UK Cops Want "Breathalyzers" For PCs

An anonymous reader writes "One of the UK's top cyber cops, detective superintendent Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers, a simple tool that could be plugged into a machine during a raid and retrieve evidence of illegal activity. McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."

So they want GOV spyware?

[Joe+The+Dragon]

So they want GOV spyware? They will still need people to look at the data.

Re:So they want GOV spyware?

[blueg3]

Good job managing to misread the summary.

Re:So they want GOV spyware?

[sexconker]

What?
It's an apt post.
Spyware snoops around and grabs whatever it finds and deems to be unbecoming of a law abiding computer user.

They then hand that off (and the pc itself, likely) to a group of people who will do the analysis.

The post above you implies that this tool will not be of much actual help, and I agree. A "clean" report from the tool means nothing, and for any actual raids the computers will still be combed over by a forensic team. Any "dirty" report from the tool will result in the same outcome.

What this is really about is passing the buck and keeping face - the cops don't want to look incompetent, so they create this tool and publicize it.
Any failure of the cops will be blamed on the tool still being a work in progress, hackers actively working against the tool, etc.
Any responsibility on the part of the cops will be passed off immediately to the forensics teams. When the tool gives out a "dirty" report, the cops will fill out the green "Suspicion of Illegal Digital Bits on Electrical Personal Computing Device" form and hand over the report and the pc to the forensics team.

Once the tool is accepted as good and trustworthy, departments will find any excuse at all to use them to harass and extort money from the public.

Noise complaint?

Let's bang on the doors, give them shit, and check their computers for illegal activity. You just KNOW that music isn't paid for.

No, sir, since we heard music from the street, and we clearly can see you have a computer, and sound system, and a lack of physical CDs/tapes/records, in plain sight. We have reason to believe a crime has been committed. We don't need a warrant to perform a cursory search. If the search turns up anything, your equipment will be confiscated as evidence.

Re:So they want GOV spyware?

[Yetihehe]

Actually, if you can hear music from the street, it can be called "unlicensed public performing/playing".

Re:So they want GOV spyware?

[sexconker]

The cops can and will search and bust you with a reasonable suspicion / in plain sight excuse SO easily. Yes, in the USA.

Do you really think that such a tool, if created, would not be spyware?

Spyware has no particular meaning. Malware, Adware, Spyware, Greyware, Foistware, Crapware, Bloatware, etc. have all been coined in a feeble attempt to classify and categorize programs. There is no official designation or definition.

The term is a merging of the word "spy" and the word "software". Literally, spyware is software that spies. What is spying? Spying is looking for and collecting information, often secretly.

Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?
Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?
Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?

You jumped at the chance to shoot someone down and farm some karma by accusing them of not reading the summary.
In doing so, you missed the point of the post entirely (that people will still need to look at the data).
I called you out on it.
You got pedantic, saying the problem with the original post was the use of the term "spyware".
I'm calling you out again.

Re:So they want GOV spyware?

[severoon]

Let me get this straight. McMurdie is basically saying, We need a pervasive technology solution to compensate for the fact that I have the wrong and/or incompetent personnel.

Yea....

Re:So they want GOV spyware?

[blueg3]

You don't get the point. Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number. So, say you are investigating Joe Smith, who has 3 computers, a PDA, and a cell phone. You deliver all these to the forensic analysts. At least half a year passes before you get any information from them. At that point, the information is only really useful in a trial, but not in the investigation.

They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).

Re:So they want GOV spyware?

[syousef]

Good job managing to misread the summary.

Yeah! I didn't read the article or the summary and I can tell you I have the following strong opinion: There's no need for breathalizers for computers because if I pour alochol onto my computer it would short out. Therefore to determine if a computer has had alcohol just try and switch it on. If the power comes on and it boots, it hasn't had anything to drink.

Right

[Endo13]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Re:Right

Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such. But what they describe is simply ludicrous:

McMurdie said such a tool could run on suspects' machines, identify illegal activity - such as credit card fraud or selling stolen goods online - and retrieve relevant evidence.

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Re:Right

[CaptainPatent]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Or like exploiting three people capable of seeing into the future in order to generate police reports and make arrests.

As we learned, nothing can possibly go wrong!

Re:Right

[theaveng]

Well put.

But the governments of this world routinely ignore law (obtain warrant naming specific evidence desired) and instead do exactly what you described - go on a fishing expedition. "Well we came here to get marijuana, but instead we discovered porn on your PC, so you go to jail buddy."

They do this same ____ in the U.S. with random searches of cars. They are supposed to be looking for illegal immigrants, but instead they bring in the dogs and have them sniff for marijuana/cocaine. Then they arrest you.

This shouldn't be allowed.

Re:Right

[thesqlizer]

I don't recall where (or if) the US Supreme Court handed down a decision on the concept of "Are computer files more like what's in your brain or in a file cabinet."

IMHO, searching a computer is akin to searching someone during questioning.

Questioning someone who has been Mirandized: fine.
Going through their belongings with a search warrant to find something specific: fine.
Going through a computer willy-nilly on a fishing expedition: not fine.

Re:Right

[CannonballHead]

Doesn't this kinda depend? Just because you found something else while looking for your actual thought doesn't mean you have to IGNORE it. If you came looking for credit card fraud and found, say, illegal hacking activity, should they just ignore it? If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

Now, if they pull you over for "presumably" running a stop sign and sniff your car, that's different. On the other hand, since illegal immigrants and drugs seem to go together, since drug trafficking and immigrant trafficking is a similar thing (smuggling), I don't actually see a problem is searching for both at the same time.

I'm not saying they should be allowed to just randomly show up and search your house without giving a reason, by the way.

It's a fine line between hampering catching criminals by giving "too many rights" and stepping over the bounds of innocent until proven guilty...

Re:Right

[blueg3]

Actually, that's not the problem they're trying to solve. I don't know about in the UK, but in the US, any kind of searching (including hash comparisons and automated tools like this) require a search warrant that covers the computer.

What they're really interested in is not conducting fishing expeditions, but trying to find some useful information -- even just narrowing down which machine they actually need to fully analyze -- within the machines covered by a search warrant. Generally the procedure is to box these things up, hand them over to computer forensic experts, and wait 6-12 months for them to perform a full analysis. Cutting down the amount of work they have to do by giving them only the one computer out of ten that is actually interesting, or being able to pull some small amount of useful information to use in the investigation immediately, is of great value.

This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.

Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.

Re:Right

[JLennox]

As an employer, I use to run background checks on people. One man in his early 50s had a "drug possession" charge from decades before. He got busted with a joint. As much as I agree with keeping a lot of drugs off the streets, it's hard to agree when the legal punishment for some drugs is far more damaging than the drug it self.

Re:Right

[causality]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do? Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

They cannot even keep illegal drugs out of prison (don't take my word for it -- do the research yourself). How do you propose that we do this in a relatively free society? The way it has worked is that some amount of crime is tolerated in exchange for having a free society with things like legally recognized civil rights. With drugs and lately with terrorism the (dangerous) mentality has been that we need to stop $EVIL_THING no matter how high the cost is to the rest of society. This is tunnel vision at best, a step towards a totalitarian government at worst.

But I am curious. Once you see for yourself with your own research that they cannot even keep drugs out of prisons, I would like to know this: what environment even more restrictive than prison would you propose for the entire population in order to better meet your 100% detection/punishment rate? I'd also like to know whom you would entrust with the management of this environment.

Re:Right

[gnick]

Except we want cops to catch people with illegal drugs etc..

What do you mean "we", white man?

Why restrain the cops from doing what we all need them to do?

So that they don't trample all over innocent people in their race to jail stoners? So that we can maintain some sort of privacy instead of throwing our doors open to anyone with a badge so that they can rifle through our homes in case we may have been doing something wrong? So that we can keep some kind of checks on the cops so that they might work to protect us while respecting our rights instead of just busting people and feeling like tough-guys on a power trip?

Pick which ever one speaks to you best.

Re:Right

[Firehed]

At least in the US, evidence found against you found in an illegal search* cannot be used against you. If the search was legal (warrant attained or reasonable suspicion of wrongdoing), then it's your fault for having done whatever other stuff you get hit with, regardless of why you/your home/vehicle was searched. Don't confuse this with secondary offenses, like not having your seat belt on in many states (they can't pull you over specifically for that, but can add it to the ticket).

* if they can see the bag of weed (or whatever) on your back seat through the window, not only is it legal for them to arrest you for it, but it also gives them reasonable suspicion to search the rest of the vehicle without attaining a warrant, even if you protest.

IANAL, YMMV, laws vary by state, etc. And all bets tend to be off at border stops, especially internationally. As far as I'm aware, they have the legal (USA PATRIOT act legal, anyways) right to search your vehicle entirely at any international border.

But back to the topic at hand, if your computer is legitimately siezed, I think you should at least be able to know what processes were used to search for X when Y was found. If they want to arrest you for possession of goat porn, and then they find CP, you should be able to find out that the latter came up when they did a general search for porn, rather than when they explicitly searched for it. Or if they find pirated media when searching for CP, which would be a lot harder to accidentally find by the same 'legit' search. It'll never happen, and good luck auditing the police's methods even if you had the right to do so. Just encrypt all of your crap, and don't have illegal stuff.

My 2c

Re:Right

[timepilot]

No, that's not what Mapp v. Ohio established. Mapp v. Ohio established that evidence found in searches *in violation of the 4th amendment* may not be used.

Mapp v. Ohio doesn't say anything about not being able to use evidence found during legal searches, such as those conducted with a warrant.

Re:Right

[sexconker]

If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

People being tortured? No, they stop it right then and there.
Evidence of people being tortured? Yeah, you have to get another warrant.

Re:Right

[bitslinger_42]

According to US law, at least (and not always followed by US cops, I might add), whether the evidence on the secondary offense is admissible or not depends on how it was found. If a cop pulls over a car for speeding and sees an open container of beer sitting on the seat next to the driver, the open container is typically admissible. If, on the other hand, the cops raid a house looking for a stolen 62" television and, as long as they're in the house, decide to check in the toilet tank and find a stash of cocaine, that typically is not, since searching the toilet wouldn't have been part of the search for the big TV. Likewise, the original warrant would probably not allow the cops to bring along drug-sniffing dogs on a search for a stolen TV. Of course, I'm generalizing here, and am not a lawyer, but you get the picture.

Thus far, the same principles apply to computer searches. If the warrant says that the cops are looking for evidence related to illegal gambling operations on the computer, the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.) unless such terms show up in documents found by the warranted search. If, in reviewing a document named IllegalGamblingProfits.doc, they see a reference to cocaine sales, the cops may have just cause to perform another search looking for cocaine. Since they've already got the computer at that point, though, they'd be better off to go back to the judge and get a 2nd warrant that authorizes the cocaine search, but given the similarities between finding the information in an admissible piece of evidence and seeing the open container in plain sight, I can see how a judge would give the benefit of the doubt in court.

I can't quite tell what the cops in TFA are asking for, though. If, on the one side, they want to be able to bring along a device that's pre-configured with the search terms for the warrant (gambling terms, from the above example), such a device would theoretically be legal in the US, since it would simply be automating the search that would otherwise have been performed by the trained analyst. If, on the other side, they want a device that identifies any illegal activity, that should be unconstitutional for 4th Amendment reasons.

All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.

The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.

Re:Right

[HTH+NE1]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

You seem to be excluding people with illegal drugs from this group you erroneously label as "all". Be careful you do not find yourself similarly excluded.

And sometimes they're not even caught with drugs but rather caught with "too much" cash on their person.

Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

"Vote Fascist for a Third Glorious Decade of Total Law Enforcement."

If every law is enforced 100% of the time, you live in a police state and have no real freedom, where even the tiniest of harmless infractions will bring harsh penalties:

A much-fatter Mrs. Krabappel writes "Homework: eat a stick of butter" on the blackboard. "Since so many students have been put on permanent detention," she begins, burps, and continues, "we've merged everyone into a single class. I trust there are no objections?" Bart, Lisa, Milhouse, Wendell, and Ralph say nothing. Wendell shivers in fright and his pencil falls to the floor. Mrs. Krabappel looks up, points to the hall, and says, "Detention." Wendell looks appealingly at Milhouse and Ralph who look away, and he leaves the class.

Re:Right

[AndrewNeo]

What? I thought that movie was about the innovations in user interface!

Re:Right

[corbettw]

Isn't there a plain-sight provision with that rule? If the cops have a warrant to search your house for crack, and see a dead body laying on the kitchen floor, they can go ahead and arrest you for murder.

On advice of my lawyer, I can't really say anything else.

Re:Right

[idontgno]

There's an object lesson here.

Don't hide your crack stash inside the dead body laying on the kitchen floor. It doesn't work, it provides no cover in court, and the necessity of the search really pisses off John Law.

Re:Right

[gnick]

No racism intended - I'm as white as they come. It's from an ancient joke. Basically, the Lone Ranger and Tonto have a horde of angry Indians bearing down on them. The Lone Ranger says, "It looks like we're in a lot of trouble this time, Tonto." Tonto replies, "What you mean 'we', white man?"

Basically, I was just trying to point out that b4upoo was making an assumption that we're all in the same camp here, when we're definitely not - I don't want to sacrifice my rights so that the cops can catch a few more pot smokers. That excludes me from his inclusive "we" in:

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

The joke isn't remotely a perfect parallel, but I thought it would be amusing. Sorry if it came across racist (although feel free to nail me for calling Native Americans "Indians" when explaining the joke - At least I refrained from including the phrase "feathers, not dots".)

Re:Right

[Mister+Whirly]

Why restrain cops at all? Why not just let them murder anyone they think might be guilty of something? We would all be so much safer then. *rolls eyes*

Re:Right

[johnsonav]

Because most criminals are idiots to begin with.

Sigh... You're right. Which is probably why there are so few elaborate bank-jobs, cunning cons, and ridiculously over-the-top plots to blow up buses that fall below 55mph, in the news. I like movies better than real life. Sigh...

Re:Right

[kingrooster]

Nah, it's called the Plain View Doctrine.
http://en.wikipedia.org/wiki/Plain_view_doctrine

Basically, anything found that isn't on the warrant needs to be in plain view and they can't move items looking for it unless moving items might yield what is specified in the warrant.

Having said that, those are some vague rules and I'm sure a cop could justify looking anywhere he damn well pleases.

I guess if they are looking for a dead body but they look inside the books on your bookshelf and find some drugs, it might not hold up.

Re:Right

[Shakrai]

Which is probably why there are so few elaborate bank-jobs

And I could actually understand the motivation for an elaborate bank-job. You disable the alarm, tunnel into the bank, break open the vault and walk away with a cool million or so. I could get behind that. A million bucks is worth the chance of going to prison......

What isn't worth the chance of going to prison is the dumbass who holds up the bank with a gun and walks away with a lousy $10,000. Even worse is the dumbass who holds up the gas station with a gun and walks away with less than $100. Clearly they didn't do a proper cost benefit analysis ;)

Re:Right

[clarkn0va]

and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list

I believe that's why Vista introduced Instant Search. Johnny Law just needs to call ahead and ask the suspect to ensure that it's enabled and properly configured. And that the suspect has at least 4GB of RAM installed, and dual 64-bit CPUs. Also, it would be helpful if the suspect left the computer on so the police don't have to wait around for Vista and Norton and HP to spin up. Hmm. I'm starting to see your point.

Re:Right

[triffid_98]

Which is exactly why we'll code our application to flag any encrypted files or hidden partitions, plus a full scan of your unencrypted swap file.

Since this is the UK you will hand over your encryption keys, have a nice day.

Just encrypt all of your crap, and don't have illegal stuff.

Amen. With all the practically unbreakable, freely available encryption solutions out there, I don't understand why any criminal who, even occasionally, touches a computer, doesn't use a generous amount of encryption. Encryption stymies any attempt at, after the fact, detection.

Re:Right

[iamhassi]

"That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that."

Yeah, or they want remote access:
"McMurdie also discussed the possibility of setting up a "central forensic server", where digital forensic experts from across the UK could log in and analyse whatever systems were plugged into it."

Wow, are police in the UK really that dumb? They either want a magic wand that tells you if a computer has "illegal" content on it, or they want what has already existed since before the internet?

Re:Right

[LunaticTippy]

Yeah, the 7-11 bandits that get <$10 plus some beer and cigarettes crack me up. A lot of crime seems very inefficient. $200 for a new car window, $200 for a new stereo, $200 for the dashboard repairs, and the thief got $20.

I knew a bank robber. I didn't know he was knocking over banks at the time, but he later was in a long distance high speed chase ending in suicide by cop. Pretty surprising to everyone that knew him. I think he got ground down by his circumstances for too long. He spent so many years having to scrimp and do without it made him crazy. I remember him going out to eat a lot and buying little gifts for his friends and seeming happier than usual. I guess for him a lousy $60k (assuming he got $10k per bank) was worth dying for.

The truly weird thing was when he got away from the 5th bank it was very close. He was driving on medians and shoulders, through fields like a maniac during rush hour with dozens of cops on his tail. Somehow he got away and instead of ditching the car and going straight he laid low for a month and did it again.

But...

[Jonah+Bomber]

Won't that only work with alcohol cooled systems?

Re:But...

[Chris+Burke]

Won't that only work with alcohol cooled systems?

Yeah, but unless the alcohol cooled computer is driving a car, I don't see how that's illegal.

But seriously, people, don't let your PC drive under the influence. Yeah, yeah, it says that it's "overclocked' and much more efficient than when it's just running on water, but then it'll kill a little old C64 crossing the street and wind up in "Pound Me In the USB Port" Prison.

Good luck with that

[Foofoobar]

Steganography, encryption, log erasing, etc. There is no 'out of the box' solution. Every computer is going to require a computer forensics team to go over it unless the OS manufacturer builds in those tools. And you can guarantee that NO manufacturer wants people to know that anyone can just open up your system via a backdoor at anytime.

Re:Good luck with that

[windex82]

I used to do a bit of work at the local police department. In my time I set them up a forensics station for PC's.

The most important part of the entire project was ensuring the data was not tampered with (or deleted on accident!) in order to actually use what was found for anything useful.

Wasn't a very hard project what we did was setup a PC with two removable bays and a write protect jumper and showed the officers which part needs to come out of PC brought in as evidence and how to put it into the removable caddy and launch the script that made an image of the drive. At no time while in police custody would the hard drive have power unless it was write protected, and was in an sealed evidence bag if not being used. Once the image was completed they would remove the original and do all the forensics on the copy, which got the same evidence bag treatment as the original.

Don't quit your day job, detective superintendent

[konigstein]

Because it's painfully clear your don't understand computer forensics either.

Outlaw encryption

[TheMeuge]

The next inevitable step for the UK gov't will be to outlaw using encryption on personal computers, because it's "too hard" to break.

This isn't a slippery slope for the UK anymore, it's a landslide, rushing down the mountain, annihilating everything in its way.

Sad.

Re:Outlaw encryption

[rlp]

Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).

Re:Outlaw encryption

[orzetto]

What happens if you "forget" the key? Like this: "Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty." How can they prove you are lying, short of breaking the encryption and finding the evidence?

Re:Outlaw encryption

[Constantine+XVI]

That scheme falls apart when the investigators know what TrueCrypt does.

"Give me your password. No, the one for the hidden volume."

Re:Outlaw encryption

[MaskedSlacker]

They cannot prove that a hidden volume even exists, that is the whole point.

Re:Outlaw encryption

[clone53421]

In that case, I guess it'd be a really bad idea to install TrueCrypt unless you really do have something to hide. Wait, you have TrueCrypt installed?

Now, a clever man would have known it'd be stupid to install it if you have nothing to hide, because only a great fool would install it without having anything to hide! However, I am not a great fool, so I can clearly know that you're hiding something! But you must have known that I was not a great fool, in fact, you would have counted on it, so you clearly must be hiding something! Now tell us the password!

Yeah, right...

[Drakkenmensch]

Combine this with a remote access software, and you don't even need to enter a person's home to scan their PC for files anymore. Forget all this pesky due process for warrants and investigation, we can now scan tens of thousands of computers every day and just fish idly for perps. All done without even needing to look at your screen while the software does the dirty work for you.

UK up in arms.

1) Hide a remotely detonatable explosive device in your computer
2) Write a script to automatically crawl 4chan's /b/
3) Be somewhere else when the party van arrives
4) KABOOM!
5) Nelson from the Simpsons would then usually say "ha-ha!" but he's locked up on child porn charges because he posted his own nudes on the internet.

they also want

[Mr.+Slippery]

Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers

Top brass also wants a date with Scarlett Johansson. And a pony for each officer on the force.

I figure the odds are about the same for each.

I can see

[zehaeva]

There is going to be a large amount of demand for "Computer Forensics Specialist" in the near future. Too bad the majority of them are going to go to devry thinking they're going to learn everything they need to.

Dumbest. Idea. Ever.

[orzetto]

What next, a breathalyser for paedophiles? Murderers? Terrorists? Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile? Any criminal worth spending this project's money on is savvy enough to fully encrypt his hard disk. If they are so dumb not to encrypt compromising data, any cop with a few hours of training could find it. So what is this project really aiming at?

Interpretation

[Capt+James+McCarthy]

It costs too much money for the Police to pay quality IT Forensics folks. The police want a simple green, yellow, or red light that the police can follow, that is closed source and has it's AI written by policy makers to decide what is legal or questionable.

The Truth

[JackassJedi]

The scary thing about this is that it doesn't matter if it works right, it just matters if it gets certified and approved for use as that what it claims it is. And that could just happen.

Why do cops always want an easy job?

[causality]

I really think this is the same mentality that eventually comes to see individual rights and due process as pesky "inefficiencies" that only interfere with "real police work". They seriously need to tell new police recruits that their job is not easy and is not supposed to be easy. If any of them don't like that they should also be told where the exits are.

I think this is another example of relatively well-meaning people who fail to comprehend how dangerous their intentions are because they don't think them through. Let's say there is a device that can be plugged into a PC (maybe the USB port?) and almost instantly tell you whether it has illegal content with no need for expert analysis. Yeah I know that I should also posit the existence of the tooth fairy but bear with me. Who makes this device? How trustworthy are they? Do competitors or other rivals oddly happen to have a higher percentage of "illegal" PCs? Is the device a black box or can the average person examine and scrutinize it? If the cops already don't have the staff or the expertise to perform forensic analysis on PCs, what's our guarantee that they will correctly use this device or that they can offer any sort of assurance that the way it is used won't violate anyone's civil rights? What's to prevent criminals from obtaining one (by whatever means) and making sure that their illegal data isn't where this thing is looking? If I can think of this in a few minutes, WTF are these people smoking that they consider this a serious proposal? Or do they simply not care about these concerns?

You know what you'll probably never see? The police "top brass" asking for a device to help make sure that their officers don't violate anyone's civil rights and that they follow all the laws concerning due process.

Perfect counter to that

[jollyreaper]

I'll just use a hot glue gun to seal up all of my usb ports and use ps/2 connectors for mouse and keyboard.

fuzz: HOLY SHIT! THIS GUY MUST BE SOME SORT OF UBER_HACKER!!!

me: Too fucking right. Now you piggies hurry on back to the donut shop or I'll make your cruiser drive you down to the gay district on autopilot with YMCA blaring from the radio. (holds hands up over head, makes "whoooooooooing" scary sound, wiggles fingers menacingly)

fuzz: BETTER TAKE HIM SERIOUSLY! HE COULD DO IT!!

me: Heh. Wankers.

The Headline

[UMNbandgeek]

When I read the headline, I thought they literally meant a breathalyzer, to keep drunk people off PCs. I could probably use one, it would cut down on the drunk IMs and facebook posts.

Doesn't go far enough

[blophyus]

Forget a tool for computers. We need a tool like this for physical crime scenes. You know: something that would, like, scan crime scenes and find, like, relevant DNA evidence and shit. It could even have an option where it would print out an arrest warrant with the name of the murderer on it.

Re:Don't quit your day job, detective superintende

[jimicus]

Her day job is architect of the UK's Police Central E-crime Unit, so it might be a bit late for that.

Having said that, I get the distinct impression from RTFA that this is pie-in-the-sky "this is the sort of tool we'd like in an ideal world, not that it's even remotely practical" rather than something that's in active development:

said frontline police ideally need a digital forensic tool as easy to use as the breathalyser, to help them deal with growing numbers of computers being seized during raids on suspects' homes

Yep, and I bet they'd like a machine which they can just turn on, punch in details of an unsolved crime and bingo! it tells you the perpetrators name, address, telephone number, the car they drive, their plans for the next 48 hours and where sufficient evidence to obtain a conviction can be found. It's fairly obvious from the article that whatever qualification this woman has, none of them involve technology.

"Reasonable suspicion"

[khasim]

"Reasonable suspicion" is the key phrase here.

If the cop stops you for running a red light and sees something suspicious then he can go further.

But stopping you for one thing does NOT give them the authority to check for everything they can think.

http://en.wikipedia.org/wiki/Reasonable_suspicion

Re:"Reasonable suspicion"

[multipartmixed]

What you say is true, HOWEVER, the GPs post is on point.

On Law & Order, they call it the "Plain View Exception".

Apparently it exists IRL too: http://www.policelink.com/training/articles/2043-plain-view-doctrine-

Re:"Reasonable suspicion"

[Paul+Jakma]

I don't know why you're marked informative. I suspect you're telling us about what you think is the case for US law, completely oblivious to the fact that this article is about the UK. (You know, different country, different laws?).

Police in the UK have *far* broader powers to stop and search people on the streets and public roads. IANAL, so I won't go further.

Analyse?

[zmooc]

the majority of cops don't have the skills to forensically analyse a computer

The majority of cops doesn't even have the skills to find my computer halfway up the old chimney;P However, I'm looking forward to the day they have to work their way through my massive computer-cemetery;->

why police like drug offenses

[PMuse]

As other posters have noted, cyber fraud is hard to prove, since the evidence it leaves behind (data, transactions, account numbers) looks so much like legal commerce. It takes a lot of smart work by educated professionals to prove the difference.

Now you know one of the reasons that the police like drug laws so much: The key facts can be understood and collected by an officer with an IQ of 80 and just a couple months of training.

IT'S IN THE GODDAMN RFC!

[Nicolas+MONNET]

It's in the goddamn rfc, they HAVE to follow it. What are you, from Microsoft?

Re:Probable Cause

[Scannerman]

I think people misunderstand the nature of law enforcement in the UK (and elsewhere)

1) we have LOTS of laws
2) Every one is guilty of something
3) The police know that you are guilty
4) At the moment they have to specify what of.

The primary strategy is to try and remove requirement ( 4) but an automated identification of your special crime would be a big help.

Umm, not quite

[logicnazi]

Yes, generally anything that is encountered during the course of a lawful search (even if for something else) is admissable. Sure, cops can't go paw the drawer next to your bed looking for a stolen TV but the problem is how this is understood by the courts.

In particular this rule is understood to mean that if the police open your safe looking for a stolen laptop the papers inside would be admissible in court. In other words once the police have cause to look inside a container you own they can examine the contents at their leisure, they need not immediately cease looking the second it's apparent the subject of their warrant isn't present. Now if you had a locked jewelery box inside that safe they likely wouldn't be able to examine the contents if it was outside the scope of the original warrant but the problem is when you try to map this notion onto that of a computer.

In particular it turns out that case law so far has endorsed the idea that the computer is just one big container. Maybe things would be different if you had an encrypted volume on the computer but in general once they have reason to examine your computer for one thing they can examine everything.

In fact the standard practice in the US is to seize your computer and have their experts perform a low level clone of the disk the second they have any reason to search your computer. Moreover, since the 4th ammendment and past case law is grounded in the notions of physical searches and seizures there is no framework for restricting what they can use the HD clone for once it's been made (well privacy laws might prevent them from disclosing your cybersex logs but that's about it)

The United Kingdom is now The Village

[Chris+Tucker]

And you're ALL Number 6.

Do you have the courage that Number 6 had? Will you fight back against Number 2?

Are you just "A number" or are you Free Men & Women?

The choice is yours.

Re:Now, THIS would be entertaining...

[the_womble]

I'm just waiting for the day when a botnet herder decides to find out the answer to the question of "what will the government do when *everyone* is a criminal?"... and malware sends a "care package" to 1,000,000+ computers, consisting of illegal content {child porn / whatever) - then reports the IP addresses to the authorities.

If the sort of people who ran botnets were the sort of people who want better laws and police, that would happen. I rather think that is the last thing they want.

What is more likely (if it is not happening already) is that more targeted hacks are being used to plant material on computers, hidden where are non-knowledgeable user would not easily find it, and then blackmailing them. A few files could be placed in open view to prove that the threat was real - or perhaps a random illegal image could be popped up at intervals to keep the pressure up.

Most people would be too scared to get help, and would roll over.

Sadly, yes

[RexDevious]

A lot of "common sense" powers have had to be denied to police, because they've proven themselves incapable of not abusing them. Every counter-intuitive restriction placed on government officials can be traced to an incident of abuse so horrific, that society opted to "tie the hands" of everyone rather than entrust anyone with that power any longer. Really, it takes quite a lot for anyone in government to advocate a limit on governmental powers.

Re:Be careful though.

[ancientt]

I was watching cops (not a regular viewer but was being sociable) and saw a cop search a car claiming a "furtive gesture" as probable cause. I could hardly believe it, here was a guy who knew he was being filmed who apparently decided that showing his ability to get around the need for a warrant was going to be taken as a good thing by viewers. What sticks with me isn't the injustice of it all, it was that a potential jury of peers sitting around watching TV seemed to support the action.