Slashdot Mirror
UK Police Want Plug-In Computer Crime Detectors
An anonymous reader writes "UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.
TrueCrypt
Perhaps there is nothing morally wrong with it. But it is stupid. No automatic tool will completely replace a trained professional (for now). And that's even ignoring the likelihood that the UK police are confiscating way too many computers. The fact that they have way too many computers to investigate is very likely a symptom of an overzealous police force/government declaring many things illegal, as seems to be the trend in the West as of late. So really all they're doing is attacking the symptom, not the problem; which is par for the course as far as governments are concerned.
In the UK, yes. You'll be required to hand over your encryption keys to the government. If you refuse, it's 2-5 years, depending whether or not you're a "terrorist suspect." I wouldn't surprised if refusing makes you a terrorist suspect mighty quickly.
It's called COFEE
Cops got even got their own web portal courtesy of Microsoft.
Maybe they shouldn't seize so many computers.
As someone working in Digital Forensics in the UK I can honestly say that this is the most inspired piece of wisdom I have seen in a long time. Our company has literally had computers that haven't been switched on in a decade that have been sitting in a garage or attic until the cops decide to seize them. This is good for business but bad for taxpayer expenditure and the expedient discovery of data of evidential worth. The process for seizure of computer equipment in police investigations is essentially "if it has an on-off switch then seize it". There needs to be some training given to officers seizing although I doubt they will as they are scared of the first case of non-seized items containing illicit material.
Funny you should mention that.
Interesting little side story to this.. A co-worker's daughter had her purse stolen at college. The perp used her bank card to buy gasoline and make online purchases. They were traced and the person was caught. The local sheriff seized the perp's computer as evidence.
Where it gets interesting is that we had a MAJOR flood last year that flooded the sheriff's office. All of the evidence on hand was destroyed in the flood, and the cases the relied on the evidence had to be thrown out. To add insult to injury, they had to replace all the evidence that was destroyed. The perp ended up getting charged with nothing, and got a brand new computer out of the deal.
Needless to say, my co-worker was not happy!
"He's lost in a 'floyd hole"
This reminds me of another idiot device they gave to the British bobby: back in the 70's and 80's, there was a glut of illegal CB sets in England. They never legalised the use of 27MHz AM/SSB CBs and all the units sold were marked 'for export only' When they legalised CB, units that were approved could only transmit FM. Instead of overworking the radio inspectors, they gave bobbies on the beat a box that detected if a close transmitter was AM or FM, with two LEDs. The only problem was amateur radio operators can legally use AM and SSB (after all, they invented it!). One beat p.c. stopped a ham and asked him to talk in the mike, and, you guessed it, the illegal CB light lit up! Only when the amateur radio operator started cursing and swearing at the p.c. and getting red in the face did he consult another p.c. over the police radio who was a ham. This being the appropriate behaviour for a ham accused of being a CB'er, he let him go with an apology.
I'd imagine these would live thumb drives, specifically to sidestep any security measures like you described. A trained digital forensics expert will usually remove the hard drive, put it in a device that prevents any writes, make an image of the hard drive, and work from that. All of this is specifically to avoid running any code on the machine designed to hide any illegal information, and to prevent any corruption of evidence which would cause issues in court.
"Whatever happened to "You have the right to remain silent . . ." "
I wasn't aware the Miranda decision and the Bill of Rights applied to the UK.
www.eFax.com are spammers
http://en.wikipedia.org/wiki/Miranda_rights#England_and_Wales
-- Lattyware (www.lattyware.co.uk)
UK Police routinely say: "You do not have to say anything unless you wish to do so, but what you say may be given in evidence." More details here
A little time eh? Failure to surrender your encryption keys to the UK authorities will net you two years.
http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act
And that's assuming that the act of trying to defend your individual sovreignty doesn't just make them trump up a whole bunch more charges to keep you out of the way for much longer since you're obviously in league with the terrorists/pedos/catholics.
OMG!!! Ponies!!!
Because that would allow us to behave and speak freely... er, I mean... that would allow the evil, bad terrorist pædophiles to win. or something. .
Oh, the irony... "Anonymous Coward: If you have nothing to hide, you have nothing to fear!"
The likelihood of that actually working in court is very low. Generally if they're presenting evidence of illegal activity, a forensic examiner has to give testimony in court. The explanation, "this tool told me there was evidence" is far too insufficient. At least among the investigators I've worked with, none of them would use such a tool to find court-ready evidence if it didn't lay out low-level details of the findings, because they need to have those low-level details available at trial. (Plus, the direct results of tools are notoriously hard to certify. Trusting uncertified tools is great ammunition for the defense lawyers.)
Now, granted, if having your computer siezed, taking a trip to jail, and hiring a lawyer aren't your idea of fun, you may well still be concerned about such a tool saying "this guy has incriminating material", since the cop on the scene using the tool probably won't have the training and certainly won't have the time to look at anything other than what the tool tells him.
Pro tip, though, in case you didn't already know: don't let police search your computer without a warrant. For some reason, quite a few people do.
Officer: I pushed the button, and the computer told me to arrest him.
So they'll be just like cell phone analysts then, ha! (Sorry, that's a digital forensics joke). But seriously that is an accurate assessment. The handful of times I have been to court to give evidence involving an analysis I have performed they have asked me simple but semi-well researched questions. Most officers I speak to can barely spell let alone describe how a device they have no idea about discovered illegal material on a computer they don't know how to use. I do, however, suspect that this device, if ever rolled-out, would be used to "preview" the devices on-site and if it beeped and flashed a green light at them they'd send it off for full analysis.
The issue of proper write blocking practices is likely where this idea will fail. In order for digital evidence to be considered admissible (and not be discredited by an opposing examiner during trial), it would need to be forensically sound. At least this is true in most courts.
In most cases, this requires that the media be examined without having been altered in any way. This is why great lengths are taken by forensic examiners to properly image media bit by bit, then (using MD5 values) prove that their image is an exact copy. This is the reason hardware tools such as write blockers that are regularly tested must be used on every acquisition.
Can you imagine if a beat cop was charged with the task of performing a forensic acquisition? Inevitably a tool simple enough to be deployed this way would need to be so automated that just about any opposing examiner could discredit its functionality with basic forensic knowledge.
They modified it a few years back. I forget the exact wording and I can't be arsed to look it up, but it amounts to "anything you don't say (right now, before consulting a lawyer) is inadmissible as a defence".
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
What happened was that out current Labour government jumped on board with the war on terror then got this bill through parliament without any real public debate about the contents under the guise of fighting terror. The vast majority of the British public have no idea this shite is on the books as the press all agreed not to cover the law in any depth before it was passed.
Maybe the bill was D-noticed but we will never know since the press are not allowed to mention what is D-noticed and what is not.
http://en.wikipedia.org/wiki/D-Notice
I dont read
they don't - you have to prove that you've forgotten it O.o.
Yes, this is a bad law.
FGD 135
UK police are asking for a "breathalyser"-style tool for computers that could instantly flag up illegal activity on any PC it is attached to.
Detective Superintendent Charlie McMurdie, who is what passes for a computer expert in the police force, said such a tool could run on suspects' machines, instantly read and analyse their email, web browsing and chat logs, identify credit card fraud or selling stolen goods online, reliably detect and assess images containing children on the five-level child porn scale and create a handy log of relevant evidence. And a pony.
"It's surely just a simple matter of programming," said McMurdie. "We're seizing so many computers from people with a copy of Virgin Killer that frontline police need a digital forensic tool as easy to use as the breathalyser, to magically flash up 'HONEST UPSTANDING CITIZEN' or ''E'S A NONCE, GUV'. Do we need to seize five computers, all their mobile phones, their CD and DVD collection and basically everything that runs on electricity, or could we use a magical police gadget with impressive flashy lights and stuff? I thought computers were supposed to make life easier!"
The eventual development of such a tool could help ease a backlog of digital forensic work that has officers waiting up to a year for evidence to be recovered from seized machines, though threatening to destroy people's livelihoods has proven very efficient in extracting confessions.
EDS Capita Goatse have promised they can "absolutely, definitely, certainly, probably" produce such a tool with only an ironclad GBP100m five year contract, and also reliably determine whether a computer program halts or not. The Internet Watch Foundation also demanded to be involved, and were told their details would be kept on file.
"It was so much simpler in the old days," sighed McMurdie. "People asking you what time it was, burglars with domino masks and striped jumpers and bags marked 'SWAG,' chirpy Cockney sparrow second-hand car dealers wiv a heart of gold ... you just can't get the wood, you know."
http://rocknerd.co.uk