good luck finding the key for my 'secret partition'
(Yes that is a true story, although obviously you can't verify that)

Re:Outlaw encryption

I actually know someone at the University of Washington that said he was working with a group of researchers to show that those hidden partitions could be detected. His explanation was technical and I don't think they've released anything yet, but keep an eye out.

Re:Outlaw encryption

[clone53421]

Yes, the UK police do use that kind of thinking. They don't need to prove, or even have evidence, that there's a hidden volume. Suspicion alone is enough. Against that kind of thinking I suspect TrueCrypt may be more a liability than a protection.

Well, unless there really is a hidden volume and you finally give them the password after enough coercion. Then you've come out about even to what you'd have had anyway. On the other hand, the person who has nothing to hide will be too scared of getting waterboarded to actually play with TrueCrypt, so merely having it installed will be sufficient evidence of wrongdoing.

Re:Outlaw encryption

[Zerth]

That'd be obstruction. You are much better off making your passphrase something like "I'd love to tell you, but I don't know it".

Then you can truthfully answer their request for your passphrase and probably still be safe.

Re:Outlaw encryption

[clone53421]

In that case, I guess it'd be a really bad idea to install TrueCrypt unless you really do have something to hide. Wait, you have TrueCrypt installed?

Now, a clever man would have known it'd be stupid to install it if you have nothing to hide, because only a great fool would install it without having anything to hide! However, I am not a great fool, so I can clearly know that you're hiding something! But you must have known that I was not a great fool, in fact, you would have counted on it, so you clearly must be hiding something! Now tell us the password!

Re:Outlaw encryption

[clone53421]

Eh? You should uninstall it just in case they come looking for you...

I'm kidding, sort of.

Re:Outlaw encryption

[rnelsonee]

Well, they do. Remember the hidden volume is an option. Some TrueCrypt volumes have hidden volumes, some don't. You can't demand the password for a volume that doesn't exist (well, you can ask for it all you want, but the judge will be made aware of the fact that it may not exist). It's like the prosecution demanding where the body is from someone who never committed murder. 5th amendment or not, they're not getting the location of a dead body.

You can only prove the existence of a hidden volume by tracking the contents of the drive over a period of time to see if the last 'half' of the volume changes its bits.

Re:Outlaw encryption

[init100]

What happens if you "forget" the key?

Or never knew it at all. I recently read that with SSL, you can use temporary anonymous keys for encryption, using the Diffie-Hellman key exchange, while using a normal RSA certificate for authentication. The user never knows the encryption key, so anonymous DH provides perfect forward secrecy, i.e. even if someone recorded all your encrypted traffic and later got access to your permanent key (e.g. by rubberhose cryptanalysis), they would be unable to recover the plaintext of the recorded traffic.

How can you be expected to hand over something you never had in the first place.

Re:Outlaw encryption

One technique that can be get the key for a hidden volume from someone was just the straight up browbeat method. Tell the person that you found traces of the hidden volume in the Registry of their machine (even when you don't have a single thing, truth be told), and he better give you the passphrase, or enjoy 2-5 years in the gaol.

They will cough it up. Its a basic interrogation technique -- say you know they have it, and you have proof, and let the prisoner sing to your recorder.

Re:Outlaw encryption

[insane_coder]

That's one of pros of TrueCrypt, you can hand over the password, and they still won't be able to access the encrypted data. TrueCrypt allows you to make it that different passwords decrypt different parts of the encrypted partition, and there is no way to know if there's more than one part.

Re:Outlaw encryption

Cops being allowed to lie during interrogations is crazy. Some people will confess to a crime they didn't commit if you tell them you found their DNA on the crime-scene, reasoning they must have comitted it even though they can't remember it. After all, the DNA proves they were there, doesn't it?

Re:Outlaw encryption

[kosmos000001]

In the UK under the RIPA legislation the government have the right to demand an encryption key and under the RIPA you have to hand it over, or prove that you never had the key in the first place.

Failure to prove your innocence can result in an immediate jail term. Additionally once you have been instructed to hand over a key, you are placed under a gag order that prohibits you from telling anyone except your lawyer. the RIPA is an absolute travesty of justice that reverses burden of proof doctrine.

Re:Outlaw encryption

[Renraku]

They throw you in jail for obstruction of justice and assume that you're guilty of whatever they can dream up. This is Britain, you know.

The place where losing the key to your safe gets you thrown in jail if the police want inside, even after they've cracked it open and found it empty.

Re:Outlaw encryption

[hairykrishna]

Doesn't matter. Not providing the key is an offense, regardless of reason. You go to jail.

Re:Outlaw encryption

[Fred+Ferrigno]

The feature works by embedding an encrypted partition inside another encrypted partition. You put mildly sensitive data (porn, taxes) in the outer partition and the really important stuff in the hidden partition. That way, you have a plausible explanation for why you installed TrueCrypt if you're forced to give up the key. There's no way for them to prove that you used TrueCrypt for anything more than that.

Re:Outlaw encryption

[Constantine+XVI]

The fact you've used TrueCrypt would be enough to convince the authorities that you might have a hidden volume, as that's TrueCrypt's defining feature. And they wouldn't have a problem convincing your average (technically-inept) judge of this.

Re:Outlaw encryption

[skegg]

How can they prove you are lying

easy

Re:Outlaw encryption

In a sane world that would be right, but they'd just assume one does exist and try to force you to give them the keys anyway even if it doesn't exist.
So you're pretty much screwed, welcome to the 21st century judicial system.

Re:Outlaw encryption

[Spad]

Unfortunately, the burden of proof in this instance falls on the defendant. You have to convince them that you genuinely do not know the encryption keys, otherwise you can still find yourself doing 2 years in prison for failing to hand them over.

Re:Outlaw encryption

[meringuoid]

That scheme falls apart when the investigators know what TrueCrypt does.

"Give me your password. No, the one for the hidden volume."

Any TrueCrypt volume can contain a hidden volume. Even if that volume is itself a hidden volume. Think Russian dolls: it's hidden volumes all the way down.

So: in the first layer, it's your accounts. Financial spreadsheets. Reasonable stuff to keep encrypted. Second layer, lawful but exotically kinky and very embarrassing porn. Reasonable stuff to keep both encrypted and hidden. Third layer, terrorism plans.

As long as the existence of a hidden volume is truly impossible to prove, then you're safe. The police might insist that there must be a hidden volume because it's the unique selling point of TrueCrypt - and so you give them one. But you can deny them the third layer, and 'We didn't find the evidence we wanted, so he MUST be hiding it somewhere, so find him guilty' doesn't usually work very well in court.

Re:Outlaw encryption

[MaskedSlacker]

Moral of the story: Know more about what you're talking about than they do. It's not hard.

Also, know for a fact that they lie in interrogations and say nothing without an attorney. Not hard. Now if you're in country where you don't have the right, then just keep your mouth shut. Falling for obvious social engineering tricks is your own damn fault.

Re:Outlaw encryption

[Nursie]

I don't know, but in the UK we have had people held for "forgetting".

It's a terrible law, like many others.

Re:Outlaw encryption

[VShael]

What happens if you "forget" the key? Like this: "Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty." How can they prove you are lying, short of breaking the encryption and finding the evidence?

You'll like this. They assume you're lying. Guilty until proven innocent.

It's a complete travesty of justice, and was highlighted by the comedian/activist Mark Thomas when it first became law. He had this idea that people should get illegal porn, encrypt it, send it to Jack Straw M.P. (one of the architects of the law, I believe) and then report him to the police, that he had illegal porn in his possession. The M.P. of course would not know the password of any encrypted data in his possession, and might then realise the stupidity of the law.

Didn't work. The law stands.

Re:Outlaw encryption

Your honour, I once experimented with encryption, but could not understand how it worked.

A lot simpler is plausible deniability. "Oh, the password is 'omgyoullneverguessthispass'. Feel free to browse around those files." They could argue that you've got a hidden encrypted volume, but that's for them to prove at that point.

Re:Outlaw encryption

Can you prove that it doesn't?
 
THAT is the point.

Re:Outlaw encryption

[hacker]

For how long? A year? 5 years?

I'd much rather go to prison, than reduce the collective privacy of millions of other people from that point forward into the future, and strip the whole country down to a point where we were 200+ years ago. Our founding fathers DIED to provide us the rights we're so willing to just give away now, in exchange for a little less "involvement".

But I've already mentioned this before, 3 years ago.

Re:Outlaw encryption

[hacker]

"There's no way for them to prove that you used TrueCrypt for anything more than that."

Unless of course you use Truecrypt on Linux, Windows or Mac.

Each of these systems DOES peek into the encrypted container and proves its existence by default, unless you specifically take very detailed steps to prevent it, and it isn't obvious on those systems for those users, what to do to disable that vulnerability. Disabling updatedb, Tomboy, Finder, Google Desktop, Windows Desktop Search, Indexing Service and so on.

Once you do this, it also requires that you encrypt and securely wipe swap at startup and shutdown, as well as fill and purge your MFT (Windows), etc. Any search or find(1) operation that queries anything inside your hidden volume or swaps to disk or pages to the swap file, will expose your encrypted volume. It's not as straightforward as installing Truecrypt and setting up the secondary encrypted volume.

Most people who use the secondary container in Truecrypt, do not do this, and mistakenly believe they are "safe".

They aren't.

Re:Outlaw encryption

[hacker]

"Then it's a crime, and they can put you in jail."

So they put me in jail, and everyone gets to retain their freedoms.

Isn't that what this is all about? If I hand over my keys, I have been complicit with an unjust law, the law gains strength, and the collective masses are further suppressed and lose more of their freedoms. Maybe if 100,000 people just decided to say "No!", they'd revisit the law, or maybe not... they'd just have to build more prisons to hold 100,000 people, maybe 1M people, maybe 30M people. Where does it end?

Our founding fathers (granted, dissidents from the UK) fought for and died for the rights we're so willing to give away in today's society. Just say "No!" and be done with it. If you go to jail, know you went for a cause that was right and just and that you're saving the freedoms of people who will come after you.

Re:Outlaw encryption

[hacker]

"TrueCrypt allows you to make it that different passwords decrypt different parts of the encrypted partition, and there is no way to know if there's more than one part."

You are 100% incorrect on this point, and this is a major misconception of Truecrypt's encrypted volumes or "plausible deniability" feature.

Your secondary, encrypted volume is visible and its existence exposed if you are using Truecrypt on Linux, Windows or Mac.

Each of these systems DOES peek into the encrypted container and proves its existence by default, unless you specifically take very detailed steps to prevent it, and it isn't obvious on those systems for those users, what to do to disable that vulnerability. Disabling updatedb, Tomboy, Finder, Google Desktop, Windows Desktop Search, Indexing Service and so on.

Once you do this, it also requires that you encrypt and securely wipe swap at startup and shutdown, as well as fill and purge your MFT (Windows), etc. Any search or find(1) operation that queries anything inside your hidden volume or swaps to disk or pages to the swap file, will expose your encrypted volume. It's not as straightforward as installing Truecrypt and setting up the secondary encrypted volume.

Most people who use the secondary container in Truecrypt, do not do this, and mistakenly believe they are "safe".

They aren't.

Re:Outlaw encryption

[JeanCroix]

Once all the firearms are out of civilian hands, it may indeed be too late for a revolution to regain lost rights. Or even those rights one never had to begin with.

Re:Outlaw encryption

[Fred+Ferrigno]

My understanding (I don't actually use TrueCrypt) is that you install an OS to the hidden partition and only ever access the partition through that OS. That way everything the OS does is encrypted and hidden too.

Re:Outlaw encryption

[Cederic]

it's not going to hold up in any reasonable court of law that it is actually encrypted.

It doesn't have to. Welcome to the RIP Act.

Good luck finding the key for my 'secret partition'

Sadly you've just admitted you have one. You claim it is no longer in a retrievable state, and that you've forgotten the password. We think you're just trying to hide your cache of illegal material. Hand over the key or go to prison for 2 years.

(Welcome to the RIP Act)

Re:Outlaw encryption

[Cederic]

To be fair, burning the paper with the key on it is just Obstruction of Justice with an outside chance of Arson.

Burning the disks with thermite leaves you open to various explosives laws and anti-terror laws. Instead of a couple of months to five years for burning the paper you're in for 12-20.

Re:Outlaw encryption

[Cederic]

Is this a guaranteed way for them to put you in jail

Yes.

And no, we're not fucking happy about it.

Re:Outlaw encryption

[AK+Marc]

They don't need to prove it. In the UK at least.

I thought to ask for an encryption password, there must be something that's encrypted. If there's nothing encrypted, then you don't need to provide it. If they can't show that there's something there, then they can't ask you to provide the key for it. From what I've seen, even in the UK, they at least have to identify that which they are asking for.

Re:Outlaw encryption

Yeah, it's a fucking horrible law. The way it's worded is that it's an offence to not provide the decryption key to something the police believe is encrypted. Obviously this can be invoked on any semi-random looking bit of your disk.

The one ray of hope is that this utterly fascist bit of the law probably isn't legal under the European Convention on Human Rights (iirc). A while ago there was an animal rights activist who claimed to have forgotten their password, and it was never used ... they don't want a test case.

Re:Outlaw encryption

[Chris+Burke]

Dear God. You know, we have plenty of problems over on this side of the pond, but damn am I glad that we revolted when we had the chance.

Re:Outlaw encryption

[harry666t]

Is it possible to somehow recursively hide another volume in a hidden volume? It'd be cool to have N volumes, with only N-M volumes "officially existing".

Re:Outlaw encryption

THis only ensures that anybody using it is guaranteedly screwed.

Re:Outlaw encryption

[Hans+T.+Reiser]

Can TrueCrypt recursively hide volumes?

Re:Outlaw encryption

[insane_coder]

Those indexing programs are only a problem IFF they're running while the encrypted partition is mounted. Hopefully those who use encryption are smart enough to realize that.
Your swap problem also only applies to the olden days. Now that we have machines with 16GB of RAM, who still uses swap?
Truecrypt does protect you, it's your own stupidity that would void that protection.
I personally have the updatedb script ignore all partitions under /mnt/special/

Re:Outlaw encryption

[hacker]

"Your swap problem also only applies to the olden days. Now that we have machines with 16GB of RAM, who still uses swap?"

Who still uses swap? Those who don't want to grind their machine to a halt when building large projects like gcc, boost, RogueWave and so on. I can take that 16GB-no-swap machine and get it to seize up very quickly, running it out of physical RAM during a parallelized build of any of those projects. Add just 1MB of swap and that problem goes away (though the machine will obviously perform poorly with so few pages available to swap to disk).

The "I have lots of RAM, I don't need swap" myth is still running strong I see. You NEED swap, no matter how much RAM you have.

Re:Outlaw encryption

[insane_coder]

If you were using 4GB of RAM and 4GB of swap, and replace it with only 8GB of RAM, you wouldn't run into any memory issues that you didn't have with the former setup to begin with. Swap doesn't magically work better than actual RAM. Of course adding swap over RAM gives you more capabilities, however, it's hardly a requirement with enough RAM.

Re:Outlaw encryption

[hacker]

100% absolutely incorrect. This is a very common myth.

What happens when you're going a compilation that fills all 8gb of RAM, with no ability to swap a single page of RAM to disk? You seize the system up. Try it, it's very-well documented all over the web. Google it. I've personally done it, as have hundreds of other people.

Whew!

[DarthVain]

and here I thought they wanted to outlaw drinking and gaming! Might make my ET and WOW teams a bit more happy I suppose...

Re:Whew!

[Culture20]

and here I thought they wanted to outlaw drinking and gaming! Might make my ET and WOW teams a bit more happy I suppose...

Playing ET while drunk is a novel approach. Let us know if it's any more fun.

Re:Whew!

I thought they were trying to stop drunk people posting on slashdot (and other blogs)
Is it a crime in the UK to be intoxicated while on the Internet?

Re:Whew!

[__aasqbs9791]

It's not. But if you drink enough you may be lucky enough to black out and not remember playing that game. I wasn't that lucky and just forgot everything else I did besides playing that game, but I repressed those memories until you brought them up. So I'm going to hang myself now, thank you very much!

Well then?

[hobotron]

How the hell will I post to /. drunk?

Re:Well then?

[BSAtHome]

How the hell will I post to /. drunk?

I think you were successful...

Porn-Finder 5000

[Itninja]

So basically they want a kiddie porn detector? Because that's the only think I can think that could be on someones computer that would allow a cop to 'bring them in' on the spot. Brings a whole new definition to 'man in the middle attack'.

Yeah, right...

[Drakkenmensch]

Combine this with a remote access software, and you don't even need to enter a person's home to scan their PC for files anymore. Forget all this pesky due process for warrants and investigation, we can now scan tens of thousands of computers every day and just fish idly for perps. All done without even needing to look at your screen while the software does the dirty work for you.

Re:Yeah, right...

[rhsanborn]

But since all of our political leaders and the people who work for them are right, good and upstanding people, and since you, good citizen, have nothing to hide or be ashamed of, this shouldn't be a problem, right?

Re:Yeah, right...

[Drakkenmensch]

Of course, the same argument could be made to just install security cameras in every public place, as well as every room of every house and record everything round the clock. Time sure flies, is it 1984 already?

Re:Yeah, right...

[rhsanborn]

I take a little bit of heart when people like Blagojevich get caught and I can point at him and say, "Look, we have crooks in high offices of our government, THAT is why you should be wary of government." and then the inevitable response is "terrorism, child sex trade, violent video games" and the sheep fall back in line.

Re:Yeah, right...

[kabocox]

Combine this with a remote access software, and you don't even need to enter a person's home to scan their PC for files anymore. Forget all this pesky due process for warrants and investigation, we can now scan tens of thousands of computers every day and just fish idly for perps. All done without even needing to look at your screen while the software does the dirty work for you.

This is kinda why I don't run apps like google desktop search or MS desktop search. Other than they just slow my computer down for no useful return for me.

Re:Yeah, right...

[harry666t]

This is actually what police wants to be able to do in Poland (my home country).

One more reason to move out of there.

Just dunno where to, coz the rest of the world seems to catch up in terms of fuckedness...

UK up in arms.

1) Hide a remotely detonatable explosive device in your computer
2) Write a script to automatically crawl 4chan's /b/
3) Be somewhere else when the party van arrives
4) KABOOM!
5) Nelson from the Simpsons would then usually say "ha-ha!" but he's locked up on child porn charges because he posted his own nudes on the internet.

Re:UK up in arms.

[X0563511]

3) Be somewhere else when the party van arrives

I love it! You owe me a keyboard!

Re:UK up in arms.

[Chris+Burke]

Important note: Do NOT skip step 3!

Re:UK up in arms.

[ubercam]

You forgot

6) ...
7) Profit!

Detective Superintendent Clouseau that is ....

[unity100]

because noone other than him would be able to think that such a device would ever be possible. i want one, when they make it, in 5000 years in the future, in the alternate dimension that he lives in.

So GPO - Autorun = Disable

[Uchiha]

As much as I am all for bringing the hammer down on child porn bastards, I would be a lot more interested in knowing what kind of "illegal" activity they are looking for.

I'd rather not support the RIAA when they do a find for limewire.exe.

Re:So GPO - Autorun = Disable

[blueg3]

My only experience is with US law enforcement, and they don't give two shits about copyright violation (which is almost exclusively civil, and not criminal).

Re:So GPO - Autorun = Disable

Heck, they don't even care about actual theft.

Re:So GPO - Autorun = Disable

[Uchiha]

Right, but I wouldn't put it past the RIAA to try to get on this type of search and try to word it as their RIGHT to be on the search.

Re:So GPO - Autorun = Disable

[blueg3]

They might be able to, too, if they were willing to fund development of a significant part of this tool. ("Please contact the RIAA if the illegally-shared-music filter matches so we can prosecute the individual.") Their network-based approach is more effective for the cases they're interested in, though, and they're failing pretty hard at that.

They're Finally Going to do Something about Spam?

Thank God - Cops will finally be raiding our homes, plugging a techno-amazo gadget into our computers to grab copies of all of the illegal email that violates the CAN-SPAM act on our computers and using it to go after those damned spammers. It's about time!

Seriously though, what's up with their priorities? Spam, from phishing to C14Li5 to 419 scams costs society more money than all other computer crime put together. It's not like they have to look very hard to get any evidence.

they also want

[Mr.+Slippery]

Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers

Top brass also wants a date with Scarlett Johansson. And a pony for each officer on the force.

I figure the odds are about the same for each.

Re:they also want

Top brass also wants a date with Scarlett Johansson. And a pony for each officer on the force.

If they wanted a pony, they should have joined the Royal Canadian Mounted Police.

Re:they also want

http://sc.tri-bit.com/images/2/23/pony.jpg

Not too hard to guard against this breathalyzer

[bensafrickingenius]

Just do all your bad stuff on a virtual machine stored on a USB key.

Re:Not too hard to guard against this breathalyzer

[X0563511]

Usually, only the stupid ones get caught. Knowing to do what you have suggested, moves one out of the realm of stupid.

Re:Not too hard to guard against this breathalyzer

[berend+botje]

Or use your normal mundane desktop to remote into your off-shore server that noone knows about.

Just saying...

I can see

[zehaeva]

There is going to be a large amount of demand for "Computer Forensics Specialist" in the near future. Too bad the majority of them are going to go to devry thinking they're going to learn everything they need to.

Dumbest. Idea. Ever.

[orzetto]

What next, a breathalyser for paedophiles? Murderers? Terrorists? Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile? Any criminal worth spending this project's money on is savvy enough to fully encrypt his hard disk. If they are so dumb not to encrypt compromising data, any cop with a few hours of training could find it. So what is this project really aiming at?

Re:Dumbest. Idea. Ever.

[Strep]

Because it's cheaper to just makes laws like these. There's no need for any government to be intelligent when it can just be more forceful.

Re:Dumbest. Idea. Ever.

[Qzukk]

Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile?

Because the "top brass"'s nephew only sells USB trinkets, not training for specialists.

Re:Dumbest. Idea. Ever.

[bored_engineer]

What next, a breathalyser for paedophiles?

Yep.

Re:Dumbest. Idea. Ever.

[jollyreaper]

What next, a breathalyser for paedophiles?

Ew! I don't even want to know how that would work-- just ew!

Re:Dumbest. Idea. Ever.

[Mab_Mass]

I hardly see why this is a tough idea or a difficult challenge.

Yes, everyone, we all know that coming with one method that can be guaranteed to find ALL crime is a ridiculous idea. And yes, if the incriminating data is all encrypted, they're screwed. That doesn't mean that the request is unreasonable or that it is impossible to make something to help.

What they are asking for, though, is something to make it simple for an average cop with little computer training to assess the contents of a computer to see if there is incriminating evidence. Naturally, the specifics on what this tool will do depends on what crime they are looking for, but I could easily imagine that software packages tailored for specific questions could be pre-installed on USB thumb drives or CDs, allowing the cops to plug them into the computer and run quick scans.

Looking for credit card fraud? Look through through files accessed recently for long lists of numbers that seem credit card numbers.

Looking for kiddie porn? Find all image files, do some quick image processing to reject a lot of images, then display the rest on screen as thumbnails that can be easily scrolled through.

Will these tools find evidence for the super computer-savy experts with all their data encrypted on thumb drives hidden in the floorboards? No, of course not. Will these tools make mistakes? Definitely. Could it still be a very valuable tool to help the cops decide whether to confiscate the computers and help them make more intelligent decisions? Absolutely.

Re:Dumbest. Idea. Ever.

[kabocox]

So what is this project really aiming at?

Do you really want to know? Think about what breathalyzers do. They are used by the cops to get a number off you. That number has been used by law makers and such that anything above a number is instant DWI, anything between some numbers is up to the cop, and anything below a certain number the cops just let you go because they know that they it's too low to make get through a court.

That's what this person wants. A black box that any idiot cop can use on a computer and return a score that they can use like a blood alcohol level. That magic number would be used in jury trials and what not instead of showing you know the actual evidence that they are required to produce now. Jury this guy has a computer with a .10 porn level, .02 child porn level, .01 drug level, .01 credit card fraud level, .02 hacking index, .3 pirated software level, and .5 unlicensed media content level.

It's to reduce things down to a few numbers produced by a tool that the defendant can't argue with.

Re:Dumbest. Idea. Ever.

[shutdown+-p+now]

What next, a breathalyser for paedophiles? Murderers? Terrorists?

Sure. They could even use the patented, proven technology for that!

Probable Cause

[MaverickMila]

Seems to me this would bring up all problems about probable cause. Just because there is a computer doesn't necessarily mean it's been used for anything illegal, and can't be investigated because of that. It's kind of like, if the cops have a warrant to search for marijuana, and they find a gun, they can't take the gun in as evidence and run it and find that it's the murder weapon in something unrelated. Their warrant is for the marijuana, and just because they find a gun doesn't mean it's anything sinister.

Re:Probable Cause

[DaveV1.0]

Three things:
1) Plain sight rule. If there is something incriminating on the screen, then the evidence is admissible.
2) A warrant can include a search of the computer.
3) If the person is suspected of using the computer to commit a crime, such as luring a child or sending threatening emails as harassment, then the police have probable cause.

Re:Probable Cause

[jimicus]

Seems to me this would bring up all problems about probable cause. Just because there is a computer doesn't necessarily mean it's been used for anything illegal, and can't be investigated because of that. It's kind of like, if the cops have a warrant to search for marijuana, and they find a gun, they can't take the gun in as evidence and run it and find that it's the murder weapon in something unrelated. Their warrant is for the marijuana, and just because they find a gun doesn't mean it's anything sinister.

Had you read the first word in the headline ("UK"), and had you a single iota of knowledge about the UK, you'd know that handguns are illegal and other guns are meant to be kept in a locked cabinet when not in use.

In which case, finding a gun almost certainly is evidence of something sinister.

Re:Probable Cause

[blueg3]

In the US, in order for them to use such a device, they would need a search warrant covering the computer being searched.

Re:Probable Cause

[Scannerman]

I think people misunderstand the nature of law enforcement in the UK (and elsewhere)

1) we have LOTS of laws
2) Every one is guilty of something
3) The police know that you are guilty
4) At the moment they have to specify what of.

The primary strategy is to try and remove requirement ( 4) but an automated identification of your special crime would be a big help.

Hummm

Scary... They get a warrant for your place, find nothing, point and click in your PC's direction and try and claim eventual discovery.... In other words, won't matter why they came in, you Internet Cache will be used as a noose. Niiiice.

Interpretation

[Capt+James+McCarthy]

It costs too much money for the Police to pay quality IT Forensics folks. The police want a simple green, yellow, or red light that the police can follow, that is closed source and has it's AI written by policy makers to decide what is legal or questionable.

Re:Interpretation

The police want a simple green, yellow, or red light that the police can follow, that is closed source and has it's AI written by policy makers to decide what is legal or questionable.

closed source?

then i got one for you:
#!/bin/bash
echo "0 - clear"
echo "1 - possible infraction"
echo "2 - t3rr0r1st!!11"
echo test result: $(($RANDOM % 3))

seriously, if it's closed, and it appens, can i ask damages or something?

Re:Interpretation

[scot4875]

I'll take a stab at the AI that could be used to drive this thing...

enum GuiltLevel {
          Innocent,
          MaybeGuilty,
          ProbablyGuilty,
          Guilty
}

GuiltLevel DetermineGuiltLevelAI()
{ /* insert code to spin the hard disk and
                peg the processor for a few minutes */
          return GuiltLevel.ProbablyGuilty;
}

--Jeremy

Re:Interpretation

[computational+super]

Jesus was a liberal

For his time, maybe - or at the very least, a radical. I don't think he was a big fan of, say, gay marriage, or forced wealth redistribution (he guided his followers to be charitable to their fellow human beings - but he never supported the government stepping in and forcing them to do so). He definitely wasn't "pro-choice".

Re:Interpretation

[the_womble]

forced wealth redistribution (he guided his followers to be charitable to their fellow human beings - but he never supported the government stepping in and forcing them to do so)

He did not exactly think much of the government - or them of him.

He also had very harsh things to say about the rich - "it is easier for a camel to pass through the eye of the needle, than for a rich man to enter heaven". He was never that harsh about any other group of people - he was criticised for having too much contact with other people who were considered bad by society. Both sides of that are still prettly radical.

The Truth

[JackassJedi]

The scary thing about this is that it doesn't matter if it works right, it just matters if it gets certified and approved for use as that what it claims it is. And that could just happen.

Confiscate?

When the article says "the majority of cops don't have the skills to forensically analyse a computer"

I always just assumed that was the reason the cops always confiscate the entire computer and bring it it to the station when they're doing a raid, as opposed to checking it out in place.

Re:Confiscate?

[fishbowl]

It was really enlightening for me when my camera was stolen, then recovered. The police, after receiving my permission to do so, thoroughly analyzed the pictures the (really stupid) thieves took of them committing other crimes, and the one I had direct contact with explained how they adjusted the incorrect timestamps from the pictures according to the incorrect time of the camera's clock (not rocket science, I know, but pretty decent deductive reasoning for a cop :-)

They correlated the corrected timestamps of the pictures with burglary reports, and they also went to the places in the pictures to inform victims who didn't yet know they had been robbed.

But what really impressed me about this was that they requested permission before searching my camera (especially since I was the victim and not a suspect.)

Re:Confiscate?

[clone53421]

they adjusted the incorrect timestamps from the pictures according to the incorrect time of the camera's clock (not rocket science, I know, but pretty decent deductive reasoning for a cop :-)

I once did that to synch a bunch of pictures taken on two separate cameras. One of the cameras had the wrong date, so they didn't sort by Date-Modified. I wrote a .hta that read the files' Date-Modified attribute, offset it by a defined value, and prefixed the filename with the correct date/timestamp so they sorted alphabetically into chronological order.

Guess how I got the correct time offset? Took a digital picture of time.gov and made the timestamp match the picture... ;)

Sematic web ... for kiddy porn

[SpuriousLogic]

Maybe all the criminals can just meta-tag all the data so the cops have an easier time. Finally the semantic web would come alive, all for helping kiddy porn criminals bust themselves.
Seriously though, law enforcement needs more tech in their ranks. Just the idea of a simple turn key plugin to pull all illegal data because of the cops lack of tech knowledge shows just how badly they misunderstand tech in the first place. If it was this easy to pull data form a mass of disorganized crap, which is probably encrypted, then scientists would already be doing it on complex data sets and no one would encrypt anything because it would be easy to decrypt. This is just the kind of junk politicians vote for, because they know even less.

Re:Sematic web ... for kiddy porn

[Drakkenmensch]

Maybe all the criminals can just meta-tag all the data so the cops have an easier time. Finally the semantic web would come alive, all for helping kiddy porn criminals bust themselves.

Just watch how non-criminal citizens who have a deep-seated hate for anything that robs them of their privacy start to meta-tag EVERY file they have with criminal-positive tags until the ENTIRE web gives massive, constant and useless false positive readings and the tool simply becomes worthless!

Why do cops always want an easy job?

[causality]

I really think this is the same mentality that eventually comes to see individual rights and due process as pesky "inefficiencies" that only interfere with "real police work". They seriously need to tell new police recruits that their job is not easy and is not supposed to be easy. If any of them don't like that they should also be told where the exits are.

I think this is another example of relatively well-meaning people who fail to comprehend how dangerous their intentions are because they don't think them through. Let's say there is a device that can be plugged into a PC (maybe the USB port?) and almost instantly tell you whether it has illegal content with no need for expert analysis. Yeah I know that I should also posit the existence of the tooth fairy but bear with me. Who makes this device? How trustworthy are they? Do competitors or other rivals oddly happen to have a higher percentage of "illegal" PCs? Is the device a black box or can the average person examine and scrutinize it? If the cops already don't have the staff or the expertise to perform forensic analysis on PCs, what's our guarantee that they will correctly use this device or that they can offer any sort of assurance that the way it is used won't violate anyone's civil rights? What's to prevent criminals from obtaining one (by whatever means) and making sure that their illegal data isn't where this thing is looking? If I can think of this in a few minutes, WTF are these people smoking that they consider this a serious proposal? Or do they simply not care about these concerns?

You know what you'll probably never see? The police "top brass" asking for a device to help make sure that their officers don't violate anyone's civil rights and that they follow all the laws concerning due process.

Re:Why do cops always want an easy job?

[Dolohov]

Everyone wants an easy job, cops are no exception.

Re:Why do cops always want an easy job?

You know what you'll probably never see? The police "top brass" asking for a device to help make sure that their officers don't violate anyone's civil rights and that they follow all the laws concerning due process.

 
  Thank You, Finnaly someone said it.

Re:Why do cops always want an easy job?

Everyone wants an easy job with less work to do, why does it offend you so much that cops want the same? When you compile code and there's a problem, do you get angry when it tells you what went wrong instead of just spitting out a generic "error" message? I honestly don't get what your supposed point is.

Perfect counter to that

[jollyreaper]

I'll just use a hot glue gun to seal up all of my usb ports and use ps/2 connectors for mouse and keyboard.

fuzz: HOLY SHIT! THIS GUY MUST BE SOME SORT OF UBER_HACKER!!!

me: Too fucking right. Now you piggies hurry on back to the donut shop or I'll make your cruiser drive you down to the gay district on autopilot with YMCA blaring from the radio. (holds hands up over head, makes "whoooooooooing" scary sound, wiggles fingers menacingly)

fuzz: BETTER TAKE HIM SERIOUSLY! HE COULD DO IT!!

me: Heh. Wankers.

Re:Perfect counter to that

Or just don't have USB ports. Also, doesn't any hardware need software to run, especially something as intricate as this? What, would they make it mandatory for every computer to have USB ports and drivers for their privacy invasion dongle?

Re:Perfect counter to that

[Chris+Burke]

Yeah, I'm not so sure I'd call a counter "perfect" when it inevitably ends with a billy club up your arse.

I mean, unless that's the goal. Then by all means, thwart, threaten, and call the police "piggies". You might even be able to sue the PD for the medical expenses of sewing your bung hole back together.

Re:Perfect counter to that

[deepershade]

In a previous job we used to change the usb plugs (male and female) for com ports (For TEMPEST compliancy). You're average cop isn't going to know what the hell it is. Probably think it's for a second monitor or something.

Re:Perfect counter to that

[Doug+Neal]

1. Find out the vendor and device IDs of the USB devices (can't be too hard, probably will show up on Wikileaks soon enough)

2. Modify the USB ports with an extra, switch-on-offabble connection to the PSU (some USB devices are pretty power hungry these days)

3. Write a "driver" for the police dongle that makes use of this extra functionality

Or...

3. Write a "driver" for the police dongle that uploads child porn to it, but makes it register a clean scan. Then when they take it back with them it downloads the child porn back on to their PCs.

4. ...

5. Profit!!! (a good laugh counts as profit)

Re:Perfect counter to that

Luckily you can just disable "autostart" or glue down your shift key to thwart them :)

The real danger comes from the Firewire and PC-Card (PCMCIA) ports. Firewire gives full direct memory access to any attached device, essentially giving root access. I have seen such devices in use!

The PC-Card slot is usually set up to automatically accept any inserted card, such as a Firewire card. Thus, to be safe you need to disable the Firewire and PC-Card slots in the Device Manager in Windows. Beware of other auto-configuring interfaces, such as PC-Card attached Compact Flash.

Obviously, this is all assuming you have the machine fully encrypted and locked when they arrive. Even if the machine is booted, as long as they can't guess your password to unlock the machine you should be safe. Maybe.

Mod Parent Up!

[Cassini2]

I think your comment is bang on. Someone only has to generate software that fulfills the contract, and gets approved for use. It doesn't actually have to work correctly ...

The Headline

[UMNbandgeek]

When I read the headline, I thought they literally meant a breathalyzer, to keep drunk people off PCs. I could probably use one, it would cut down on the drunk IMs and facebook posts.

Re:The Headline

[morgan_greywolf]

Me too. But I thought 'Wow, that'd be great! Maybe there would be fewer stupid posts on Slashdot!"

Re:The Headline

I thought so too...

I HATE waking up hungover, only to find i wrote 10 posts on a message board that i now must delete...

Re:The Headline

[JohnG]

I've found it helps if you pick one person as your default drunken email recipient. One who for whatever reason is amused by your drunken ramblings. This worked well for me for nearly two years, but then my target started to respond less quickly. Now my poor Facebook friends are suffering. Maybe my next drunken Facebook status update should be for everyone to blame Brittany that they have to read it....except none of them know who Brittany is. They'll probably blame that poor Britney Spears girl, and really, she has enough on her plate now.

Re:The Headline

They aren't drunk. They're stupid.

*hic*

[snarfies]

well i *hic* thinkj tihs is a stipid idea, *hic* and sos ur mothar!1

Keep it up Britain

It seems like every day you come up with more reason for me to never visit your country.

potentially embarrassing and a privacy violation

Criminals will find ways to hide the evidence, and innocent people will have the police rummaging through their files.

This is good news!!

[mlwmohawk]

Yes, as the western world is quickly shedding the rights and freedoms our ancestors fought and died for, it is good to know that our leaders and would-be oppressors are idiots and smart people will be free from prosecution because a fairly well informed 14 year old will be able to hide evidence from the jack-booted inquisitors.

One small problem

[DaveV1.0]

A breathalyzer tests for a specific substance, alcohol, and determines an amount of the substance.

What, exactly, will the "computer breathalyzer" going to test for? File names may not be truly indicative of the content. Will it copy any and all images and movies? If so, then it is not being selective. Is there even a partially reliable algorithm that will allow for the detection of porn, let alone kiddie porn? Will it scan all manner of file for key words?

I don't see how this could work without basically copying everything in the computer and having a human technician sort through everything manually.

Doesn't go far enough

[blophyus]

Forget a tool for computers. We need a tool like this for physical crime scenes. You know: something that would, like, scan crime scenes and find, like, relevant DNA evidence and shit. It could even have an option where it would print out an arrest warrant with the name of the murderer on it.

Re:Doesn't go far enough

hmm, have you thought about writing a mini series for CSI?

Re:Doesn't go far enough

[shutdown+-p+now]

Actually, I think we could do with a far simpler tool - something that could just tell whether a specific human is a criminal or not, once you stick it up his... um, somewhere. We could just do it for all newborn and immigrants then, et voila: no crime at all!

Illegal activity on the computer...

[Zakabog]

How does it know what illegal activity on the computer is from you? If you're infected with some nasty worm that's been spreading all around the world would it consider that something illegal? What if someone just wanted to plant some evidence on you? It would be extremely easy and for most people would go completely unnoticed. Most people don't routinely go through their file system to check if anything is out of place, most people wouldn't even know what to look for.

NMP - Not My Problem

[windex82]

McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."

And how is this the end users problem?

I want a breathalyzer for MY pc...

[sevenoverzero]

But only so I don't email/IM/etc. drunk... gmail's "goggles" are complete garbage. ;)

Drunken Facebook comments

[jtesorie]

Sometimes I wish I'd had a breathalyzer to stop me from booting up upon return from the pub.

Yes, and I want a Pony....

[gweihir]

Seriously, wanting something does not make it appear or even possible to exist. Most people have learned that by age 5. My take is that today it is not even possible to determine what illegal contents is automatically, regardless of what amount of ressources you throw at it. I belive that the AI problem would need to be solved first, and that has been eluding humanity for several decades now, to the point that it is still unclear today whether it will be solved ever.

The solution is of course simple: Decide how important this really is, and then throw the appropriate amount of money at hiring experts. Chances are this turns out to be basically a non-issue. The hard stuff (children harmed in production) is identifiable for cops as well. The soft stuff (music, films, games) is not relevant to continued prosperity of the human race and only gets this much attention because some people turned it into a goldmine. It does not have to be at all. I would expect that broadband Internet and large HDDs make significantly more profit than Hollywood and the music industry combined. And the artists? I do not see any problem there either. Go to a donation-model and the ones that are creative and good will still live well. The others are not of any importance anyways.

Re:Yes, and I want a Pony....

[computational+super]

Seriously, wanting something does not make it appear or even possible to exist. Most people have learned that by age 5.

The rest go into software project management.

It will test the evil bit

[Nicolas+MONNET]

Of course that requires that the use of the evil bit be mandated by law.

Re:It will test the evil bit

[DaveV1.0]

Ah, but by definition, evil people are evil and will create tools to turn off the evil bit.

PC Vs. Mac

[Zanix]

Once again another reason why owning a Mac is better. Right? I mean all those commercials tell me PCs and Macs are totally different!

Re:PC Vs. Mac

[TheGeniusIsOut]

No, because Macs are so user friendly, they will recognize a cop in the room and begin pulling up all the contraband automatically.

I smell Money

[arthurpaliden]

Big fat contracts with all kinds of overruns..money...money....money

Re:Don't quit your day job, detective superintende

[jimicus]

Her day job is architect of the UK's Police Central E-crime Unit, so it might be a bit late for that.

Having said that, I get the distinct impression from RTFA that this is pie-in-the-sky "this is the sort of tool we'd like in an ideal world, not that it's even remotely practical" rather than something that's in active development:

said frontline police ideally need a digital forensic tool as easy to use as the breathalyser, to help them deal with growing numbers of computers being seized during raids on suspects' homes

Yep, and I bet they'd like a machine which they can just turn on, punch in details of an unsolved crime and bingo! it tells you the perpetrators name, address, telephone number, the car they drive, their plans for the next 48 hours and where sufficient evidence to obtain a conviction can be found. It's fairly obvious from the article that whatever qualification this woman has, none of them involve technology.

"Reasonable suspicion"

[khasim]

"Reasonable suspicion" is the key phrase here.

If the cop stops you for running a red light and sees something suspicious then he can go further.

But stopping you for one thing does NOT give them the authority to check for everything they can think.

http://en.wikipedia.org/wiki/Reasonable_suspicion

Re:"Reasonable suspicion"

[multipartmixed]

What you say is true, HOWEVER, the GPs post is on point.

On Law & Order, they call it the "Plain View Exception".

Apparently it exists IRL too: http://www.policelink.com/training/articles/2043-plain-view-doctrine-

Re:"Reasonable suspicion"

[Paul+Jakma]

I don't know why you're marked informative. I suspect you're telling us about what you think is the case for US law, completely oblivious to the fact that this article is about the UK. (You know, different country, different laws?).

Police in the UK have *far* broader powers to stop and search people on the streets and public roads. IANAL, so I won't go further.

Re:"Reasonable suspicion"

[spikedvodka]

True Story. Maine State Cop, also happens to be a K-9 Handler, and obviously, his dog is in the cruiser with him (as is standard procedure).

Said cop pulls a car over for a busted tail-light. gets out, lets them know why he pulled them over. While he's out of the cruiser the dog starts to "indicate" (Yes still inside the cruiser that has the window open) This gives (and yes it held up in court) the cop "reasonable cause" to search the vehicle.

Lo and behold the vehicle contained about 200 pounds of marijuana.

Re:"Reasonable suspicion"

[clone53421]

Hmm. If dogs are permitted to perform warrantless searches based on their super-human senses, I'm pretty sure the Coppertone girl was hiding child porn in her bikini.

Specilised Service

[Captain+Hook]

because the majority of cops don't have the skills to forensically analyse a computer.

Most don't have the skills to find and analysis DNA evidence either. Perhaps some sort of specialist service is in order similar to the Scientific Support Services rather than a gadget which I really doubt is going to be find anything but keyword list comparison finding a folder listed as 'kiddy porn'.

The whole point is?

[Hordeking]

A device to determine illegality of files on a computer? Funnily enough, I always thought it was up to the judge and jury to determine if someone is/was doing something illegal.

I don't know about you, but I don't think cops need more reasons to make arrests. It's bad enough those arrests become public record, searchable by all, including employers, regardless of whether there is an eventual conviction or not.

Now, THIS would be entertaining...

I'm just waiting for the day when a botnet herder decides to find out the answer to the question of "what will the government do when *everyone* is a criminal?"... and malware sends a "care package" to 1,000,000+ computers, consisting of illegal content {child porn / whatever) - then reports the IP addresses to the authorities.

Really, what would the response be? Arrest EVERYONE? Admit that their laws/processes are idiotic? Prosecute a few "as examples" (thereby proving that although the law/process IS idiotic, they would rather sacrifice the principle of laws being applicable to everyone, than admit failure)?

Lawl CAPTCHA: "Uniforms".

Re:Now, THIS would be entertaining...

[the_womble]

I'm just waiting for the day when a botnet herder decides to find out the answer to the question of "what will the government do when *everyone* is a criminal?"... and malware sends a "care package" to 1,000,000+ computers, consisting of illegal content {child porn / whatever) - then reports the IP addresses to the authorities.

If the sort of people who ran botnets were the sort of people who want better laws and police, that would happen. I rather think that is the last thing they want.

What is more likely (if it is not happening already) is that more targeted hacks are being used to plant material on computers, hidden where are non-knowledgeable user would not easily find it, and then blackmailing them. A few files could be placed in open view to prove that the threat was real - or perhaps a random illegal image could be popped up at intervals to keep the pressure up.

Most people would be too scared to get help, and would roll over.

a quote...

The answer to 1984 is 1776

Analyse?

[zmooc]

the majority of cops don't have the skills to forensically analyse a computer

The majority of cops doesn't even have the skills to find my computer halfway up the old chimney;P However, I'm looking forward to the day they have to work their way through my massive computer-cemetery;->

Re:Analyse?

However, I'm looking forward to the day they have to work their way through my massive computer-cemetery;->

Unauthorized hazardous waste storage.

In Short...

[Nom+du+Keyboard]

In short, keep it simple because we're stupid - but we intend to violate your rights anyway!

Take a Screw Driver?

[nurb432]

Just remove the hard drive and take it with you. Thats how most law enforcement groups do it.

Ok, technically they actually take the entire box, but once back at their office the drive comes out for forensics ( and disk imaging ).

searching is not their problem

[PMuse]

What makes a breathalyzer easy to use isn't just chemistry -- it's that alcohol is illegal in the body of a driver. I can easily build the police an out-of-the-box pattern recognizer for computers. They can start using it as soon as they pick a pattern and make it illegal.

Let's see, what pattern would be present in every instance of cyber crime? How about URLs? Let's outlaw them. ;-)

Re:searching is not their problem

[maharg]

Heh yeah. I love the assertion that they could just plug in the device and find the single incriminating email. Such naivety is truly heart-warming 8^) Sure makes you wonder why businesses waste so much money on e-Discovery, when in reality, it is so trivially solved.

and the next step would be...

[tbj61898]

what about a device to discover people guilty on adultery?

like a suppository... :-)

Sorry your officer

[senorpoco]

Sorry officer all my USB ports are broken, looks like you will have to do your job.

www.pornalyzer.com

[hokeyru]

1. Make linux distro to assist police forces in crushing fourth amendment rights
2. Create pornalyzer.com website to sell product
3. Profit!

Re:Outlaw encryption THE OFFICIAL's HELP-U-OUT

[Nom+du+Keyboard]

"Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty."

Okay, Sir. We'll just help you out by deleting all those pesky empty files and perform a wipe of your free space afterwards. This will recover all that space that you assure us has nothing of value in it. And then we'll check up on you every week or three just to ensure, mind you, that you don't have any of that pesky encryption stealing away your disc space any longer. It's just all part of the service.

LOL

[stonedcat]

Good luck accessing my encrypted hard drives on my Linux system.
I lock the fucker down everytime I leave the room with just a keypress.

Fuck the police.

Re:LOL

[s0litaire]

I'd go one step further... What if I install a 240v Magnetic coil around the door frame? Would it wipe the drives if they were taken through it when its powered? or would I just end up with fried pork? :D

Because...

... we don't really want the cops to have free reign to simply 'drop-in' and tear our house apart looking for 'evidence,' that's why.

Need a Mind Reader?

[nurb432]

Not really, with todays plethora of interrelated laws and regulations you can almost guarantee you have committed a crime.

Its just a matter of finding which one. "While we determine that via investigation, you will be detained."

Re:Need a Mind Reader?

[docgiggles]

I agree with this. Cops would have means to find illegal materials, such as music, that could send you to jail even if they don't have enough evidence to press the original charges. I think that there should be a law that disallows charges brought based on evidence collected from the computer that they were not explicitly searching for

why police like drug offenses

[PMuse]

As other posters have noted, cyber fraud is hard to prove, since the evidence it leaves behind (data, transactions, account numbers) looks so much like legal commerce. It takes a lot of smart work by educated professionals to prove the difference.

Now you know one of the reasons that the police like drug laws so much: The key facts can be understood and collected by an officer with an IQ of 80 and just a couple months of training.

Who Makes The List?

[Nom+du+Keyboard]

It's not that nasty behavior is going on, but who determines what constitutes nasty.

Re:Who Makes The List?

[sizzzzlerz]

They can't define it but they'll know it when they see it.

IT'S IN THE GODDAMN RFC!

[Nicolas+MONNET]

It's in the goddamn rfc, they HAVE to follow it. What are you, from Microsoft?

Re:IT'S IN THE GODDAMN RFC!

[DaveV1.0]

No, I am not from Microsoft. I am an Evil Genius(tm). I have proof. I have business cards!

Dear U.K.Cops: +1, Helpful

Kindly FUCK OFF

The United Kingdom is on my NO TRAVEL list.

Cordially,
Kilgore Trout, PatRIOT

Be careful though.

The reason US cops can search and find anything on people is that a lot of people give them consent to search. Once someone does that, they can search for anything in a vehicle or house, and create new charges.

Don't give consent, they might harass you, slap the cuffs on and make you stand on the road looking like a schlock, but they can't just dig in the vehicle willy nilly.

UK people are barely a notch above prisoners, so this probably doesn't apply there.

Re:Be careful though.

[clone53421]

Sure, unless they decide to search anyway and claim you consented.

Re:Be careful though.

[ancientt]

I was watching cops (not a regular viewer but was being sociable) and saw a cop search a car claiming a "furtive gesture" as probable cause. I could hardly believe it, here was a guy who knew he was being filmed who apparently decided that showing his ability to get around the need for a warrant was going to be taken as a good thing by viewers. What sticks with me isn't the injustice of it all, it was that a potential jury of peers sitting around watching TV seemed to support the action.

Re:Be careful though.

[clone53421]

Personally, my respect for the law greatly diminished when I received a ticket that stated I'd turned left where prohibited by sign – at an intersection I'd driven straight through. In fact, I hadn't even entered that intersection when the cop turned his lights on.

Re:Be careful though.

I was watching cops (not a regular viewer but was being sociable)

Worth becoming a regular viewer. You can learn a lot about current manipulative tactics used by police. Just treat it as a real-time game - your job is to roleplay as the suspect, and call FAIL when the suspect makes the fatal mistake. You win when you call FAIL at the right time, and you lose when you think "Damn, that guy said what I woulda said!". After a few months of regular viewing, you can get pretty good at it. Think of it as survival training.

and saw a cop search a car claiming a "furtive gesture" as probable cause. I could hardly believe it, here was a guy who knew he was being filmed who apparently decided that showing his ability to get around the need for a warrant was going to be taken as a good thing by viewers. What sticks with me isn't the injustice of it all, it was that a potential jury of peers sitting around watching TV seemed to support the action.

It's propaganda. If most of the jury pool watches the show without regarding it as a survival training scenario, the show's backers can change the popular conception of what constitutes probable cause. Knowing what the desired standard for probable cause is the real benefit of watching the show. (It has changed over the years since the show started airing.)

(Correct response in the situation is to enter an "Am I under arrest?" "Am I being detained?" "Am I free to go?", and "I understand your position, but I respectfully disagree that you have probable cause, and I do not consent to a search." loop. If you're very lucky, you'll get a cop who's honest enough to stop before he illegally searches you. If he's an average honest cop, his illegal search will yield nothing, and no harm, no foul. Even a corrupt cop will be less likely to plant something, knowing that he's less likely to be able to use it as evidence.)

This idea...

[Conditioner]

This idea was invented by Shampoo.

Oooo...

[Deadstick]

because the majority of cops don't have the skills to forensically analyse a computer

Can I write the software for it? Please?

rj

No Ports

[sexconker]

Let's take a trip to Fantasy Land.

In Fantasy Land, this tool exists and works, and works well!

Now let's head to Lulz Island (next to Fantasy Land's Reality Distortion Field and Apple Corporate Headquarters).

On Lulz Island, the cops have raided my house because my neighbor has complained my bits were too loud. They try to run the tool, but fail when they find all the USB ports on my machine have been broken. After trying a USB to PS/2 adapter and failing yet again, my PC is returned to me.

For all the reasons us nerds can think up for why this won't work, and if it did work, how to defeat it (truecrypt! run everything off a flash drive! cloud computing! beowulf clusters!), I think it's important to remember this:
Even if it was as simple as "stick into usb port, wait 10 seconds, remove", there are countless, hilarious ways to stump the coppers that don't involve any geekery.

Drug use

When people suggest things like this I think that is probable cause to search them for drug use. I mean, if you are not on crack you just couldn't come up with this stuff!

Porn Detector

[Frosty+Piss]

Basically, make people hook up some wires to their penis, and when they get aroused while online, the Cyber Cops automatically log in and check out what you're looking at...

if breathalizer = indicator, pgp = suspect?

[saintsfan]

if they are looking for a litmus test to identify technology suspect of housing illegal information, just having encrypted files or an encryption application may entice them to detain you / your technology. a "red flag" kind of thing. not saying i agree, but "if you have nothing to hide.." might be their logic.

Re:if breathalizer = indicator, pgp = suspect?

and how you can diferenciate between random bits from encrypted data?

Or you just plan to look for .pgp/.gpg files?

Re:if breathalizer = indicator, pgp = suspect?

[jimicus]

if they are looking for a litmus test to identify technology suspect of housing illegal information, just having encrypted files or an encryption application may entice them to detain you / your technology. a "red flag" kind of thing. not saying i agree, but "if you have nothing to hide.." might be their logic.

Not only "might be" their logic, it almost certainly is.

Years ago, there was an automatic right to silence in the police station. Technically there still is, but today they're allowed to use your silence against you in court - as in "You never mentioned any of this while we were questioning you, does that sound like the action of an innocent man wanting to get everything over as quickly as possible? Or the action of a man waiting to concoct a lie at his leisure?"

More harm than good

[gmuslera]

The non-completely-dumb evildoers will have plenty of ways to avoid it. So with such thing you will get the few completely-dumb ones, and, of course, most of the innocent bystanders. Antivirus have pretty hard work figuring when executables could be harmful, wonder what will happen with random data files searching for something not very clear, and of course, needing full access for that, so forget private data for any reason.

easy to use -- easy to fool

[roc97007]

The first thing that occurs to me is that any appliance easy enough for a beat cop to use couldn't be very high-grade forensics. If there is a standard set of techniques used by the appliance, there will almost immediately (as soon as one is stolen) be a standard set of work-arounds. After which, only the profoundly stupid and/or set-up will ever be caught.

On the other hand, it occurs to me that the authorities only need the occasional high-profile arrest to keep funding going, so maybe it's a win-win for all -- the gov'ment gets credit for "cracking down on porn" and the hard cores have a known set of procedures to keep their stuff under cover.

Easier than it looks

[Chris+Mattern]

All they need is a Knoppix CD that dumps out an image of the disk to their own storage. The image can then be turned over to a real expert to analyze at his leisure. There, done.

Re:Easier than it looks

[Joce640k]

Um, getting hold of the disk is the easy part (they don't weigh much).

the problem is they don't know how to analyze what's on it.

Re:Easier than it looks

[clone53421]

Pfff, they'll just take your hard drive. You'll wait.

This would be easy enough

[moniker127]

Just make a simple diagnostic program with a database, put it on a flash drive, plug flash drive into computer that comes up with an indicator of "clean" or "10 years".

well...

what about just building it into the virus scanners they have out there? then people are baiscally reporting on themselves
and considering most people need antivirus software, they wont have much of a choice; either smarten up and stop doing illegal things, or deal with reloading your computer all the time because of spyware and trojans etc.

Ways to Get Around This?

[pcutt]

Yes, good point, which brings up the question, how can one get around a fishing expedition? What if the computer in my house isn't *mine*? What if it belongs to some corporation, and what if I'm not an employee of that corporation? Then who's liable, the corporation, it's board, it's shareholders? What if I didn't even have an ISP connection in my house? How could the cops hold me accountable for the contents on a machine that's not mine? How could the cops know that *I* downloaded or created the [mumble] that now resides on the hard drive? How could the cops hold me accountable in these situations?

virtual machine

[FranTaylor]

just run a virtual machine in the background and have it grab their USB sniffer. Nope, no porn on this machine. Move along.

Re:virtual machine

[clone53421]

...works slightly less well if their USB dongle is bootable and your BIOS doesn't know to start the VM.

How to dodge a raid?

[lant]

Disguise your computer like a front door.

Unfortunately, that IS his day job.

[EWAdams]

How he got to be the UK's top cyber-cop, I can't imagine. He was probably promoted to the position by people who heard that he had once used an ATM.

Re:Outlaw encryption THE OFFICIAL's HELP-U-OUT

[clone53421]

Okay, Sir. We'll just help you out by deleting all those pesky empty files and perform a wipe of your free space afterwards. This will recover all that space that you assure us has nothing of value in it.

No problem.

And then we'll check up on you every week or three just to ensure, mind you, that you don't have any of that pesky encryption stealing away your disc space any longer. It's just all part of the service.

Like hell you will, without a warrant and without convicting me of anything.

www.HideYourCrimes.org

[BornAgainSlakr]

Am I the only one that wants to start a website exclusively dedicated to giving everyone, including criminals of all sorts, detailed instructions on how to use free software to make it very very hard for the police to access their systems?

Not that I condone child porn or any other OMG! crime du jour, but everyone has rights and I think this would be a great form of protest.

Whenever the police whine about wanting their jobs to be easier, it makes me want to throw up.

Linux, Mac?

Didn't we have this conversation already? Or will this thinggy tell the cops that theres 36 nude kids on my C: anyways?

While were at it... would I get busted for having lunix, an illegal hacker operating system developed by that Russian hacker guy?

I need to get my bright day glow shirts out of the closet I guess.

See you at weapons training next week in the quake.

THIS IS STUPID...

[sootman]

... and not just for the obvious reasons. :-) There is a company that makes a family of devices (can't find it online now, my google-fu is weak) that lets you move a computer without ever turning it off.
1) Plug in a USB "mouse jiggler"--a USB device that pretends to be a mouse that moves the cursor every few seconds so the computer won't go to screensaver or sleep
2) Hook a special apparatus to the power cord that connects it to a UPS so you can pull the plug out of the wall and the UPS instantly kicks in
3) Load the running computer onto a cart then take it down to the station
Aha! Here it is. Watch the videos, they're pretty cool.

I'd go two steps further.

[tjonnyc999]

I would go 2 steps further: 1.) Somehow, come up with a way to disable the USB ports *in the hardware* except for devices that I specifically authorize (i.e. keyboard/mouse/camera). Sure, it's security-by-obscurity, but realistically, how many people would even think of a hidden BIOS switch / hardware overlay that kills USB port access unless it's a Logitech/Microsoft/Kensington/other-whitelisted device? Or, a self-destruct switch for the USB controller. 2.) Set up a self-destruct device *on the drive* itself? And link its operation to a "heartbeat signal" coming from a hidden embedded RFID chip (just cruising ideas here, don't rip my head off about the details, mmmm-kay.) - take the drive 50 ft (or w/e other arbitrary distance) from the heartbeat, the little circuit goes into action, wiping the data permanently, or physically killing the platters. "What's that, Officer? There was a strange grinding noise from the drive as soon as you walked out of the house? Well, I don't know, those damn {Brand Name Here} drives are SO unreliable! I'm glad I didn't use it to store anything *important*!" And of course, the self-destruct device would have a cryptex function, that would activate it if pried open by brute force. But then again, how many cops would realize what the device is? And how many of them would even think to physically screw with the evidence before bringing it to the lab?

Re:I'd go two steps further.

[s0litaire]

next step... Thermite

Chipping Away at Rights

[your_mother_sews_soc]

As I've been spending more and more time on firearm-related sites (and sights) and less on Slashdot, I have seen an amazing amount of UK chatter. First guns were taken away, now knives, and this. None of it comes as any surprise to me or any one else who is keeping an eye on 2nd Amendment rights.

While a lot of people in the US fear guns (because we've been taught to), if we let our Constitutional right to keep and bear arms be taken away, just wait for all the other freedoms granted us to be eroded (even more), as well.

Why the British people are just rolling over and letting their rights be taken away from them is mind boggling.

That's a big straw man

[snspdaarf]

Doesn't this kinda depend? Just because you found something else while looking for your actual thought doesn't mean you have to IGNORE it. If you came looking for credit card fraud and found, say, illegal hacking activity, should they just ignore it? If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

Torture? You mean actively pulling toenails out, or something? No, that would not require a new warrant. It is a crime in progress. They would arrest you. It might be difficult to prosecute you, but they would arrest you.

However, just because you have a glass of wine on the table when they come in on a drug warrant does not mean the police can knock all the walls out of your basement looking for Fortunato.

What they need for this computer search is a disk that runs the kiddy porn search, another disk that runs the identity theft search, etc. Then, they can run the disk that the warrant specifies. It's not a question of ignoring things. If you find something outside of your warrant, it is not admissible. If I look in your kitchen window and see your hydroponic pot operation, and I go get a warrant that says I can search your kitchen, and I get back to your house and the hydrofarm is gone, I can not look for it outside of the kitchen. Courts have ruled that even if I walked past it in the front room, because the warrant said kitchen, it is not admissible.

IANAL, IANAPO, but almost everyone else in the family is one or the other.

Re:That's a big straw man

[Gyga]

After that you can go back and get a warrant for anything you see that is in plain sight (if it is clearly visible).

USB port?

This should be easy to prevent by upgrading the most accessible USB ports to something like 220V AC.
Since this device is not intended for cops that know anything about computers, they could run through a large pile of analysers before giving up.

That's where TrueCrypt's keyfiles come in.

[EWAdams]

Keep them on an innocuous USB flash device (like the ThinkGeek flash drive in a LEGO brick) that's in your pocket any time you're not using the computer. When your computer is taken, destroy the device. You lose your data, but it is NOT accessible no matter what they do to you, and there's no issue of refusing to reveal the password.

Re:That's where TrueCrypt's keyfiles come in.

[Dan541]

If you cut the stupid key ring cord off the back you can conveniently hide the brick as part of a Lego structure.

Now I wish I had kept all my Lego.

Re:That's where TrueCrypt's keyfiles come in.

[clone53421]

Merely forgetting the key is a crime. You really don't think they'll convict you if you deliberately destroyed the key?

Did anyone read the article?

She asked for two specific things:

1. If they knew there was a *particular bit of information* they were looking for (such as an email), it would be good to have a tool that could identify which (if any) computer the email was on.

2. If a victim (such as a bank) wanted to have their machine examined by a remotely located forensics expert, there should be a tool for that.

Both requests seem reasonable to me.

Why don't they...

[taucross]

Why don't they forget this, and just make everything illegal instead?

Oh wait, never mind.

Umm, not quite

[logicnazi]

Yes, generally anything that is encountered during the course of a lawful search (even if for something else) is admissable. Sure, cops can't go paw the drawer next to your bed looking for a stolen TV but the problem is how this is understood by the courts.

In particular this rule is understood to mean that if the police open your safe looking for a stolen laptop the papers inside would be admissible in court. In other words once the police have cause to look inside a container you own they can examine the contents at their leisure, they need not immediately cease looking the second it's apparent the subject of their warrant isn't present. Now if you had a locked jewelery box inside that safe they likely wouldn't be able to examine the contents if it was outside the scope of the original warrant but the problem is when you try to map this notion onto that of a computer.

In particular it turns out that case law so far has endorsed the idea that the computer is just one big container. Maybe things would be different if you had an encrypted volume on the computer but in general once they have reason to examine your computer for one thing they can examine everything.

In fact the standard practice in the US is to seize your computer and have their experts perform a low level clone of the disk the second they have any reason to search your computer. Moreover, since the 4th ammendment and past case law is grounded in the notions of physical searches and seizures there is no framework for restricting what they can use the HD clone for once it's been made (well privacy laws might prevent them from disclosing your cybersex logs but that's about it)

Or worse....

[snspdaarf]

...the "Pound Me In the USB Port" kennel.

I want a breathalyzer that detects sex offenders..

[mrbene]

by mug shot comparison from a central server, and that also scans and uploads the contents of operated the vehicle so that teams of specialized car inspectors can identify illegal items.

Such a rambling article. Is it a dongle that attaches to compromised machines in a corporate environment, or is it a set of tools on a bootable device that scan all hardware of already confiscated machines? Is it intercepting traffic, or examining what's already in place?

Ah, whatever. When it comes down to it, all they've got to do is hook up with Google and have this as extended functionality of Google Desktop.

wouldn't it be easier

[toby]

Just to criminalise computer ownership?

The United Kingdom is now The Village

[Chris+Tucker]

And you're ALL Number 6.

Do you have the courage that Number 6 had? Will you fight back against Number 2?

Are you just "A number" or are you Free Men & Women?

The choice is yours.

next: The Electronic Judge.

[toby]

Being electrical, it could be Executioner as well. Sit suspect in the apparatus, press DETECT GUILT and wait for the fireworks.

I am sure dozens of books and films already use this premise.

Re:next: The Electronic Judge.

[DigiShaman]

Actually, it could be done very easily. At least more easy then programming some video game or OS.

Have you ever read legalese (law book, contract...etc)? It's basically a form of "source code" for our social order.

Worse than that: framing

[jonaskoelker]

"Hi again, [name]

Here's the latest collection of pictures we gathered up. You're going to love the two girls in 0138.jpg; you can see their tits have juuuust started growing, right at the age where you like them.

The password is the same as last time.

Attached: foo.zip"

Now you're on the hook for a password(-derived key) which you don't know. Interesting... I should probably stop publishing my mail address ;)

See my journal

[toby]

For results. It's easy. Get drunk, type, click Submit. I'll walk you through it...

Install Gruff McClippy

[sizzzzlerz]

Its looks like you're trying to detect illegal material.

Would you like to:
    A. Find pornography
    B. Detect bomb-making instructions
    C. Locate maps of casino vaults
    D. Other

GOD, what a relief

[AlgorithMan]

if such an idiot is "One of the UK's top cyber cops", then what the hell are we ever worried about? how are they supposed to build a surveillance-state with such bright experts like him?

random thoughts

[moxley]

They can have this when I can have a device that will automatically search the computers, cars, homes and personages of all who are police, intelligence or politicians for any indication of corruption of any sort.

Once the people can have proof that these "authorities" have clean hands, pockets, and intentions - then maybe I would be halfway comfortable with this.

As it stands now, I see some people who don't understand technology (or freedom for that matter) being willing to give up rights that were hard won where people may have died fighting for the principles behind these rights.

I know the UK doesn't have the same constitutional/revolutionary founding principles that the US does, but people have got to be sick of this constant Orwellian slide going on in western society.

And here's the other thing:

Like whatever "One size fits all" bullshit they'd have would get around any sort of real encryption or someone truly knowledgable.

Maybe this would work out better for the 'criminals" than what they presently do (EG seizing the computer) because with the current method they can just hold on to the computer until they find the right forensics person or program to get the data.

Could be that this is just an end run around a warrant, (or whatever the UK equiv is) like they want to be able to plug this thing in any time they enter a home instead of having to get a warrant specifically to seize the computer)...

Of course that's what they want.

[SecurityGuy]

I also want a robotic device to figure out what's wrong with cars and fix them.

And an expert system that a layperson can feed their symptoms into and get a correct medical diagnosis and appropriate therapy.

And a powerful computer that can computationally identify valuable drugs without a $billion in research dollars.

Everybody wants things that are hard and expensive to be easy and cheap. What's the story again?

It is not evidence if it is collected this way!

[janrinok]

As soon as 'something is plugged in' to the computer, either hardware or software, then the integrity of the data on the disk is invalidated. This would be laughed out of any court that I know of.

When a computer is analysed forensically, a copy is made of the hard drive, the copy is verified as being accurate, and then all work is conducted on the copy. The original drive is not changed. What they are proposing is something that can access a computer without all the 'trouble' of maintaining the chain of evidence i.e. the end result will be inadmissible in court. The reason that the current system takes so long is that they cannot simply 'plug something in' to collect evidence. They have to follow rigorous procedures which require documenting at each and every step. All the accused would have to claim is that whatever is on the hard-drive after it left his possession or, more correctly, after the police started tampering with it, is nothing to do with him.

just add a new folder to the windows install

[wardk]

call it

"My incriminating evidence"

and then put in the terms of service that one must use it for all evidence of illegal activity

This is so dumb.

[greymond]

Why not just hire some police techs if they are having trouble or perhaps while in their magical land of make believe they can also invent a tool that will stop criminals from committing crimes before they happen - you know like in that one movie where naked chicks in water can see the brief future and you can get arrested minutes before you murder your wife or whatever.

Typical...

[acb]

Knowing the New Labour government, chances are a bill requiring data-loggers in all PCs will be drafted before the end of the year. And the data loggers will not only be accessible to the police, but to the Inland Revenue, the TV Licensing department, the British Phonographic Industry and local council officials.

Quick question:

[Larryish]

What is to keep someone from carrying a USB stick full of questionable porn and bomb recipes into the home or office of an enemy and copying same to the enemy's hard drive, and then diming them out from a payphone?

could never work.

[toby]

There is simply no way to recover objective facts. The best human systems we have ever devised are frighteningly fallible, and a machine must be far worse.

Only the most extreme rationalist could even dream of it.

Re:could never work.

[DigiShaman]

Yes, you are correct. But, we are already headed in that direction with regards to legal automation. Take for example stop light cameras. There was a bill in Texas (Senate Bill 439) that was passed making it illegal to obstruct the license plate. Actually, this was more of an updated version of a pre-existing law. But the sole reason for this update is so cameras could capture the plate number using OCR (Optical Character Recognition). After the snapshot is taken, it goes right to the courthouse and a copy to you with an automated message detailing what should be done next to contest or pay the fine.

It won't be long before GPS systems automatically squawk on you for speeding through a transmission to the nearest cell tower. Hell, they might even automatically slow your car down for you once GPS and electronically controlled throttle bodies become the norm.

My point is this. Computers have made our lives more efficient in all areas of human endeavor. One would be a fool to not have known the legal system would be effected in the same way. Power and control at the highest level is the name of the game here.

Keep your default drive on removable media..

[Paracelcus]

and encrypt it, hide it, tell no one where it is and keep a dummy vanilla copy in the machine.

Use something small for you're secure files like an SD card to make it easy to hide, like an out of the way public place, so you can deny ownership, etc.

Wear your tinfoil hat, and look behind you, you're being followed!

The subject line ...

[PPH]

...made me think that this was going to be the end of drunk posting to Slashdot.

Sadly, yes

[RexDevious]

A lot of "common sense" powers have had to be denied to police, because they've proven themselves incapable of not abusing them. Every counter-intuitive restriction placed on government officials can be traced to an incident of abuse so horrific, that society opted to "tie the hands" of everyone rather than entrust anyone with that power any longer. Really, it takes quite a lot for anyone in government to advocate a limit on governmental powers.

Usb killer

120 volts of fun just wire it up to your front usb port

f'n idiots

[John+Sokol]

Like you can just make a magic wand to detect illegal computer activity.

Someone better not tell them about Linux boot CD's or USB sticks. They only things they will catch are music and movie pirates. as if the RIAA needed more help.

Next they will want mind probe helmets.

This just proves what we already know:

Namely that cops are dumb.

Anyone with half a brain and rudimentary two-finger-typing-and-able-to-minimize-a-window computer skills should know that as soon as such a device was invented - which is about as likely as the sun going supernova tomorrow, I might add - some 16 year old kid in Germany would hack it and find workarounds in like... a day. Even dogs know this. And dogs are pretty stupid.

Enter Key

[jlebrech]

That would be great, you could replace the enter keys with a breathalyser just in case you send emails whislt intoxicated.

Is that what they are talking about?

This will only increase popularity of liveCDs

Think about it-- A computer that uses a liveCD without any from of permanent storage would just need a simple toggle of the power switch, and all "evidence" is gone. They could comb the thing all day long in a forensics lab. They wouldnt find jack.

I suppose they would rule that liveCDs like Knoppix are "BAD" then---

Sad But True

[nick_davison]

1. Check for the presence of Internet Explorer
2. Check Add Or Remove Programs to confirm it's used regularly.
3. Confirm no Anti Virus or Anti Malware software is installed.
4. Confirm OS install is at least six months old.
5. Under the UK's recent draconian porn laws, you can pretty safely assume at least some of the popups and other junk users have been forced constitute illegal activity.

The odds of an older IE install not having downloaded something illegal under British law are slimmer than the odds of a U.S banknote not having minute traces of cocaine. Theoretically possible, highly improbably, and great for the police to abuse.

Forensically useless?

By running any software on the machine, let alone doing so outside of a controlled environment, by someone who isn't a qualified expert, and without supervision that can attest to the action, what do they get? Contaminated evidence! Any lawyer who can't get that testimony suppressed isn't worth their retainer. The authorities need to seal the suspect system, not operate it, then have a qualified expert make a verbatim copy of the disks by a method that has been shown to not change a single bit of the data. The burden of proof is on the prosecution: they must show the evidence is real, not planted.

so practical

Can you just give us room temperature affordable cold fusion reactors instead? They'd be more useful.

Top Cop?

[ScrewMaster]

"One of the UK's top cyber cops, detective superintendent Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers, a simple tool that could be plugged into a machine during a raid and retrieve evidence of illegal activity. McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."

If this is one of the UK's "top cops" I'd hate to see what one of their ordinary cops is like.

Not Exactly Technically Challenging

[wideBlueSkies]

Forgetting about the arguments about whether or not the police should have tools like this, I don't think creating such a thing would be all that difficult.

You'd need a USB enabled drive, and a set of scripts to egrep the drives and filesystems on the target machine. Pipe said list of files into some utils that look for evidence....maybe another egrep that looks for keywords like 'porn', 'bomb', or 'slashdot', and maybe some image analysis software or something.

Or maybe an approach would be the same usb drive/script based solution that would simply export all files of a specific type (a copy without updated the updated time stamp) to said USB disk.

"Seeing" a bag of "weed"

The problem I have with that scenario is that, it's pretty difficult to identify plant material visually, unless the plant is still in it's 'whole' form (that is, you can actually see leaves, stems, etc and determine from the physiology what kind of plant it is).

You might say, if someone has an unlabelled baggy with chopped up plant material, it is likely to be marijuana, but the truth is, unless you can smell it, or have a trained dog sniff it, or analyze it in a lab, you can't really make an identification just on visual appearances alone. It could be some sort of cooking herb, tea, etc.

So what *is* reasonable suspicion? Is a cop seeing a ziploc bag of plant material on your seat sufficient evidence to give that cop the right to enter your vehicle, grab the bag, and make further identification?

It's my opinion that it should not be. Whether it is, or not, of course is a matter of the laws governing whatever jurisdiction you are in.

In a great many circumstances, visual 'identification' can be very, very wrong. Therefore, it seems like the logical conclusion is that visual identification, alone, in many cases, should not be sufficient for 'reasonable suspicion'. There are, of course, some cases where visual identification should be sufficient, like seeing a beheaded corpse in the backseat or something (sure, that *could* just be a theatrical prop, but in that case I'm willing to concede that the cops should be allowed to investigate).

A Camera for Drugs!

Next let's invent a camera that takes a picture of a house and tells you if it's a meth lab!

Or a nose on a stick that always points to the nearest illegal alien!

How about training dogs to sniff heads of state to tell us if their country is lying about WMDs?

A canary that freaks out when an economy is about to collapse!

Of course, each of these things will actually have to be a machine. Machines are magical and incomprehensible. They can do anything. Especially the electric ones.

Re:Right - WRONG!

[localoptimum]

The intelligent criminals are the ones on TV with the fancy suits who tell you what's gonna be illegal and what isn't. They are the ones who speak blackwhite at you and say they are doing the right thing for the country rather than the right thing for them and their rich friends :P

if you outlaw guns, only outlaws will have guns

[deodiaus2]

As long as you are criminally inclined, a bit more laws aren't going to change your behavior. Moreover, the more you have to lose, the more you are likely to take measures to prevent them from being compromised. Hence, as far as encryption is concerned, people with money and motive are going to really buy to top end merchandise.
This really brings to mind the situation with encryption keys for cell phones. While as laws were passed to outfit cell phones in the US, French phones used technologies to by-pass these laws. Now, if you are selling drugs, doesn't it make sense to buy and use a French phone, especially if it is far more difficult to crack. Unless you are stupid and decide to risk your $100K shipment of coke by opting for a cheaper Motorola cell phone.

How about a "Breathalyzer" for financial records?

[ChaosDiscord]

What a great idea? The police don't have time to pick over seized machines, so we can just automate scanning for crime. And obviously the government doesn't have time to analyze accounting records for crime, so let's just invent a machine to automate that too. Also, I'd like a machine to make a pony. Let's get right on that!

Re:Outlaw encryption THE OFFICIAL's HELP-U-OUT

[dangitman]

Okay, Sir. We'll just help you out by deleting all those pesky empty files and perform a wipe of your free space afterwards.

Isn't that exactly what you'd want them to do? It doesn't get much sweeter than that - the police destroying incriminating evidence against you.

Why not...

It is crucial to gather the maximum number of evidence at the beginning of an investigation.

They should do it for mobile phones too.

If you need a sniffer dog

It is NOT in plain view.

Re:If you need a sniffer dog

[clone53421]

True. They shouldn't even be allowed to call the dogs unless they already have reasonable suspicion of drugs.

Sounds like a job for Rent-a-genius

Sure! No Problem! And after lunch, let's crack multi-language multi-accent voice processing, true AI, and throw in a cheeky instant prime-factor algo that will work with integers up to 4096 bits!

So what happens...

[damburger]

if my computer doesn't response immediately to the device by spewing all my private data? Am I arrested for having a computer too sophisticated for police goons to break into?

I don't see magnetic domains any more

I just see blonde, brunette, goatse...

Let me offer a solution!

[shutdown+-p+now]

This should be a USB device with a LED display. When plugged into the computer, the display is lighted on, and the following code runs:

#include <stdio.h>
int main()
{
  printf("It is certain that at least one of the users of this computer had done something illegal while using it at some point of time");
}

Re:Let me offer a solution!

[Wiseazz]

Along the same lines, I shared an elevator with a cop the other day. I just looked at him and said "I didn't do it". Without skipping a beat, he said "Yes you did - you just haven't been caught yet". I'm pretty sure at least one of us was joking.

Re:Let me offer a solution!

[clone53421]

I'm pretty sure neither of you were.

Re:Encryption illegal by default

[alecwood]

In the UK it is illegal not to decrypt on demand. There is no burden of proof on the existence of encrypted information either beyond the word of the police. Furthermore, you are by default gagged from discussing the demand for decryption with any third party, including your legal representation.

These necessary provisions keep us all safe and secure from the terrorists who are everywhere.

Funny... I have one of these already

[spikedvodka]

It's called a Hard Drive Duplicator. it's even rather simple to use... Yank HDD, throw in in a read-only slot, take an image, generate a Hash Value, "Bag&Tag" the original, and then send the image off to be analysed.

If they're looking for something like a USB Key-fob that auto-scans a drive I can see lawyers having fun with that. I hope that the developer knows how to make it [certifiably] forensically "secure" which means that it'll have to be a boot-cd or boot-usb-key-fob at the very least

Australian Cops developing bootable CD

[donak]

This was in The Australian newspaper on Nov 2, about a bootable CD (think Knoppix)
being developed in conjunction with Edith Cowan University:

http://www.australianit.news.com.au/story/0,,24597325-5013040,00.html

FTA: "Known as Simple Image Preview Live Environment (SImPLE), the tool is heralded as the new frontier fighting cybercrime."
SImPLE? Sounds right ...

Who'da thunk it? Aussie cops ahead of the UK cops?
Or did I just discover a bit of plagiarism? Guess I'd better read both articles ... tomorrow, it's after 3 a.m.

NCIS confirms it!

Oh, c'mon! It only takes a few minutes to get all the incriminating data off a criminal's PC!
They demonstrate this practically every week on the CSI's!
Sheesh. You'd think /. readers would be at least as well informed as the average television viewer!

#!/bin/smash

# Extract passwords from suspect using rubberhose until all information in hdImage is accounted for or suspect expires.

bzip2 -9k hdImage
touch foundData.bz2
while -e /dev/suspect && sizeof(foundData.bz2) < sizeof(hdimage.bz2); do
    rubberhose >> /dev/suspect
    grep "password=" /dev/suspect >> passwords
    truecrypt -p passwords hdImage |bzip2 -9c >foundData.bz2
done

The point is...

[EWAdams]

... to keep them from finding my collection of iguana bestiality videos. They can convict me of refusing to hand over the key, but they can't convict me of possession of the videos -- nor can they ever gain access to them.

Failure to cooperate with the police gets you a MUCH lighter sentence than a sex offense, and you don't go on the sex offenders' register.

In other news -

[Geminii]

Sudden surge in demand for device which will electromagnetically shotgun both RAM and hard drive if approached by raiding cops.