FBI Agent: Decrypting Data 'Fundamentally Alters' Evidence

Joseph Cox, reporting for Motherboard: An FBI agent has brought up an interesting question about the nature of digital evidence: Does decrypting encrypted data "fundamentally alter" it, therefore contaminating it as forensic evidence? According to a hearing transcript filed last week, FBI Special Agent Daniel Alfin suggested just that. The hearing was related to the agency's investigation into dark web child pornography site Playpen. In February 2015, the FBI briefly assumed control of Playpen and delivered its users a network investigative technique (NIT) -- or a piece of malware -- in an attempt to identify the site's visitors. [...] According to experts called by the defense in the affected case, the fact that the data was unencrypted means there is a chance that sensitive, identifying information of people who had not been convicted of a crime was being sent over the internet, and could have been manipulated. (Alfin paints this scenario as unlikely, saying that an attacker would have to know the IP address the FBI was using, have some sort of physical access to the suspect's computer to learn his MAC address, and other variables.)

Encryption != Integrity

[TechyImmigrant]

Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing.
TFS is arguing that integrity has been compromised by removing encryption. BS.

Re:Encryption != Integrity

Hillary Clinton has no encryption.

"Special" Agent needs remedial forensics training

[thoromyr]

“[Had that data been encrypted,] It would still be valid, it still would have been accurate data; however, it would not have been as forensically sound as being able to turn over exactly what the government collected,” Alfin said.

Which is such utter BS its hard to credit. I figured the summary was just the usual flame bait, but unless the article is misquoting the agent that is pretty damning.

Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound (specifically, the data will be "accurate" -- unchanged since collection). Does the "special" agent think running it through an SSH tunnel would have altered the data? How about over a VPN connection? Does he not realize that the data was *shock* modified during transit (encapsulation at the very least, quite possibly encoded depending on the nature of the physical links along the way). What a moron.

By his reasoning all digital data is forensically unsound because spinning platters *encode* the data (hint, it isn't the bits and bytes you might think, longer story has to do with run length synchronization issues). And *encryption* is a particular means of *encoding*. So if encryption is "the bad" because it transforms data then all encodings are bad because they all inherently transform data.

Re:No

[Austerity+Empowers]

Doesn't sequencing DNA alter the blood sample? I haven't done it for 20 years, but the original sample was destroyed after gel electrophoresis as an essential part of the process, the dna was literally broken down. Their lab is probably better than what I had in HS, but I think it they also destroy the sample.

Of course you don't use the whole blood sample, you take a bit out of it. But that also "damages" the evidence (in that there's less of it).

It seems like encryption is nothing like that, the original file is completely intact in every way. The question is whether the output is a legitimate decryption of the input. For example my "frameThisFucker.py" script takes the encrypted file, does absolutely nothing with it, and creates a directory of kiddie porn. Not all transformations are valid or useful. He is arguing that such transformations may have occurred outside the chain of evidence, essentially rendering the evidence useless.

There is a point to be made here

[LichtSpektren]

Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle? Afterall, it's the digital equivalent of a postcard or billboard posting that's very easily tampered with and forged.

It seems as though the FBI should be cheering for encrypted transmission by default; it means the evidence they collect is (more provably, at least) genuine.


* Let's assume they have a valid and proper warrant here, which usually isn't the case, but let's keep this simple.

Re:There is a point to be made here

[PCM2]

Suppose the FBI* wanted to present evidence against me in court, which allegedly I transmitted over HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle?

You could say that, but a prosecutor only needs to prove that it was you who transmitted that message "beyond a reasonable doubt." You would be innocent until proven guilty, but "the dog ate my homework" is a pretty weak defense.

Re:There is a point to be made here

[computational+super]

HTTP, telnet, SSL, or some other insecure protocol. Could I not validly say that the message was forged by a man-in-the-middle?

In the interest of pedantry, SSL is not insecure - or rather, it's the only effective defense we have against man-in-the-middle attacks. You also can't actually "transmit" over SSL; SSL just turns an insecure connection into a secure one. You have to do the actual transmitting over a higher-level protocol, like HTTP.

Re:There is a point to be made here

[medv4380]

Yes, but said evidence results in a warrant to search your computer physically. If you then possess the Child Porn then ether you've been setup by a master which you're screwed, or you're probably guilty which you're also screwed.

hes not *technically* wrong.

[nimbius]

during brute force attacks, sequential reads from disk into RAM contribute to the overall MTBF and MTTF statistics for the hardware. depending on how old the disk is and how complex the encryption, you could very well end up with a nontrivial number of missing sectors and potentially corrupted data on the disk just from thrashing it for personal gain. depending on the encryption, any writes will also contribute to things like SSD write life...controller actifity like purging deletes or any other administrativa undertaken by the OS as part of housekeeping are also nontrivial during long running attempts to crack asymmetric cryptography.

Re:hes not *technically* wrong.

[Fallen+Kell]

during brute force attacks, sequential reads from disk into RAM contribute to the overall MTBF and MTTF statistics for the hardware. depending on how old the disk is and how complex the encryption, you could very well end up with a nontrivial number of missing sectors and potentially corrupted data on the disk just from thrashing it for personal gain. depending on the encryption, any writes will also contribute to things like SSD write life

Except they don't run the brute force attack on the physical hardware that they confiscated in a search. The very first thing that is done is that the disks are cloned. Copies of the cloned disk image are then used in any attempt to brute force passwords or encryption keys.

Re: THIS case?

You can't pick them like that - you have to use the case that raises the question most directly. And it's always the degenerate undesirables that are used to expand police powers to the detriment of civil society.

Re:"Special" Agent needs remedial forensics traini

[Solandri]

Hint: if the hash of the data before and after it is sent remains the same then that satisfies one of the requirements to being forensically sound

If the data is sent as cleartext, it becomes much, much easier for an attacker to alter the cleartext into a different form which contains a plausible message yet generates the same hash. There's an entire branch of cryptography dedicated to these types of attacks.

If it's transmitted while encrypted, the attacker (assuming he can't break the encryption) has no way to verify that his altered ciphertext which generates the same hash still decrypts into a cleartext message which makes any sense in the context of the original cleartext, much less has been altered to his liking.

While it's not required that this sort of data be encrypted before transmission, it is prudent to do so whenever possible. It drops the chances that the data has been forensically compromised from very small to vanishingly small (it is easier for the attacker to break your encryption).

FBI was talking out of it's ass.

[gurps_npc]

They had access to personal, private information, they should have encrypted it.

Encrypting it does not fundamentally alter it, anymore than making taking a shirt and folding it so that it fits inside an evidence bag fundamentally alters it.

Should they be punished for doing so? Yes. But it should not invalidate their case. Fine them $100 per suspect, and let the evidence in to court.

Re:No

[PCM2]

On a semi-related note, during the "Zip wars" in the early 90s there was a fake file compression program circulating called NaBoB that claimed to use some sort of quantum compression techniques (all compression algorithms named after quarks) to cause your files to hit "the singularity," where every archive would be reduced to a single byte in size.

Naturally, all it really did was rename your files, hide them, and write a one-byte "archive file" in their places. When you "decompressed" the archive, the full-size files would be restored. Miraculous!

Re:"Special" Agent needs remedial forensics traini

Not necessarily disagreeing with you here, but after reading the article I could see something to the FBI's arguments.

My understanding is that in this case, the FBI took over Playpen. Let's say that you go to visit Playpen. The FBI has an encrypted record of your visit, which only it has the keys to. How can you counter the evidence supplied by the FBI? What if the FBI's "encryption" method actually spits out false data?

Not the same, and basically not any different from the FBI falsifying evidence, which has nothing to do with encryption. However, I could see, in a very vague sense, there being some legitimate legal questions about whether or the FBI encrypting something taints evidence, because they *have done something to the evidence.*

Someone else brought up the example of DNA sequencing--whether sequencing DNA alters the blood. That's different, because the original specimen is still there. With communication, everything is a copy. It's like the FBI making a copy and storing that.

Anyway, I share your general skepticism of the argument, but also think the FBI's position isn't totally ill-founded. It seems like they were trying to anticipate a nontrivial legal counter-argument that might apply to a slightly different situation.

Re: Misleading heading and summary

[ZeroWaiteState]

The government made several absurd arguments in that particular case, of which the "altering" argument was only one. It's sad, because Playpen deserved to be destroyed, not used as a civil liberties test case.

The Road can change The Traveler

[Pitawg]

If the data is not encrypted, a middle man could have changed it prior to arriving back at FBI headquarters. (Doesn't everyone have a network appliance watching all traffic leaving home to scrub MAC addresses and more in plain text of packets leaving? Red lights? Klaxons? "You have ID data trying to Breach!!" )

It had me wondering on a tangent.... If Stingray's in use, and one of the methods it uses to snoop is to scream louder and force phones to revert to older, not so encrypted communication protocols, how many cell conversations/transactions does that open up for anyone listening in the same area while they spy on one of the thousand phones?

Re:"Special" Agent needs remedial forensics traini

[thoromyr]

To be properly forensic the data should be hashed on the source machine and the hash verified on the destination. Not doing so is a failure in due diligence and introduces an implicit logical gap in the chain of custody. Now, the reality is that the obligation lies with the defense that something happened causing the data to be altered. And it sounds like they are trying to go that route. It just isn't a realistic defense (meaning it has about a snowball's chance of succeeding).

The real reason for encryption isn't an attempt to ensure the data is not altered, it is to prevent it from being exposed. Any system that is logging/recording what goes through it (hello, NSA) can capture the plain text. Encryption is to provide confidentiality, not integrity.

Re: Maybe it de-alters it.

And thats what most people who dont understand encryption would say. Unfortunately you completely mis understand the mechanisms being used and a binary blob can decrypt to multiple different data sets depending on key and method. Its pretty much impossible to deduce after decryption whether the result is the same as the original or if the result is alternative output.

You can get a binary blob to decrypt to pretty much anything you want by being inventive with keys and algos. Like you, courts have a hard time understanding whats going on.

Re:"Special" Agent needs remedial forensics traini

[thoromyr]

Sorry, I didn't read your whole post so my answer is incomplete. While collisions can be generated, for even semi-modern hashes they involve more than just data changes (e.g., the size of the data is changed as well). A digital chain of custody will record both the hash and the size in bytes. And that does not alter the fact that the burden of proof lies with the defense when making allegations of alteration. That is, the allegations must be specific -- not just a general hand waving that "something could have happened". There is a presumption that evidence has not been tampered with. Breaks in chain of custody are not uncommon and normally have no impact on proceedings other than some additional testimony.

Furthermore, hash collisions are not considered to be an issue by the courts. Fingerprints have a far far greater risk of collision (or simply misidentification) than say md5 and law enforcement has done an effective job of convincing the courts that *fingerprints* are unassailable evidence and now with hashing being vastly better it is considered completely irrefutable.

Again, the purpose of encryption is to protect confidentiality, not provide integrity. While it may have some impact in that regard it is a side effect. Integrity measures (such as documenting the chain of custody, hashing evidence on collection, etc.) are what provide that.

Re: THIS case?

[dwillden]

And it's the same degenerate undesirables who fight back on their convictions who establish what protections we do have. Miranda for example was a real scumbag, but his appeal on being interrogated without knowing his rights established the Miranda warnings we can all quote from TV. And incidentally shortly after winning his landmark case that upstanding citizen was stabbed to death in a bar fight.

Bad article

[jgoemat]

The article doesn't seem to be about them DEcrypting data, but sending UNencrypted data over the internet that could have been altered en-route to where they collected it. Seems like they had gotten users to install malware and send back (unencrypted) data to the FBI to identify them. The point brought up is that someone else could alter that data en-route to make it seem l ike some innocent (they say "unconvicted" but wouldn't all of the suspects be "unconvicted" before trial?) person may have been involved. Seems like the article was written by someone with little knowledge of computers, the legal system, or the English language.