[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] RE: Computer forensics to uncover illegalinternet use
- To: <chromazine@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] RE: Computer forensics to uncover illegalinternet use
- From: "Craig, Tobin \(OIG\)" <tobin.craig@xxxxxx>
- Date: Sun, 4 Sep 2005 11:13:56 -0400
The following are my personal opinion, and in no way represent those of my
employer....
Actually Steve, the issue of "virtual children" never even came up. The
discussion has evolved from a call from the community for help in investigating
what may or may not turn out to be child pornography. Based on some highly
questionable advice from a member of this list (and I apologize to the list
moderators, it was the decision of the same individual to spread the discussion
here too), I and others have intervened to bring to focus the potential legal
consequences of this persons dubious advice, that being the willful destruction
of evidence which otherwise might be used in the investigation of crimes
against children.
Just my opinion,
Tobin
-----Original Message-----
From: Steve Kudlak <chromazine@xxxxxxxxxxxxx>
To: 'Full-Disclosure' <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Sun Sep 04 10:51:42 2005
Subject: Re: [Full-disclosure] RE: Computer forensics to uncover
illegalinternet use
Chuck Fullerton wrote:
All,
I do find this like of discussion very interesting. However, there has
been so much discussion that it's getting difficult to folllow. Therefore, I'd
like to make the following recommendation for future posts.
1. Minimize the text you to which you are replying to the pertinent
info.
2. Everyone use the same method of replying.. (i.e. inline, top or
bottom) I don't care which but it's really getting tough to follow.
3. Keep the discussion going as I'm really getting alot out of this.
;-)
Sincerely,
Chuck Fullerton
It is a pretty complex issue due to the questions raised. I'll try to clip
things a bit. It was hard to look at it in a simple manner because it involves
several interelated ares I tried to break it into the main issues. Perhaps I
should have tried to spell out my points a little more clearly. But it gets
down to the whole meat of all sorts of legal things, like the questions of
knowingfully and willfully doing something proscribed. The attempts to seperate
this from just overlooking of something or the concerns of privacy. The
interesting thing for me was when someone brought up the concept of "virtual
children" as that was actually legally looked into.
What I think would be really edifying is what things are like in other legal
systems such as the EU systems and world courts. I say this because one of the
big uses of electronic evidence in prosecutions has been with the federal
courts attempts to prosecute sex tourists and the not quite underground in that
area. By that I mean one can buy the "Have Sex Fun in Asia" books on the
secondary open market.
My suspicion is there is convert attempt to push things into a more
interventionist stance in the hopes that things might be discovered. The
problem I see in states with extensive privacy like California is how much one
can go through a user's files without their leave. As far as I can tell there
has been no real legal precedent and prosecution on the ideas of that say
sysadmins are overlooking something.
The really insteresting issue is whether the beginning of thread question
behavior was highly illegal because it involved destruction of potential
evidence. That means it would have to be pretty egregiously say "child porn"
and not just say soi disant 18 year olds who weren't. Curious that the 18 as
age of adulthood allows two precious years for porn folks to say "Hot Teens"
etc. and still be on the safe side.
Now the other interesting thing and I am worrying I am making it more
complicated than it should be is the hope by some prosecutors that the US would
sign treaties the US might have to at least try to obey that would accomplish
what they want without getting it passed or having legal precedent in the US.
Note MI-6 tried this in reverse about another issue and it died a quiet death.
There is a site on the net run by a certain architect and he has been a thorn
in the side of MI-5 and MI-6 and "Gardie" (sorry can'r remember real spelling)
in Ireland(North and South). Due to the strong First Amendment in the US it has
been impossible to block publishing in the US and on the Internet of this
information which actually involved pictures of Northern Ireland's Internal
Police Folks that work in terrorism supression. They were hoping a treaty would
allow them to get at the US publishers and that failed.
Overall my suspicion is that overall this end-run technique will fail in
general. It is interesting because the failure of the Michael Jackson
prosecution pretty much left the Federal Prosecutors as the lone rangers who
seldom fail at these various sex crimes prosecutions. It would be their ability
to win consistently and get people declared accesories that would change
things. I don't think that ios going to happen.
Note I won't extend this because it is already longer and more convoluted than
I intended it. I am going to kind of shut up now because this is sort of the
state of knowledge and practice as I am aware of it. Again if someone knows
about these things in other legal systems or has any insights into the attempts
to stop people using encryption I would like to hear it.
Have Fun,
Sends Steve
P.S. If anyone finds interesting cases or precedents I would like to hear of
them. All that stuff of knowing the cases that set precedent like one knows
good novels one has read or movies one has watched that made a tatement has
finally began to sink in. It took a long time and a lot of reading but I now
know why they quoted things involving Youngstown Tool and Die cases in
Constitution Rights cases.;)
Have Fun,
Sends Steve
P.S. Note I have bcc'd many recipients in case they aren't on the list and
trying to keep the email to have get moderator approval...
________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Steve Kudlak
Sent: Sunday, September 04, 2005 1:45 AM
To: dave kleiman
Cc: 'Craig, Tobin (OIG)'; echow@xxxxxxxxxxxx; 'Sadler,Connie';
jbeauford@xxxxxxxxxxxxxxxxx; 'Full-Disclosure';
security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] RE: Computer forensics to uncover
illegalinternet use
dave kleiman wrote:
Steve,
Inline..
Hate to play alwyer here but doesn't all of this get
shot down by 3rd
Circuit Federal Court of Appeals decisions regarding
the FBI's
Innocent Images project? It basicly shot down the
concept of "you
clicked on a chold porn link therefore you're guilty."
Well that applies to when it is determined that it was
innocent. This could
be via pop-up, trojan, or maleware of some kind.
This is all enshired in Federal
Cases. No one must admit that a good prosecutor can
indioct a ham
sandwich and all that. But overall that doesn't happen.
Now Federal Prosecutors and Investigations staffs are
very good at
sort of getting warrants and raiding someone's house
or business and
going thru everything. But if the person doesn't scare
and cop to
something they never did, then federal prosecutors
generally have to
back off in cases where it is just things accumulating
on disks etc.
Well they do not usually prosecute ham sandwiches, BLT's maybe.
I love how everyone is quick to say things just magically
accumulated on
their H/D. However, they tend not back of when a file
structure is found
with hundreds of images, often burned to CD's.
Futhermore in
states with a high privacy expectation like California
there is a good
reason to say "We don't go through our customers data
looking for
things out of the ordinary". One might argue it to be
different it
were one's employees. However if you are offering a
primo privacy
service then you can legitimately scrub disks as a part
of the biz
plan.
Well that may be, of course you missed the beginning of these
threads, where
Mr. Combs suggested after discovering contraband on and
employees H/D, to
make a copy of it take the copy to the companies attorney. Wipe
the original
and "best course of action is to purposefully falsify the
record of the
company's response to the incident"
The full threads can be read here:
http://seclists.org/lists/security-basics/2005/Sep/subject.html
http://seclists.org/lists/security-basics/2005/Aug/subject.html
Much of Law Enforcement and theiir Public Providers of
services
depends on scaring people and businesses into good
behavior when it is
neither necessary or ethical. My suspicion is that one
can ignore this
tactic if one wishes as one is reasonably careful.. I
am sure that
people will be offereing "Computer Forensics Services"
to find the
scary things on your compnys disks for $500 a pop but
no good reason
one has to engage in such silliness.
Yes that crazy scaring people into good behavior....... Oh wait
that is
right only reasonably prudent people follow the law, criminals
tend to not
care if there is law against something, they are not scared
into not
committing crimes, that is why they are criminals.
Kind of like the lawlessness that is occurring in the situation
you
mentioned below. Some people would say that the devastation
has turned
these people into criminals. Although, the reality is the
people committing
the crimes are the same ones that were committing them before
the
devastation.
Excuse my flipness. I just got through friends caught
up in this call
people stranded and alone by the hurricane in the
SOuthland and all
these other things do ring silly right now.
Regards,
Dave
For a long time I sysop'd an open system, I dunno how much time I ended
up deleteing "girl with vaccum cleaner" pictures. This is getting weirder and
weirder because with photoshop people can create things that do not exist in
real reality. Of course you have really funny things like this one image that
was from Japanese advertizing. They had a 10 year girl with this incredibly
large pretty phallic looking squirt gun which she was squirting with a look of
bliss on her face. It was pretty funny. It was funny how when showed this image
it became a "cynicism filter". People would divide into the group that thought
this was completely enmgineerd from the get-go and those who thought it was
just some werid thing that came out and no one noticed it, or that it was the
product of the fact that much of Japanese Culture doesn't quite go looking for
all possible suggestive variants. It really became a filter.
Now my suspicion about people in the US Southland is that it is a bit
of opppurtunism in the face of despair and the feeling that "whitey has been
shitting on us for centuries". Me being on the North American West Coast
doesn't notice that because there were no slave quarters and slave markets in
California, Washington, Oregon, British Columbia and we are apt to think a
"quadroon" is a small gold coin that would be nice to find in one's
progentitors coin collection. I don't think it is because there is just a
massive criminal element hidden from us. Now some of the behavior sounded like
what I found in my tenure at a small residential hotel. From the last week of
the month to the first week of the next month a number of curious items would
end up for sale. It was always curious to imagine where these items came from,
some were legitimatgely obtained, others probably not. There was always an
argument among the low rent district types that universally almost always
aligned as "crazy white guys accusing mexicans of shop lifting and reselling,
whereas many of the items they had could be seen as coming from equally
questionable sources.
Now if one talks to Federal Proscutors they will tell you that they
feel comfortable with their "Vacuum Cleaner" approach. They feel if they do go
and get everyone questionables stuff and go through it, then one will be able
to determine how many folks had thing accumulating on their disk and how many
actively collected it etc. Now interestingly with the Third Circuit's Decision
which is close to rock solid at this point in precdent, people like journalists
would sort of get wide descretion especially if they were working on stories
and doing investigations etc.
Two other things come in here. In both the US Ninth Circuit and Upper
Level Courts of British Columbia it has been held that one can not commit
crimes against "virtual children" or "animated descriptions of children etc".
This means the general belief in liberal democracies that "thought crimes" are
questionable is beginning to be enshired in code and precedent. I am pretty
sure this is well embedded in North American Culture and is apt not to go away
even with the idea, darfe I say spectre two very conservative reversalist
judges on the Supreme Court. Note I have not had time to study how things work
in the EU or even Australia.
Now technoculturally want this may eventually provoke is the use of
high grade encryption by more people. Right now I know even artists who hqave
become more technologically saavy and who encrypt things even when legal code
is on their side overall. In the 1970s and 1980s there were a number of legal
razzlements of artists who used their children as nude models no matter how
innocent. This went too far and eventaully what got established is the concept
that "simple nudity is not obscene". It is interesting because artists are not
usually seen as users or consumers of secuiity products and things like
encryption.
Anyway this is all very interesting and we do live in interesting
times. So it will be interesting to see how this will go and whether the
bizness idea of trying to safe from all possible wrongdoing or perceived
wrongdoing will win out overall. I know lots of vendors and security
consultants have been hoping that "porn protection" would turn into a
lucerative field but so far it doesn't compare to virus and malware protection.
Interestingly in artist circles the whole imaging thing has turned into
"sousveillence" and artists have been having way too much fun turning the
cameras back on the people who usually use them. It is interesting that people
like Sudo Chiles House who was one of the first people to install a "cam" which
in her case was a 35mm camera that took pictures regularly of her bedroom is
all buit forgotten in the modern installatiion of cams in various public and
private spaces. Note the UK and places in Florida have been very much into the
"you are being watched" theory of crime control. I also have heard tales of
"spy camera destroyers" who have been running around spray painting cameras but
I think that is not widespread at this point. Hmmm, indeed these are
interesting times. whether it is a blessing or a curse is an open question.
Have Fun,
Sends Steve
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/