Slashdot Mirror
FBI Agent: Decrypting Data 'Fundamentally Alters' Evidence (vice.com)
Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)
All the injustices in this country, and these scumbag lawyers choose to make a stand HERE of all places? SMH...
Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing.
TFS is arguing that integrity has been compromised by removing encryption. BS.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I would argue that the evidence is the thing before it was encrypted, and decryption restores what was hidden. Just playing devil's advocate...
“[Had that data been encrypted,] It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.
Which is such utter BS its hard to credit. I figured the summary was just the usual flame bait, but unless the article is misquoting the agent that is pretty damning.
Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound (specifically, the data will be "accurate" -- unchanged since collection). Does the "special" agent think running it through an SSH tunnel would have altered the data? How about over a VPN connection? Does he not realize that the data was *shock* modified during transit (encapsulation at the very least, quite possibly encoded depending on the nature of the physical links along the way). What a moron.
By his reasoning all digital data is forensically unsound because spinning platters *encode* the data (hint, it isn't the bits and bytes you might think, longer story has to do with run length synchronization issues). And *encryption* is a particular means of *encoding*. So if encryption is "the bad" because it transforms data then all encodings are bad because they all inherently transform data.
Decrypting data doesn't alter evidence anymore than sequencing DNA evidence alters a blood sample, or sorting a bank transactions into deposits and withdrawls alters a bank statement used for evidence.
What kind of dumbass criminal names a kiddy-porn site "PlayPen"? Call it say "Windows10" or "Zune", then no cop will touch it.
Table-ized A.I.
The agent didn't say it invalidated forensic evidence just that it wasn't quite as forensically solid but not exactly what was collected:
Had that data been encrypted, “It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.
I'm a consultant - I convert gibberish into cash-flow.
Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.
It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.
* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.
It seems like the issue is if the evidence they collected could have been tampered with to finger the wrong guy.
Keeping the data stream under their control with encryption might be one way to eliminate this possibility.
Using crypto-signing techniques is another way.
Physical control is the classic way.
Sending the data without protection over the open Internet if there are sophisticated threats does not seem a good strategy.
Without known threats, then it is a game of probably ok, but can't say for sure.
Preventing 'Can't say for sure' is what a known chain of custody is for.
Sounds like they might not have have one.
Is that what is being argued here?
during brute force attacks, sequential reads from disk into RAM contribute to the overall MTBF and MTTF statistics for the hardware. depending on how old the disk is and how complex the encryption, you could very well end up with a nontrivial number of missing sectors and potentially corrupted data on the disk just from thrashing it for personal gain. depending on the encryption, any writes will also contribute to things like SSD write life...controller actifity like purging deletes or any other administrativa undertaken by the OS as part of housekeeping are also nontrivial during long running attempts to crack asymmetric cryptography.
Good people go to bed earlier.
If the data is sent as cleartext, it becomes much, much easier for an attacker to alter the cleartext into a different form which contains a plausible message yet generates the same hash. There's an entire branch of cryptography dedicated to these types of attacks.
If it's transmitted while encrypted, the attacker (assuming he can't break the encryption) has no way to verify that his altered ciphertext which generates the same hash still decrypts into a cleartext message which makes any sense in the context of the original cleartext, much less has been altered to his liking.
While it's not required that this sort of data be encrypted before transmission, it is prudent to do so whenever possible. It drops the chances that the data has been forensically compromised from very small to vanishingly small (it is easier for the attacker to break your encryption).
Believe this about the FBI: they have more moles than Switzerland has cheese, and your Facebook data is shared internationally as well as other tracking and profiling databases.
They had access to personal, private information, they should have encrypted it.
Encrypting it does not fundamentally alter it, anymore than making taking a shirt and folding it so that it fits inside an evidence bag fundamentally alters it.
Should they be punished for doing so? Yes. But it should not invalidate their case. Fine them $100 per suspect, and let the evidence in to court.
excitingthingstodo.blogspot.com
Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.
My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?
Not the same, and basically not any different from the FBI falsifying evidence, which has nothing to do with encryption. However, I could see, in a very vague sense, there being some legitimate legal questions about whether or the FBI encrypting something taints evidence, because they *have done something to the evidence.*
Someone else brought up the example of DNA sequencing--whether sequencing DNA alters the blood. That's different, because the original specimen is still there. With communication, everything is a copy. It's like the FBI making a copy and storing that.
Anyway, I share your general skepticism of the argument, but also think the FBI's position isn't totally ill-founded. It seems like they were trying to anticipate a nontrivial legal counter-argument that might apply to a slightly different situation.
"...an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables." Just something only your government knows.
A message encrypted with a one time pad can be "decrypted" to ANY message of the same length- so unless there is a way to verify the authenticity of both the message and the pad used to decrypt the message a corrupt agent or a malicious informant could manufacture any "evidence" they want.
For example you encrypt a grocery list... they "decrypt" it into a terrorist plot...
If the data is not encrypted, a middle man could have changed it prior to arriving back at FBI headquarters. (Doesn't everyone have a network appliance watching all traffic leaving home to scrub MAC addresses and more in plain text of packets leaving? Red lights? Klaxons? "You have ID data trying to Breach!!" )
It had me wondering on a tangent.... If Stingray's in use, and one of the methods it uses to snoop is to scream louder and force phones to revert to older, not so encrypted communication protocols, how many cell conversations/transactions does that open up for anyone listening in the same area while they spy on one of the thousand phones?
To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).
The real reason for encryption isn't an attempt to ensure the data is not altered, it is to prevent it from being exposed. Any system that is logging/recording what goes through it (hello, NSA) can capture the plain text. Encryption is to provide confidentiality, not integrity.
Sorry, I didn't read your whole post so my answer is incomplete. While collisions can be generated, for even semi-modern hashes they involve more than just data changes (e.g., the size of the data is changed as well). A digital chain of custody will record both the hash and the size in bytes. And that does not alter the fact that the burden of proof lies with the defense when making allegations of alteration. That is, the allegations must be specific -- not just a general hand waving that "something could have happened". There is a presumption that evidence has not been tampered with. Breaks in chain of custody are not uncommon and normally have no impact on proceedings other than some additional testimony.
Furthermore, hash collisions are not considered to be an issue by the courts. Fingerprints have a far far greater risk of collision (or simply misidentification) than say md5 and law enforcement has done an effective job of convincing the courts that *fingerprints* are unassailable evidence and now with hashing being vastly better it is considered completely irrefutable.
Again, the purpose of encryption is to protect confidentiality, not provide integrity. While it may have some impact in that regard it is a side effect. Integrity measures (such as documenting the chain of custody, hashing evidence on collection, etc.) are what provide that.
No one uses one-time pads.
I get that cryptonerds find it fascinating, but in the real world everyone is using AES unless they have legacy crap to support.
Some people may use Serpent or Twofish if they distrust AES, but the result is the same. "Decrypting" any real system with a custom key like that is just not going to happen.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Are they talking about some form of Observer Effect? Frankly the article is somewhat confusing to me about who said what, and what the real implications are.
I'm confused by the issue here:
Yes, it is definitely true that digital forensics requires care to not munge the evidence and preserve its integrity; and that gets a lot harder if you are actively attacking a remote host that multiple other people have access to and can potentially also be altering, rather than just shoving an HDD into a write blocker and reading it back; but I'm unclear on why that relates to encryption.
Basically nothing you 'find' on a computer is actually meaningful without a layer of software interpretation(or, for simple formats, one skilled in the art running the algorithm in their head). Why is applying a decryption algorithm to an encrypted file different than, say, trusting an NTFS implementation to accurately take a partition full of meaningless garbage and present you with a filesystem; or a JPEG implementation to tell you whether a given sequence of bits is kiddie porn or not?
It is true that if encryption happens to be what turns a 'seize the server, grab images of the drives' investigation into a 'hack the server in an unknown location, malware the data out on the fly' investigation then, in a weak sense, I suppose that 'encryption' has complicated the investigation; but aside from that it doesn't seem any different than the usual problems with attribution of files, interpretation of formats, and so on.
How many different plausible messages that indicate you're into child porn are there? Much less than possible hashes? Because one of them has to have the same hash as the original message for this attack to be even possible.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
"To be properly forensic the data should be hashed on the source machine and the hash verified on the destination."
You cannot account for the actions of the "source" machine because it is untrusted. The spindles must be removed from the "source" machine and placed into a trusted alternative.
To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).
If the hash value is the MD5 sum, there is sufficient research to introduce reasonable doubt.
This seems to be a case of a re-explanation of what a tech told him. The 3rd party techs don't hold as much credential in a court as a "special agent" so the agent is in court trying to explain what happened. From the summary I can only establish that in order to "catch" a suspect they inserted a MITM that altered the data so it became identifiable (eg adding the string &FBISUSP=001 to every HTTP query or even every packet) - that allowed them to not touch the servers (maintaining the forensic credibility of the server so they can pursue the operators) and simultaneously see what the person is accessing/traversing in logs and across computers and routers they controlled or even on a suspects computer but in doing so they altered the streams both in and outgoing which could be construed as tampering with the evidence because now every packet has the FBI fingerprints on them and those could've alter the original flow of data (eg it could be argued that the string could cause the servers to return child porn instead of fluffy kittens). Additionally mangling of packets may filter out those spurious strings which would've been avoided by inserting the strings in the encrypted stream instead of out of it (or in a plain text stream).
Custom electronics and digital signage for your business: www.evcircuits.com
That there is a law which can be broken by the mere existence of information near you is a detriment to democracy. It creates the plausible scenario where people are wrongly accused and convicted as a result of tit-for-tat politics and similar. The same can be said for drugs, alcohol, and similar laws where mere possession is a crime. It's also really bad that we have laws which make it so that a person accused of a crime is guilty by merely there being testimony by someone whose supposedly the victim. For a democracy to function there must be substantial collaborating evidence of a crime or we risk destruction of a truly democratic system. If people an be locked up by the mere whim of those in a position of power it will be abused. It's what we see routinely going on with asset forfeiture, but to think its a problem exclusive to it is a folly. Politicians, law enforcement, and the media build there careers off of damaging other peoples lives. Relative to the actual harm by those arrested far more harm is done by these groups.
>[...] In February 2015 [...]
Wasn't it 2016?
Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.
My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?
Wouldn't it be easier to just store a completely made up unencrypted record of your visit instead?
Of course news about a fake are Fake News.
Observing objects has physical effects on them.
Decrypting data does not alter, you can keep a copy of it and some alteration of data is a acceptable loss. Noting in the universe is static, we can't expect evidence to disobey physics.
A reasonable loss of integrity would be expected to be shown.
The article says that because data was not encrypted it could have been altered. That's an extremely weak defense. Aliens could also have injected packets with sophisticated quantum packet superpositioning. Just because you can make it sound vaguely intellectual and somewhat viable, does not mean it deserve a focused effort to disprove.
Anything can be altered, so how can we trust any data? Why is data over the internet special? When evidence goes through many people's hands or memories from witnesses erode with time, we don't disregard that data. Defense always can make the case of evidence tampering or faulty memory, that doesn't mean we take it seriously.
In the case of evidence tamper, it's up to the defense to prove there is tampering. We can't just assume all evidence is tampered with because it was not encrypted or locked away from tampering every step of the way.
It's much much easier to tamper with physical evidence than it is to possess the skills to to alter data on the fly. Any log could have been hacked or perhaps spoofed. Just because it remained encrypted doesn't mean it was not altered because the data has to be sourced from somewhere and written. If you can spoof the source then your evidence would appear to be valid even if it remained encrypted and secure the entire time.
0 day attack on an application in an unprivileged account is enough to plant digital evidence. Furthermore with Win10 or versions Win7+ with Telemetry added, not including the nefarious possibilities of WinXP's silent update, or Intel/AMD/ARM processors 'Management Engine' chips, evidence can be planted at a higher privilege level than even the owner of the hardware has and made impossible to refute in court. By this fact alone all digital evidence from an internet or cellular connected device should be considered inadmissible. I can't even provide a secondary validation path that would warrant admissability since all of them could be easily forged by a nation-state level actor, and probably a number of smaller organizations as well. Physical evidence and witness statements would be harder to falsify, but only for a true criminal case and not a 'hit case' relying entirely on falsified evidence, which I am concerned with each passing day is more likely to be attempted or done to take care of undesirables for whatever reasons sufficiently privileged individuals or organizatons have.
Without full control of your device it is both harder for you to falsify an evidence trail, while also being easier for a privileged adversary to falsify the same evidence. With a fully user controlled device (provided sufficient auditing, and a non-stupid user) falsification is at least on even grounds. Audit trails however are still impossible to verify without mathematical proofs of every piece of hardware involved (just one compromisable device could break the chain.) And right now they are *ALL* compromisable.
he hasn't got a clue
If it is up the FBI then they just use uhh... not MD5. No collisions have ever been found in SHA-1, let alone SHA-256, SHA-512 or SHA-3.
The article doesn't seem to be about them DEcrypting data, but sending UNencrypted data over the internet that could have been altered en-route to where they collected it. Seems like they had gotten users to install malware and send back (unencrypted) data to the FBI to identify them. The point brought up is that someone else could alter that data en-route to make it seem l ike some innocent (they say "unconvicted" but wouldn't all of the suspects be "unconvicted" before trial?) person may have been involved. Seems like the article was written by someone with little knowledge of computers, the legal system, or the English language.
The problem is that the FBI wouldn't want to turn over their private decryption keys and algorithms. "forensically sound" means you can turn over exact details, like mentioned in the transcript they can turn over the exact bit stream received by the FBI, and the defense experts can compile the source code used and run the program on the defendants computer and see that it produces the same exact data. If the FBI turned over an encrypted bit stream of data and not the decryption keys, there would be no link the the unencrypted evidence the FBI wanted to show in court, hence it wouldn't be as forensically sound.
Lets assume the most easy encryption, a one time pad for xor encryption.
Now i encrypted something with a block of random data.
I now take your result and xor it with gplv2.txt. Then i store the resulting file as key.xor.
When you find key.xor, you can confirm, the encrypted data was gplv2.txt
When you find the real random key, you get the sensitive data.
If the result is data a, data b or total garbage only depends on the key. For aes the same, every key can decrypt stuff, but only the right one gets the data you want. Most others get random data, though. But prove, that i did not encrypt random data the first time.