Slashdot Mirror
UK Police Want Plug-In Computer Crime Detectors
An anonymous reader writes "UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.
this is probably something everybody should have, just to make sure they're in compliance.
This should be easy to accomplish in the UK where citizens are required by law to turn over all their encryption keys or face jail time. It would be harder to make it work in the US, where people can use encryption. I suppose the Brits could employ TrueCrypt hidden volumes to keep their stuff private.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Now instead of having trained forensic experts, we'll have common beat cops searching your computer.
Attorney: How do you know he had illegal material on his computer?
Officer: I pushed the button, and the computer told me to arrest him.
Convert FLACs to a portable format with FlacSquisher
TrueCrypt
So, are they saying that they want existing forensics software, with a drool-proof wizard attached, bootable from a flash drive(because hell, who needs forensic hardware write blocking when you can totally trust software to do the job under any circumstance?) or are they actually proposing that the program be able to detect evil?
I think the UK Police got this idea while watching CSI.
I'm not much in the ways of encryption, but I assume if your computer's encrypted it'll be pretty difficult for this thing to work through the system, if not impossible.
Sounds like the cops just want a usb key that has a light that comes on when the law's been broken.
Mainstream computer illiteracy at work.
And that was the last Terry Fox run I ever participated in.
Anybody want to sponsor a contest to see who can write a USB driver that defeats this within the fewest lines of code?
Seth
$5 / month hosted VPS on linux = awesome!
Perhaps there is nothing morally wrong with it. But it is stupid. No automatic tool will completely replace a trained professional (for now). And that's even ignoring the likelihood that the UK police are confiscating way too many computers. The fact that they have way too many computers to investigate is very likely a symptom of an overzealous police force/government declaring many things illegal, as seems to be the trend in the West as of late. So really all they're doing is attacking the symptom, not the problem; which is par for the course as far as governments are concerned.
that'll probably work fine for the lay-man, but will having an encrypted hard drive count as evidence of illegal activity
Then there will be no problems with this technology!
While this move is legitimate in a structural sense(i.e. if the search would otherwise be legitimate, doing it with this would be ok, and if it is otherwise illegitimate, doing it with this wouldn't become ok); but there are practical considerations that make me nervous.
One is write blocking. To prevent corruption, tampering, and similar issues, it is good practice to use a hardware write blocker and, where possible, work from a disk image made from the original disk through a write blocker. A USB bootable system is not going to have that level of assurance. In a lot of cases, cops will have to monkey with the BIOS to get it to boot the USB drive and, with the vast number of BIOSes, chipsets, hardware RAID boards, softRAID crap, etc, etc. out there, trusting software to prevent tampering or corruption seems potentially troublesome.
More generally, the demand for a "PC breathalyzer" is a demand that a difficult problem be made trivial so it can be done by unskilled or ignorant people. That sort of demand is rarely a harbinger of future quality, which is disquieting when people's freedoms are potentially at stake.
If I understand the British government, they wouldn't have any problems with this approach either:
Let's build a live USB Linux load that knows how to read and write all known file systems including encrypted systems. Then we will write a few handy scripts that will scan for a fairly long list of known files using MD5sum or some such. Then, if it doesn't turn anything up, copy some child porn from the USB drive over to the target system and print out the arrest warrant.
It's called COFEE
Cops got even got their own web portal courtesy of Microsoft.
Maybe they shouldn't seize so many computers.
As someone working in Digital Forensics in the UK I can honestly say that this is the most inspired piece of wisdom I have seen in a long time. Our company has literally had computers that haven't been switched on in a decade that have been sitting in a garage or attic until the cops decide to seize them. This is good for business but bad for taxpayer expenditure and the expedient discovery of data of evidential worth. The process for seizure of computer equipment in police investigations is essentially "if it has an on-off switch then seize it". There needs to be some training given to officers seizing although I doubt they will as they are scared of the first case of non-seized items containing illicit material.
Then the cops wouldn't pick up any computers at all, which would be silly. I'd rather see compensation come out of the police budget if computers aren't turned over in a reasonable amount of time, similar to how US citizens technically have the right to a "a speedy and public trial, by an impartial jury."
UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to
I've got a rackmount OpenBSD box that claims otherwise.
Dewey, what part of this looks like authorities should be involved?
Why has noone pointed out that these devices are using security holes to gain access and that these holes are being or should be blocked on most OS'es. It's probably just a matter of time before they will need a different ploy anyways.
A simple web-search turns up a tonn of comercial solutions already.
Many companys already require usb security suits to be installed on all company computers.
In the meantime disabeling drivers and locking down the policys required to re-enable (in windows that is) might be one way.
Why not have an EU-wide mandate of a computer bill of rights? In this include the right to encryption and the right to keep your key to yourself.
Taxation is legalized theft, no more, no less.
"...allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids..."
How about investing more into proper trained cops? How about better education? That might help a bit... together with "Maybe they shouldn't seize so many computers".
Interesting little side story to this.. A co-worker's daughter had her purse stolen at college. The perp used her bank card to buy gasoline and make online purchases. They were traced and the person was caught. The local sheriff seized the perp's computer as evidence.
Where it gets interesting is that we had a MAJOR flood last year that flooded the sheriff's office. All of the evidence on hand was destroyed in the flood, and the cases the relied on the evidence had to be thrown out. To add insult to injury, they had to replace all the evidence that was destroyed. The perp ended up getting charged with nothing, and got a brand new computer out of the deal.
Needless to say, my co-worker was not happy!
"He's lost in a 'floyd hole"
Who ever said that this technology was going to replace the officers doing the work right now? I could definately imagine a system where low profile cases are automatically checked with this software and if anything is found it is flagged for review by an expert. High profile cases would, obviously, always be investigated by someone who knew what they were doing.
How would a USB device get access to the host system's drives?
Surely that would require drivers to be loaded on the host...
Not only would this be very OS specific, but it could easily be defeated, you could configure the host to detect the insertion of this particular type of usb device and perform a secure overwrite of all your incriminating files when such a device is inserted.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The likelihood of that actually working in court is very low. Generally if they're presenting evidence of illegal activity, a forensic examiner has to give testimony in court. The explanation, "this tool told me there was evidence" is far too insufficient. At least among the investigators I've worked with, none of them would use such a tool to find court-ready evidence if it didn't lay out low-level details of the findings, because they need to have those low-level details available at trial. (Plus, the direct results of tools are notoriously hard to certify. Trusting uncertified tools is great ammunition for the defense lawyers.)
Now, granted, if having your computer siezed, taking a trip to jail, and hiring a lawyer aren't your idea of fun, you may well still be concerned about such a tool saying "this guy has incriminating material", since the cop on the scene using the tool probably won't have the training and certainly won't have the time to look at anything other than what the tool tells him.
Pro tip, though, in case you didn't already know: don't let police search your computer without a warrant. For some reason, quite a few people do.
You are all now living in The Village.
You have a choice.
You can be numbers, or you can be free men and women.
The choice is yours.
Choose wisely.
Guaranteed! This comment 100% Anthrax free!
That's the fault of the police for not keeping the evidence secure. You can't expect the suspects to be punished because they could well be innocent, after all there is no proof to the contrary.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The real problem is writing the OOXML parser.
No sig today...
That raises an interesting point, though - as soon as a police officer plugs a USB stick in to a suspect's computer, the computer surely stops being an untouched "forensic scene", and so anything on it becomes inadmissable in court? We've had speed detectors being chalenged in court, how long after these are used in the wild before they are challenged, too? The "USB stick" would have to be a read-only, use once item so that it could be used for one crime scene only to find probable cause, then bagged and stored to be presented as evidence later - if it was a standard USB stick then ANYTHING could have been on it when the police officer stuck it in to your computer.
How about investing more into proper trained cops? How about better education?
Cops receiving official training as computer forensics are no longer simple beat cops - they are computer forensics experts and they should be treated and paid as such.
So, besides their police training they would probably require something equivalent to a BA/BS.
And even if there was enough time and money to educate and pay them later - system needs its beat cops too. Not just highly trained computer forensics.
What they would like to have is a "breathalyser-style tool for computers that could instantly flag up illegal activity on any PC it's attached to".
Which is delusional, even when you limit it to "a simple tool to preview on site and identify there's that one email [they] are looking for [so they] can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back" in cases such as "credit card fraud or selling stolen goods online".
Mit der Dummheit kämpfen Götter selbst vergebens
Most people would hand over the laptop because they believe they must obey the police. Handing over the computer would be construed as giving permission for the search so no warrant would be required.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Now if you are going to get down to the nitty gritty, how about reading the warranty 'er' end used licence agreement on the windows operating system. You know the bit, where it says that they do not warrant the operating system is free of viruses (illegal content) when they sell it to you. Now the law wants to make every person 100% legally responsible for all the content on a computer when the operating system supplier will emphatically not take any responsibility for the security, stability or reliability for that software when thy initially supply it to the consumer.
As it stands now, just the contents of a hard disk drive should never ever be considered the sole defining evidence of a persons innocence or guilt for any crime because only the most competent computer security experts are capable of keeping a computer secure and safe when connected to the internet and they must make continued efforts to keep it that way. So the law and the courts are turning a blind eye to the reality of the situation.
How many computer geeks out there actually believe that the typical computer using noob should be held legally liable for the activity of their computer, so when it is used in a botnet to commit credit card fraud should that family spend the next five years in jail for the crime they have committed for which they must now prove innocence. You can't even claim that there was no evidence of a virus, as the operating system warranty itself states that they may exist (benefit of the doubt) and of course a smart criminal will clean up any evidence that leads to them after using someone else's device in a major crime.
So the police hook up a device based upon using a operating system that does not warrant that it is free of viruses, to a suspects PC, and claim that the device is now free of viruses when the manufacturer directly refutes that claim, so the police will try to claim they did not infect the suspects machine and put the illegal content on that computer. A a very minimum I would hope they use publicly audited software, open source and not closed source proprietary software that the manufacturer believes already contains viruses as per their warranty and that includes the whole and complete evidence chain.
Chaos - everything, everywhere, everywhen
UK police are asking for a "breathalyser"-style tool for computers that could instantly flag up illegal activity on any PC it is attached to.
Detective Superintendent Charlie McMurdie, who is what passes for a computer expert in the police force, said such a tool could run on suspects' machines, instantly read and analyse their email, web browsing and chat logs, identify credit card fraud or selling stolen goods online, reliably detect and assess images containing children on the five-level child porn scale and create a handy log of relevant evidence. And a pony.
"It's surely just a simple matter of programming," said McMurdie. "We're seizing so many computers from people with a copy of Virgin Killer that frontline police need a digital forensic tool as easy to use as the breathalyser, to magically flash up 'HONEST UPSTANDING CITIZEN' or ''E'S A NONCE, GUV'. Do we need to seize five computers, all their mobile phones, their CD and DVD collection and basically everything that runs on electricity, or could we use a magical police gadget with impressive flashy lights and stuff? I thought computers were supposed to make life easier!"
The eventual development of such a tool could help ease a backlog of digital forensic work that has officers waiting up to a year for evidence to be recovered from seized machines, though threatening to destroy people's livelihoods has proven very efficient in extracting confessions.
EDS Capita Goatse have promised they can "absolutely, definitely, certainly, probably" produce such a tool with only an ironclad GBP100m five year contract, and also reliably determine whether a computer program halts or not. The Internet Watch Foundation also demanded to be involved, and were told their details would be kept on file.
"It was so much simpler in the old days," sighed McMurdie. "People asking you what time it was, burglars with domino masks and striped jumpers and bags marked 'SWAG,' chirpy Cockney sparrow second-hand car dealers wiv a heart of gold ... you just can't get the wood, you know."
http://rocknerd.co.uk