Slashdot Mirror
UK Police Want Plug-In Computer Crime Detectors
An anonymous reader writes "UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.
The police MUST pay compensation to owners of seized computers proportional to the amount of time they hold the computers, which must come from the police officers themselves rather than the public purse. Otherwise there will be no incentive to return equipment promptly.
So, are they saying that they want existing forensics software, with a drool-proof wizard attached, bootable from a flash drive(because hell, who needs forensic hardware write blocking when you can totally trust software to do the job under any circumstance?) or are they actually proposing that the program be able to detect evil?
I'm not much in the ways of encryption, but I assume if your computer's encrypted it'll be pretty difficult for this thing to work through the system, if not impossible.
Sounds like the cops just want a usb key that has a light that comes on when the law's been broken.
Mainstream computer illiteracy at work.
And that was the last Terry Fox run I ever participated in.
Anybody want to sponsor a contest to see who can write a USB driver that defeats this within the fewest lines of code?
Seth
$5 / month hosted VPS on linux = awesome!
that'll probably work fine for the lay-man, but will having an encrypted hard drive count as evidence of illegal activity
While this move is legitimate in a structural sense(i.e. if the search would otherwise be legitimate, doing it with this would be ok, and if it is otherwise illegitimate, doing it with this wouldn't become ok); but there are practical considerations that make me nervous.
One is write blocking. To prevent corruption, tampering, and similar issues, it is good practice to use a hardware write blocker and, where possible, work from a disk image made from the original disk through a write blocker. A USB bootable system is not going to have that level of assurance. In a lot of cases, cops will have to monkey with the BIOS to get it to boot the USB drive and, with the vast number of BIOSes, chipsets, hardware RAID boards, softRAID crap, etc, etc. out there, trusting software to prevent tampering or corruption seems potentially troublesome.
More generally, the demand for a "PC breathalyzer" is a demand that a difficult problem be made trivial so it can be done by unskilled or ignorant people. That sort of demand is rarely a harbinger of future quality, which is disquieting when people's freedoms are potentially at stake.
UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to
I've got a rackmount OpenBSD box that claims otherwise.
Dewey, what part of this looks like authorities should be involved?
Why not have an EU-wide mandate of a computer bill of rights? In this include the right to encryption and the right to keep your key to yourself.
Taxation is legalized theft, no more, no less.
Any citizen who believes in human rights & the sovereignty of the individual should be willing to spend a little time in jail, rather than give the encryption key. A few days in jail is a small inconvenience compared to the return of tyranny that existed in the UK prior to 1800. You have the right to not be tortured into giving false confessions - this isn't the Medieval Ages or the Catholic Inquisition.
Remain strong; remain silent.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
And for those of us with 10's of thousands of documents on our computers? How well are these going to be able to differentiate between a PDF file that involves fiction and one that is real? Hell, some of my source material for a horror screenplay I tinker with now and then has made-up schematics and lists of where and how people are going to be killed in the scenes.
An Education is the Font of All Liberty
One principle of computer forensics is that if a computer is manipulated in any way, the evidence may be corrupted by such operation, and this could be used by defence attornies. Real computer forensics involves getting the computer powered down, removing the disk, setting it up in a test jig with write protect enabled, and reading the complete image from the disk onto a sterile environment for analysis. I don't think Mr. Plod will meet the test of admissibility into evidence! How is he going to prove to the court that the suspected data were not on the USB key to start with? If he has interfered with the computer in any way by plugging in a USB key, then the evidence is contaminated.
How much time have you spent in jail?
How would a USB device get access to the host system's drives?
Surely that would require drivers to be loaded on the host...
Not only would this be very OS specific, but it could easily be defeated, you could configure the host to detect the insertion of this particular type of usb device and perform a secure overwrite of all your incriminating files when such a device is inserted.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
In the old days, everything ran on separate ports. Remote control had a port, file transfer had a port, Chat had a port.
Cause: Firewalls began blocking those ports to block the applications so users couldn't use them.
Effect: Today, this all runs on port 443. GotoMyPC, file sharing sites, most chat programs work on port 443.
The effect of this would be for users to move their data encrypted and online, into some other country that they can trust will not divulge the information when asked. Launch my client, provide my key, and map a drive over 443 to my data.
You take my PC, the data is not there. You break into my home and plug into my PC when I'm gone, the data's not going to be available. You somehow get the data from the host you have to spend a long time brute forcing the password.
Of course, they will then load up a fake root key onto my PC and man in the middle attack me, but one step at a time..
That raises an interesting point, though - as soon as a police officer plugs a USB stick in to a suspect's computer, the computer surely stops being an untouched "forensic scene", and so anything on it becomes inadmissable in court? We've had speed detectors being chalenged in court, how long after these are used in the wild before they are challenged, too? The "USB stick" would have to be a read-only, use once item so that it could be used for one crime scene only to find probable cause, then bagged and stored to be presented as evidence later - if it was a standard USB stick then ANYTHING could have been on it when the police officer stuck it in to your computer.
They probably wouldn't have a backlog of computers if they only confiscated computers where it might give be important evidence instead of using as away to punish people without the bother of a court case or even charging them. If they take your computer expect a long wait for your its return. If it does come back don't expect it to work.
Something like this happened to a friend of mine.
He owned a blog that he literally put up everything that happened in his life.
He added pages of an essay he was writing for History to his blog as he finished and edited them.
A few days after he turned in his paper he was asked to speak to the Dean where he was accused of plagiarism because Google turned up his blog (he uses a pseudo-name, and has google-analytics installed on his blog)
Took him a few meetings with the education board to prove that it was his blog and his own writing.
What a bitch, eh? The fact that the teacher merely typed it in Google and said "Good enough". He didn't bother to look for any pictures or any information that would hint that it was this particular persons blog.
When I see a cop, I suddenly become a deaf-mute. Anything you say, even something as simple as, "I don't own a gun and know nothing about a robbery," can be used against you.
Attorney: "When you arrested Mr. Smith did you notice anything odd?"
Cop: "Yes when I told him about the robbery he said he doesn't own a gun."
Attorney: "What's odd about that?"
Cop: "I never said the robber used a gun, and yet somehow Mr. Smith knew that intimate detail. That's why we decided to detain him and press charges as the most-likely suspect."
Attorney: "Any other incriminating evidence?"
Cop: "The store-owner identified Mr. Smith as visiting the store that evening, and acting in a suspicious manner. He was at the scene of the crime."
Attorney: "So Mr. Smith was at the scene of the crime, was aware of how the robbery was committed...with a gun... and acted in a suspicious manner."
Cop: "Yes."
Ooops. You might be completely innocent, and yet because you stupidly opened your mouth, now you're headed towards a probable conviction. Yay.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall