UK Cops Want "Breathalyzers" For PCs

An anonymous reader writes "One of the UK's top cyber cops, detective superintendent Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers, a simple tool that could be plugged into a machine during a raid and retrieve evidence of illegal activity. McMurdie said the device was needed because of a record number of PCs were being seized by police and because the majority of cops don't have the skills to forensically analyse a computer."

Right

[Endo13]

That's pretty much like building a mind-reader to figure out if a person has ever committed a crime. Good luck with that.

Re:Right

Well, it's easy enough to build up a database of SHA1 hashes for kiddie porn and such. But what they describe is simply ludicrous:

McMurdie said such a tool could run on suspects' machines, identify illegal activity - such as credit card fraud or selling stolen goods online - and retrieve relevant evidence.

Hey asshole, aren't search warrants supposed to explicitly specify what you're looking for? You seized the computer, it should've been for a specific reason, not to conduct a fishing expedition.

Re:Right

[theaveng]

Well put.

But the governments of this world routinely ignore law (obtain warrant naming specific evidence desired) and instead do exactly what you described - go on a fishing expedition. "Well we came here to get marijuana, but instead we discovered porn on your PC, so you go to jail buddy."

They do this same ____ in the U.S. with random searches of cars. They are supposed to be looking for illegal immigrants, but instead they bring in the dogs and have them sniff for marijuana/cocaine. Then they arrest you.

This shouldn't be allowed.

Re:Right

[CannonballHead]

Doesn't this kinda depend? Just because you found something else while looking for your actual thought doesn't mean you have to IGNORE it. If you came looking for credit card fraud and found, say, illegal hacking activity, should they just ignore it? If you go into a house looking for marijuana and you find people being tortured, do you have to go back to the station, get a warrant for looking into that, and then come back?

Now, if they pull you over for "presumably" running a stop sign and sniff your car, that's different. On the other hand, since illegal immigrants and drugs seem to go together, since drug trafficking and immigrant trafficking is a similar thing (smuggling), I don't actually see a problem is searching for both at the same time.

I'm not saying they should be allowed to just randomly show up and search your house without giving a reason, by the way.

It's a fine line between hampering catching criminals by giving "too many rights" and stepping over the bounds of innocent until proven guilty...

Re:Right

[blueg3]

Actually, that's not the problem they're trying to solve. I don't know about in the UK, but in the US, any kind of searching (including hash comparisons and automated tools like this) require a search warrant that covers the computer.

What they're really interested in is not conducting fishing expeditions, but trying to find some useful information -- even just narrowing down which machine they actually need to fully analyze -- within the machines covered by a search warrant. Generally the procedure is to box these things up, hand them over to computer forensic experts, and wait 6-12 months for them to perform a full analysis. Cutting down the amount of work they have to do by giving them only the one computer out of ten that is actually interesting, or being able to pull some small amount of useful information to use in the investigation immediately, is of great value.

This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.

Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.

Re:Right

[JLennox]

As an employer, I use to run background checks on people. One man in his early 50s had a "drug possession" charge from decades before. He got busted with a joint. As much as I agree with keeping a lot of drugs off the streets, it's hard to agree when the legal punishment for some drugs is far more damaging than the drug it self.

Re:Right

[causality]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do? Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

They cannot even keep illegal drugs out of prison (don't take my word for it -- do the research yourself). How do you propose that we do this in a relatively free society? The way it has worked is that some amount of crime is tolerated in exchange for having a free society with things like legally recognized civil rights. With drugs and lately with terrorism the (dangerous) mentality has been that we need to stop $EVIL_THING no matter how high the cost is to the rest of society. This is tunnel vision at best, a step towards a totalitarian government at worst.

But I am curious. Once you see for yourself with your own research that they cannot even keep drugs out of prisons, I would like to know this: what environment even more restrictive than prison would you propose for the entire population in order to better meet your 100% detection/punishment rate? I'd also like to know whom you would entrust with the management of this environment.

Re:Right

[gnick]

Except we want cops to catch people with illegal drugs etc..

What do you mean "we", white man?

Why restrain the cops from doing what we all need them to do?

So that they don't trample all over innocent people in their race to jail stoners? So that we can maintain some sort of privacy instead of throwing our doors open to anyone with a badge so that they can rifle through our homes in case we may have been doing something wrong? So that we can keep some kind of checks on the cops so that they might work to protect us while respecting our rights instead of just busting people and feeling like tough-guys on a power trip?

Pick which ever one speaks to you best.

Re:Right

[Firehed]

At least in the US, evidence found against you found in an illegal search* cannot be used against you. If the search was legal (warrant attained or reasonable suspicion of wrongdoing), then it's your fault for having done whatever other stuff you get hit with, regardless of why you/your home/vehicle was searched. Don't confuse this with secondary offenses, like not having your seat belt on in many states (they can't pull you over specifically for that, but can add it to the ticket).

* if they can see the bag of weed (or whatever) on your back seat through the window, not only is it legal for them to arrest you for it, but it also gives them reasonable suspicion to search the rest of the vehicle without attaining a warrant, even if you protest.

IANAL, YMMV, laws vary by state, etc. And all bets tend to be off at border stops, especially internationally. As far as I'm aware, they have the legal (USA PATRIOT act legal, anyways) right to search your vehicle entirely at any international border.

But back to the topic at hand, if your computer is legitimately siezed, I think you should at least be able to know what processes were used to search for X when Y was found. If they want to arrest you for possession of goat porn, and then they find CP, you should be able to find out that the latter came up when they did a general search for porn, rather than when they explicitly searched for it. Or if they find pirated media when searching for CP, which would be a lot harder to accidentally find by the same 'legit' search. It'll never happen, and good luck auditing the police's methods even if you had the right to do so. Just encrypt all of your crap, and don't have illegal stuff.

My 2c

Re:Right

[timepilot]

No, that's not what Mapp v. Ohio established. Mapp v. Ohio established that evidence found in searches *in violation of the 4th amendment* may not be used.

Mapp v. Ohio doesn't say anything about not being able to use evidence found during legal searches, such as those conducted with a warrant.

Re:Right

[bitslinger_42]

According to US law, at least (and not always followed by US cops, I might add), whether the evidence on the secondary offense is admissible or not depends on how it was found. If a cop pulls over a car for speeding and sees an open container of beer sitting on the seat next to the driver, the open container is typically admissible. If, on the other hand, the cops raid a house looking for a stolen 62" television and, as long as they're in the house, decide to check in the toilet tank and find a stash of cocaine, that typically is not, since searching the toilet wouldn't have been part of the search for the big TV. Likewise, the original warrant would probably not allow the cops to bring along drug-sniffing dogs on a search for a stolen TV. Of course, I'm generalizing here, and am not a lawyer, but you get the picture.

Thus far, the same principles apply to computer searches. If the warrant says that the cops are looking for evidence related to illegal gambling operations on the computer, the cops are typically not allowed to search for non-related keywords (i.e. "lolita", "cocaine", etc.) unless such terms show up in documents found by the warranted search. If, in reviewing a document named IllegalGamblingProfits.doc, they see a reference to cocaine sales, the cops may have just cause to perform another search looking for cocaine. Since they've already got the computer at that point, though, they'd be better off to go back to the judge and get a 2nd warrant that authorizes the cocaine search, but given the similarities between finding the information in an admissible piece of evidence and seeing the open container in plain sight, I can see how a judge would give the benefit of the doubt in court.

I can't quite tell what the cops in TFA are asking for, though. If, on the one side, they want to be able to bring along a device that's pre-configured with the search terms for the warrant (gambling terms, from the above example), such a device would theoretically be legal in the US, since it would simply be automating the search that would otherwise have been performed by the trained analyst. If, on the other side, they want a device that identifies any illegal activity, that should be unconstitutional for 4th Amendment reasons.

All of the legal discussion ignores the technical aspects. I am a professional forensic analyst, and with relatively good hardware (dual 64-bit CPUs, 10k RPM SATA drives, 4GB of RAM, etc.) it can take hours to perform even a simple search with a small list (i.e. fewer than 5) of static (i.e. non-regex) keywords. Adding complexity in, or adding keywords, can increase the search time to days. There's no way that untrained cops could simply plug a device into a suspect's 5 year old laptop and be able to get results back in less than an hour, and that's not counting the potential modifications to the evidence caused by booting without a write-blocker, doing deleted-file recovery, opening compound files (Outlook offline storage, ZIP files, etc.) or doing signature analysis to identify obfuscated data. Don't even think about it if the suspect thought enough to use encryption.

The cops may want something like this, but it will probably be the laws of physics that prevent it and not the Constitution.

Re:Right

[HTH+NE1]

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

You seem to be excluding people with illegal drugs from this group you erroneously label as "all". Be careful you do not find yourself similarly excluded.

And sometimes they're not even caught with drugs but rather caught with "too much" cash on their person.

Whether its illegal aliens or a bundle of dope I prefer that 100% be detected and punished.

"Vote Fascist for a Third Glorious Decade of Total Law Enforcement."

If every law is enforced 100% of the time, you live in a police state and have no real freedom, where even the tiniest of harmless infractions will bring harsh penalties:

A much-fatter Mrs. Krabappel writes "Homework: eat a stick of butter" on the blackboard. "Since so many students have been put on permanent detention," she begins, burps, and continues, "we've merged everyone into a single class. I trust there are no objections?" Bart, Lisa, Milhouse, Wendell, and Ralph say nothing. Wendell shivers in fright and his pencil falls to the floor. Mrs. Krabappel looks up, points to the hall, and says, "Detention." Wendell looks appealingly at Milhouse and Ralph who look away, and he leaves the class.

Re:Right

[corbettw]

Isn't there a plain-sight provision with that rule? If the cops have a warrant to search your house for crack, and see a dead body laying on the kitchen floor, they can go ahead and arrest you for murder.

On advice of my lawyer, I can't really say anything else.

Re:Right

[gnick]

No racism intended - I'm as white as they come. It's from an ancient joke. Basically, the Lone Ranger and Tonto have a horde of angry Indians bearing down on them. The Lone Ranger says, "It looks like we're in a lot of trouble this time, Tonto." Tonto replies, "What you mean 'we', white man?"

Basically, I was just trying to point out that b4upoo was making an assumption that we're all in the same camp here, when we're definitely not - I don't want to sacrifice my rights so that the cops can catch a few more pot smokers. That excludes me from his inclusive "we" in:

Except we want cops to catch people with illegal drugs etc.. Why restrain the cops from doing what we all need them to do?

The joke isn't remotely a perfect parallel, but I thought it would be amusing. Sorry if it came across racist (although feel free to nail me for calling Native Americans "Indians" when explaining the joke - At least I refrained from including the phrase "feathers, not dots".)

Re:Right

[Mister+Whirly]

Why restrain cops at all? Why not just let them murder anyone they think might be guilty of something? We would all be so much safer then. *rolls eyes*

Re:Right

[johnsonav]

Because most criminals are idiots to begin with.

Sigh... You're right. Which is probably why there are so few elaborate bank-jobs, cunning cons, and ridiculously over-the-top plots to blow up buses that fall below 55mph, in the news. I like movies better than real life. Sigh...

Re:Right

[LunaticTippy]

Yeah, the 7-11 bandits that get <$10 plus some beer and cigarettes crack me up. A lot of crime seems very inefficient. $200 for a new car window, $200 for a new stereo, $200 for the dashboard repairs, and the thief got $20.

I knew a bank robber. I didn't know he was knocking over banks at the time, but he later was in a long distance high speed chase ending in suicide by cop. Pretty surprising to everyone that knew him. I think he got ground down by his circumstances for too long. He spent so many years having to scrimp and do without it made him crazy. I remember him going out to eat a lot and buying little gifts for his friends and seeming happier than usual. I guess for him a lousy $60k (assuming he got $10k per bank) was worth dying for.

The truly weird thing was when he got away from the 5th bank it was very close. He was driving on medians and shoulders, through fields like a maniac during rush hour with dozens of cops on his tail. Somehow he got away and instead of ditching the car and going straight he laid low for a month and did it again.

Good luck with that

[Foofoobar]

Steganography, encryption, log erasing, etc. There is no 'out of the box' solution. Every computer is going to require a computer forensics team to go over it unless the OS manufacturer builds in those tools. And you can guarantee that NO manufacturer wants people to know that anyone can just open up your system via a backdoor at anytime.

Re:Good luck with that

[windex82]

I used to do a bit of work at the local police department. In my time I set them up a forensics station for PC's.

The most important part of the entire project was ensuring the data was not tampered with (or deleted on accident!) in order to actually use what was found for anything useful.

Wasn't a very hard project what we did was setup a PC with two removable bays and a write protect jumper and showed the officers which part needs to come out of PC brought in as evidence and how to put it into the removable caddy and launch the script that made an image of the drive. At no time while in police custody would the hard drive have power unless it was write protected, and was in an sealed evidence bag if not being used. Once the image was completed they would remove the original and do all the forensics on the copy, which got the same evidence bag treatment as the original.

Don't quit your day job, detective superintendent

[konigstein]

Because it's painfully clear your don't understand computer forensics either.

Yeah, right...

[Drakkenmensch]

Combine this with a remote access software, and you don't even need to enter a person's home to scan their PC for files anymore. Forget all this pesky due process for warrants and investigation, we can now scan tens of thousands of computers every day and just fish idly for perps. All done without even needing to look at your screen while the software does the dirty work for you.

Re:Outlaw encryption

[rlp]

Too late - in Britain, it is a crime to refuse to turn-over your encryption key to the police when requested (no 5th amendment rights).

they also want

[Mr.+Slippery]

Charlie McMurdie, says the top brass want to develop the equivalent of a breathalyzer for computers

Top brass also wants a date with Scarlett Johansson. And a pony for each officer on the force.

I figure the odds are about the same for each.

Re:But...

[Chris+Burke]

Won't that only work with alcohol cooled systems?

Yeah, but unless the alcohol cooled computer is driving a car, I don't see how that's illegal.

But seriously, people, don't let your PC drive under the influence. Yeah, yeah, it says that it's "overclocked' and much more efficient than when it's just running on water, but then it'll kill a little old C64 crossing the street and wind up in "Pound Me In the USB Port" Prison.

Dumbest. Idea. Ever.

[orzetto]

What next, a breathalyser for paedophiles? Murderers? Terrorists? Why does not the UK police use that money to train their people or hire new specialists instead of trying to build a perpetuum mobile? Any criminal worth spending this project's money on is savvy enough to fully encrypt his hard disk. If they are so dumb not to encrypt compromising data, any cop with a few hours of training could find it. So what is this project really aiming at?

Re:Outlaw encryption

[orzetto]

What happens if you "forget" the key? Like this: "Your honour, I once experimented with encryption, but could not understand how it worked. The files must be leftovers of that installation. I never used them and they must be empty." How can they prove you are lying, short of breaking the encryption and finding the evidence?

The Truth

[JackassJedi]

The scary thing about this is that it doesn't matter if it works right, it just matters if it gets certified and approved for use as that what it claims it is. And that could just happen.

Why do cops always want an easy job?

[causality]

I really think this is the same mentality that eventually comes to see individual rights and due process as pesky "inefficiencies" that only interfere with "real police work". They seriously need to tell new police recruits that their job is not easy and is not supposed to be easy. If any of them don't like that they should also be told where the exits are.

I think this is another example of relatively well-meaning people who fail to comprehend how dangerous their intentions are because they don't think them through. Let's say there is a device that can be plugged into a PC (maybe the USB port?) and almost instantly tell you whether it has illegal content with no need for expert analysis. Yeah I know that I should also posit the existence of the tooth fairy but bear with me. Who makes this device? How trustworthy are they? Do competitors or other rivals oddly happen to have a higher percentage of "illegal" PCs? Is the device a black box or can the average person examine and scrutinize it? If the cops already don't have the staff or the expertise to perform forensic analysis on PCs, what's our guarantee that they will correctly use this device or that they can offer any sort of assurance that the way it is used won't violate anyone's civil rights? What's to prevent criminals from obtaining one (by whatever means) and making sure that their illegal data isn't where this thing is looking? If I can think of this in a few minutes, WTF are these people smoking that they consider this a serious proposal? Or do they simply not care about these concerns?

You know what you'll probably never see? The police "top brass" asking for a device to help make sure that their officers don't violate anyone's civil rights and that they follow all the laws concerning due process.

Perfect counter to that

[jollyreaper]

I'll just use a hot glue gun to seal up all of my usb ports and use ps/2 connectors for mouse and keyboard.

fuzz: HOLY SHIT! THIS GUY MUST BE SOME SORT OF UBER_HACKER!!!

me: Too fucking right. Now you piggies hurry on back to the donut shop or I'll make your cruiser drive you down to the gay district on autopilot with YMCA blaring from the radio. (holds hands up over head, makes "whoooooooooing" scary sound, wiggles fingers menacingly)

fuzz: BETTER TAKE HIM SERIOUSLY! HE COULD DO IT!!

me: Heh. Wankers.

The Headline

[UMNbandgeek]

When I read the headline, I thought they literally meant a breathalyzer, to keep drunk people off PCs. I could probably use one, it would cut down on the drunk IMs and facebook posts.

Doesn't go far enough

[blophyus]

Forget a tool for computers. We need a tool like this for physical crime scenes. You know: something that would, like, scan crime scenes and find, like, relevant DNA evidence and shit. It could even have an option where it would print out an arrest warrant with the name of the murderer on it.

"Reasonable suspicion"

[khasim]

"Reasonable suspicion" is the key phrase here.

If the cop stops you for running a red light and sees something suspicious then he can go further.

But stopping you for one thing does NOT give them the authority to check for everything they can think.

http://en.wikipedia.org/wiki/Reasonable_suspicion

why police like drug offenses

[PMuse]

As other posters have noted, cyber fraud is hard to prove, since the evidence it leaves behind (data, transactions, account numbers) looks so much like legal commerce. It takes a lot of smart work by educated professionals to prove the difference.

Now you know one of the reasons that the police like drug laws so much: The key facts can be understood and collected by an officer with an IQ of 80 and just a couple months of training.

Re:So they want GOV spyware?

[sexconker]

What?
It's an apt post.
Spyware snoops around and grabs whatever it finds and deems to be unbecoming of a law abiding computer user.

They then hand that off (and the pc itself, likely) to a group of people who will do the analysis.

The post above you implies that this tool will not be of much actual help, and I agree. A "clean" report from the tool means nothing, and for any actual raids the computers will still be combed over by a forensic team. Any "dirty" report from the tool will result in the same outcome.

What this is really about is passing the buck and keeping face - the cops don't want to look incompetent, so they create this tool and publicize it.
Any failure of the cops will be blamed on the tool still being a work in progress, hackers actively working against the tool, etc.
Any responsibility on the part of the cops will be passed off immediately to the forensics teams. When the tool gives out a "dirty" report, the cops will fill out the green "Suspicion of Illegal Digital Bits on Electrical Personal Computing Device" form and hand over the report and the pc to the forensics team.

Once the tool is accepted as good and trustworthy, departments will find any excuse at all to use them to harass and extort money from the public.

Noise complaint?

Let's bang on the doors, give them shit, and check their computers for illegal activity. You just KNOW that music isn't paid for.

No, sir, since we heard music from the street, and we clearly can see you have a computer, and sound system, and a lack of physical CDs/tapes/records, in plain sight. We have reason to believe a crime has been committed. We don't need a warrant to perform a cursory search. If the search turns up anything, your equipment will be confiscated as evidence.

Re:Outlaw encryption

[MaskedSlacker]

They cannot prove that a hidden volume even exists, that is the whole point.

Re:So they want GOV spyware?

[Yetihehe]

Actually, if you can hear music from the street, it can be called "unlicensed public performing/playing".

Re:So they want GOV spyware?

[sexconker]

The cops can and will search and bust you with a reasonable suspicion / in plain sight excuse SO easily. Yes, in the USA.

Do you really think that such a tool, if created, would not be spyware?

Spyware has no particular meaning. Malware, Adware, Spyware, Greyware, Foistware, Crapware, Bloatware, etc. have all been coined in a feeble attempt to classify and categorize programs. There is no official designation or definition.

The term is a merging of the word "spy" and the word "software". Literally, spyware is software that spies. What is spying? Spying is looking for and collecting information, often secretly.

Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?
Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?
Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?

You jumped at the chance to shoot someone down and farm some karma by accusing them of not reading the summary.
In doing so, you missed the point of the post entirely (that people will still need to look at the data).
I called you out on it.
You got pedantic, saying the problem with the original post was the use of the term "spyware".
I'm calling you out again.

Re:So they want GOV spyware?

[severoon]

Let me get this straight. McMurdie is basically saying, We need a pervasive technology solution to compensate for the fact that I have the wrong and/or incompetent personnel.

Yea....

Re:So they want GOV spyware?

[blueg3]

You don't get the point. Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number. So, say you are investigating Joe Smith, who has 3 computers, a PDA, and a cell phone. You deliver all these to the forensic analysts. At least half a year passes before you get any information from them. At that point, the information is only really useful in a trial, but not in the investigation.

They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).

Re:So they want GOV spyware?

[syousef]

Good job managing to misread the summary.

Yeah! I didn't read the article or the summary and I can tell you I have the following strong opinion: There's no need for breathalizers for computers because if I pour alochol onto my computer it would short out. Therefore to determine if a computer has had alcohol just try and switch it on. If the power comes on and it boots, it hasn't had anything to drink.