UK Police Want Plug-In Computer Crime Detectors

← Back to Stories (view on slashdot.org)

UK Police Want Plug-In Computer Crime Detectors

Posted by timothy on Wednesday June 3, 2009 @08:20AM from the type-I-errors-type-II-errors-and-bonus-privacy-invasion dept.

An anonymous reader writes "UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.

28 of 382 comments (clear)

First among other things... by Anonymous Coward · 2009-06-03 08:23 · Score: 5, Funny

this is probably something everybody should have, just to make sure they're in compliance.
Should be easy in the UK. by BitterOak · 2009-06-03 08:24 · Score: 5, Insightful

This should be easy to accomplish in the UK where citizens are required by law to turn over all their encryption keys or face jail time. It would be harder to make it work in the US, where people can use encryption. I suppose the Brits could employ TrueCrypt hidden volumes to keep their stuff private.

--
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
1. Re:Should be easy in the UK. by twidarkling · 2009-06-03 08:41 · Score: 5, Funny
  
  We will wake up one day and find that keys to our doors only work from the outside.
  I dunno about you, but my locks already only take keys on the outside. See, on the inside, I have this nice little knob I can use to lock the door without the key.
  
  --
  Canada: The US's more awesome sibling.
2. Re:Should be easy in the UK. by commodore64_love · 2009-06-03 08:46 · Score: 4, Interesting
  
  Any citizen who believes in human rights & the sovereignty of the individual should be willing to spend a little time in jail, rather than give the encryption key. A few days in jail is a small inconvenience compared to the return of tyranny that existed in the UK prior to 1800. You have the right to not be tortured into giving false confessions - this isn't the Medieval Ages or the Catholic Inquisition.
  Remain strong; remain silent.
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
3. Re:Should be easy in the UK. by Anonymous Coward · 2009-06-03 08:51 · Score: 5, Interesting
  
  How much time have you spent in jail?
4. Re:Should be easy in the UK. by lattyware · 2009-06-03 08:55 · Score: 4, Informative
  
  http://en.wikipedia.org/wiki/Miranda_rights#England_and_Wales
  
  --
  -- Lattyware (www.lattyware.co.uk)
5. Re:Should be easy in the UK. by Allicorn · 2009-06-03 08:57 · Score: 5, Informative
  
  A little time eh? Failure to surrender your encryption keys to the UK authorities will net you two years.
  http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act
  And that's assuming that the act of trying to defend your individual sovreignty doesn't just make them trump up a whole bunch more charges to keep you out of the way for much longer since you're obviously in league with the terrorists/pedos/catholics.
  
  --
  OMG!!! Ponies!!!
6. Re:Should be easy in the UK. by bitt3n · 2009-06-03 09:04 · Score: 4, Funny
  
  We will wake up one day and find that keys to our doors only work from the outside.
  I dunno about you, but my locks already only take keys on the outside. See, on the inside, I have this nice little knob I can use to lock the door without the key.
  mine has the knob on the outside, and the keyhole on the inside. it's like a hardware version of DRM.
  
  --
  how many pairs of boxer shorts should you own?
7. Re:Should be easy in the UK. by computational+super · 2009-06-03 09:11 · Score: 5, Funny
  
  Failure to surrender your encryption keys to the UK authorities will net you two years.
  Well, that's what they'll sentence you to. You won't do nearly that much time. Once they tell the other inmates you're a pedo, they'll kill you after a week, tops, with the guards looking on approvingly. You'll be out in no time!
  
  --
  Proud neuron in the Slashdot hivemind since 2002.
8. Re:Should be easy in the UK. by Mister+Whirly · 2009-06-03 09:37 · Score: 4, Funny
  
  No. Must be an inside joke, and I am outside trying to open the door with my damn key, but it isn't working.
  
  --
  "But this one goes to 11!"
9. Re:Should be easy in the UK. by Ash+Vince · 2009-06-03 11:28 · Score: 5, Informative
  
  What happened was that out current Labour government jumped on board with the war on terror then got this bill through parliament without any real public debate about the contents under the guise of fighting terror. The vast majority of the British public have no idea this shite is on the books as the press all agreed not to cover the law in any depth before it was passed.
  Maybe the bill was D-noticed but we will never know since the press are not allowed to mention what is D-noticed and what is not.
  http://en.wikipedia.org/wiki/D-Notice
  
  --
  I dont read /. to RTFA, I read /. to offend people in ignorance.
Great... by Chabo · 2009-06-03 08:24 · Score: 5, Insightful

Now instead of having trained forensic experts, we'll have common beat cops searching your computer.
Attorney: How do you know he had illegal material on his computer?
Officer: I pushed the button, and the computer told me to arrest him.

--
Convert FLACs to a portable format with FlacSquisher
1. Re:Great... by Quiet_Desperation · 2009-06-03 08:38 · Score: 4, Funny
  
  Officer: I pushed the button, and the computer told me to arrest him.
  Pffft! You think too small, and will never take over the world.
  Corrected version follows.
  Attorney: How do you know he had illegal material on his computer?
  Officer: The computer called us and informed on its owner.
  Attorney: It called you?
  Officer: Yeah. And so did yours. You still want to question me, Mr. 500Gig Chubby Porn Collection?
2. Re:Great... by DanTheStone · 2009-06-03 08:40 · Score: 5, Informative
  
  Funny you should mention that.
3. Re:Great... by ve3id · 2009-06-03 08:44 · Score: 5, Informative
  
  This reminds me of another idiot device they gave to the British bobby: back in the 70's and 80's, there was a glut of illegal CB sets in England. They never legalised the use of 27MHz AM/SSB CBs and all the units sold were marked 'for export only' When they legalised CB, units that were approved could only transmit FM. Instead of overworking the radio inspectors, they gave bobbies on the beat a box that detected if a close transmitter was AM or FM, with two LEDs. The only problem was amateur radio operators can legally use AM and SSB (after all, they invented it!). One beat p.c. stopped a ham and asked him to talk in the mike, and, you guessed it, the illegal CB light lit up! Only when the amateur radio operator started cursing and swearing at the p.c. and getting red in the face did he consult another p.c. over the police radio who was a ham. This being the appropriate behaviour for a ham accused of being a CB'er, he let him go with an apology.
4. Re:Great... by ve3id · 2009-06-03 08:50 · Score: 5, Interesting
  
  One principle of computer forensics is that if a computer is manipulated in any way, the evidence may be corrupted by such operation, and this could be used by defence attornies. Real computer forensics involves getting the computer powered down, removing the disk, setting it up in a test jig with write protect enabled, and reading the complete image from the disk onto a sterile environment for analysis. I don't think Mr. Plod will meet the test of admissibility into evidence! How is he going to prove to the court that the suspected data were not on the USB key to start with? If he has interfered with the computer in any way by plugging in a USB key, then the evidence is contaminated.
5. Re:Great... by Chabo · 2009-06-03 09:05 · Score: 4, Insightful
  
  Not to mention that if you've published copyrighted material, they might get a false positive, indicating that you're infringing against yourself! ;)
  
  --
  Convert FLACs to a portable format with FlacSquisher
Just one thing to say: by courteaudotbiz · 2009-06-03 08:24 · Score: 4, Informative

TrueCrypt
Urm? by fuzzyfuzzyfungus · 2009-06-03 08:26 · Score: 4, Interesting

So, are they saying that they want existing forensics software, with a drool-proof wizard attached, bootable from a flash drive(because hell, who needs forensic hardware write blocking when you can totally trust software to do the job under any circumstance?) or are they actually proposing that the program be able to detect evil?
Hmm by Co0Ps · 2009-06-03 08:28 · Score: 5, Insightful

I think the UK Police got this idea while watching CSI.
and the companion product.... by SethJohnson · 2009-06-03 08:28 · Score: 5, Interesting

Anybody want to sponsor a contest to see who can write a USB driver that defeats this within the fewest lines of code?

Seth

--
$5 / month hosted VPS on linux = awesome!
Encryption=suspicious? by wjh31 · 2009-06-03 08:29 · Score: 4, Interesting

that'll probably work fine for the lay-man, but will having an encrypted hard drive count as evidence of illegal activity
Re:Perfectly Legitimate by fuzzyfuzzyfungus · 2009-06-03 08:34 · Score: 4, Interesting

While this move is legitimate in a structural sense(i.e. if the search would otherwise be legitimate, doing it with this would be ok, and if it is otherwise illegitimate, doing it with this wouldn't become ok); but there are practical considerations that make me nervous.

One is write blocking. To prevent corruption, tampering, and similar issues, it is good practice to use a hardware write blocker and, where possible, work from a disk image made from the original disk through a write blocker. A USB bootable system is not going to have that level of assurance. In a lot of cases, cops will have to monkey with the BIOS to get it to boot the USB drive and, with the vast number of BIOSes, chipsets, hardware RAID boards, softRAID crap, etc, etc. out there, trusting software to prevent tampering or corruption seems potentially troublesome.

More generally, the demand for a "PC breathalyzer" is a demand that a difficult problem be made trivial so it can be done by unskilled or ignorant people. That sort of demand is rarely a harbinger of future quality, which is disquieting when people's freedoms are potentially at stake.
Oh geez! This is too easy! by erroneus · 2009-06-03 08:37 · Score: 4, Funny

If I understand the British government, they wouldn't have any problems with this approach either:
Let's build a live USB Linux load that knows how to read and write all known file systems including encrypted systems. Then we will write a few handy scripts that will scan for a fairly long list of known files using MD5sum or some such. Then, if it doesn't turn anything up, copy some child porn from the USB drive over to the target system and print out the arrest warrant.
Microsoft already provides this by Anonymous Coward · 2009-06-03 08:37 · Score: 5, Informative

It's called COFEE

Q.What is COFEE?
A.COFEE (Computer Online Forensic Evidence Extractor) is a tool that helps simplify the very complex problem of gathering "live" computer evidence of cybercrime. It utilizes common forensics tools to aid officers at the scene in gathering important live evidence with a single USB device. It also provides reports in a simple format for later interpretation by computer experts, or as supportive evidence for computer investigations. This means that first-responder officers on the scene of a crime don't have to be computer forensic experts to capture live data for later analysis and that this critical information does not have to be lost once a computer is shut down to be taken for a traditional offline forensic analysis.
Cops got even got their own web portal courtesy of Microsoft.
Inspired! by shadowknot · 2009-06-03 08:38 · Score: 5, Informative

Maybe they shouldn't seize so many computers.
As someone working in Digital Forensics in the UK I can honestly say that this is the most inspired piece of wisdom I have seen in a long time. Our company has literally had computers that haven't been switched on in a decade that have been sitting in a garage or attic until the cops decide to seize them. This is good for business but bad for taxpayer expenditure and the expedient discovery of data of evidential worth. The process for seizure of computer equipment in police investigations is essentially "if it has an on-off switch then seize it". There needs to be some training given to officers seizing although I doubt they will as they are scared of the first case of non-seized items containing illicit material.
How desperate are they? by fluch · 2009-06-03 08:43 · Score: 4, Insightful

"...allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids..."
How about investing more into proper trained cops? How about better education? That might help a bit... together with "Maybe they shouldn't seize so many computers".
Cracking the 256-bit encryption is the easy part by Joce640k · 2009-06-03 09:11 · Score: 4, Funny

The real problem is writing the OOXML parser.

--
No sig today...