PDA

View Full Version : Interersting comments (legal related)



Tar Devil
01-15-2009, 10:50 AM
I was reading an article by Massad Ayoob and happened across this paragraph...


I’m in my 34th year as a sworn police officer, my 19th as a certified “police prosecutor,” and I know for a fact that we DO have the technology to pull things out of your hard drive that you thought were deleted. We DO have the right to ask you, under penalty of perjury, whether you post on any Internet forum, and under what name, and we DO have the power to subpoena any posts via your IP from the Internet hosts, who under law have no choice but to “give you up.” Don’t let the seeming anonymity of the Internet delude you: when things get serious, you won’t be anonymous anymore.

Most of you probably already knew this. Still kinda scary to read.

Flying Orca
01-15-2009, 02:56 PM
There are ways and ways, if you're determined. ;) Me, I don't really care.

TimH
01-15-2009, 02:58 PM
I would be flattered that they were interested in my boring life. Both online and off :)

Captain Blight
01-15-2009, 03:07 PM
A really heavy-duty electomagnet? Next to my computer? Why do you ask what I need that for? Youse guys with the CSI and the crime labs and the HEY HEY HEY are so smart, you can probably answer that one for me!!

Maybe I need to build an EMP gun.

TimH
01-15-2009, 03:13 PM
I believe there is software that will specifically overwrite your data in such a way that they cannot retreive it.

botebum
01-15-2009, 03:19 PM
"We DO have the right to ask you, under penalty of perjury, whether you post on any Internet forum, and under what name, ..."
They can ask anything they want. I don't have to tell them squat. Ya' see, there's this little piece of paper called the bill of rights:rolleyes:

Doug

TomF
01-15-2009, 03:21 PM
Doug,

Have you read the Patriot Act? You don't need to answer, but then they don't need to be nice.

botebum
01-15-2009, 03:23 PM
The Patriot Act won't be around forever, at least not in its present form.

Doug

TomF
01-15-2009, 03:29 PM
That's certainly my hope.

Concordia...41
01-15-2009, 03:32 PM
I believe there is software that will specifically overwrite your data in such a way that they cannot retreive it.

There may be something new, but our computer forensic guy - former FDLE officer - has stated that the only way to make hard drive data irretrievable is to use a 357 :D (That will surely appeal to some of the gun lovers here).

He said one of the most common things they ran into was someone who caught wind that they were about to be arrested or served with a warrant - say they get tipped off about 3 pm. Our guy says there's usually a time-date stamp on the computer from about 4 pm where they downloaded and ran a program like "Hard Drive Washer" :rolleyes:

So not only is the data still there from a forensic standpoint, but the evidence of attempted destruction of evidence can win them a tampering with evidence charge. :D

It's interesting from a forensic standpoint. Five or so years ago, we had one of the first cases here where the defendant's Google searches were used by the prosecution. Scott Barber was accused of murdering his wife on the beach, shooting himself and claiming they were robbed and that his wife was shot by the assailant. Unfortunately for him, he'd Googled - in great detail - exactly how to shoot himself without inducing lethal injury. Plus a bunch about evidence handling & he'd even Googled the primary parties that would be investigating him including Sheriff's detectives and the prosecutor.

Kinda odd since he was getting ready to take his wife out to dinner and for a romantic walk on the beach... He's got life in prison without the chance of parole to think about things he could have done differently... :(

Joe (SoCal)
01-15-2009, 03:34 PM
I'm Joe ( Cold Spring on Hudson ) I live in Cold Spring on Hudson I post on the WoodenBoat Forum under the name Joe ( Cold Spring on Hudson )

There ya go no subpoena needed ;)

TimH
01-15-2009, 03:42 PM
there are secure file systems for Linux. I did a presentation in an operating systems class I took and on of the OSs was StegFS

Cryptographic file systems store files and associated metadataonly in encrypted form on non-volatile media. They can provide the user someprotection against the unwanted disclosure of information to anyone who getsphysical control over the storage unit.Assuming correctly implemented encryption software is used as designed,and cryptanalysis remains infeasible, an attacker can still chose among varioustactics to enforce access to encrypted file systems. Brief physical access to acomputer is, for instance, sufficient to install additional software or hardwarethat allow an attacker to reconstruct encryption keys at a distance. (UHF bursttransmitters that can be installed by non-experts inside any PC keyboard within10–12 minutes are now commercially available, as are eavesdropping drivers thatwill covertly transmit keystrokes and secret keys via network links.) An entirelydifferent class of tactics focuses on the key holders, who can be threatened with sanctions as long as there remains undecryptable ciphertext on their storage. We are interested in data protection technologies for this latter case,especially considering that attackers can often be more persuasive when thedata owner cannot plausibly deny that not all access keys have already beenrevealed.Plausible deniability [7] shall refer here to a security property of a mechanismthat allows parties to claim to others (e.g., a judge) that some information is notin their possession or that some transaction has not taken place. The one-timepad is a well-known encryption technique with plausible deniability, because forevery given ciphertext, a decryption key can be found that leads to a harmlessmessage. However such schemes are only practical for short messages and arenot generally suited for data storage.Anderson, Needham and Shamir [6] outlined first designs for encrypted filestores with a plausible-deniability mechanism, which they called steganographicfile systems. They aim to provide a secure file system where the risk of usersbeing forced to reveal their keys or other private data is diminished by allowingthe users to deny believably that any further encrypted data is located on thedisk. Steganographic file systems are designed to give a high degree of protectionagainst compulsion to disclose their contents. A user who knows the passwordfor a set of files can access it. Attackers without this knowledge cannot gain anyinformation as to whether the file exists or not, even if they have full access tothe hardware and software.

Flying Orca
01-15-2009, 03:43 PM
I believe there is software that will specifically overwrite your data in such a way that they cannot retreive it.

I wouldn't trust it. Crypto is probably better, but physical destruction is the only sure cure.

Tar Devil
01-15-2009, 03:54 PM
The Patriot Act won't be around forever, at least not in its present form.

Doug

Doesn't change anything about what Ayoob said.

htom
01-15-2009, 04:21 PM
engadget.com: cold-boot-disk-encryption-attack-is-shockingly-effective/ (http://www.engadget.com/2008/02/21/cold-boot-disk-encryption-attack-is-shockingly-effective/)

A large box of Thermite may be your friend, but even if it works, with the net's alterable memory, you've just destroyed your claim of innocence.

seanz
01-15-2009, 04:57 PM
I tink thermites only work on timber hardware.

Mad Scientist
01-15-2009, 06:26 PM
It's interesting that ISPs claim to protect our privacy (within legal limits), but anyone who has been given access to a military network (and this probably applies to internal corporate nets too) is required to sign a document stating that there cannot be any assumption of privacy on such a network.
Computers are meant to protect data, rather than allowing users to delete data. Therefore, I can't imagine why anybody would assume that anything that we do on a computer (especially if it's online) could ever be kept 'private'.

Tom

hokiefan
01-15-2009, 07:24 PM
Most large employers tell you explicitly that there is no privacy on their network. Not that you can't assume there is no privacy, but flatly that there isn't any. They own it, and provide it to you for business purposes. If you use it for personal uses, usually allowed within moderation, it is still theirs and they have the right to monitor your use. They typically don't go looking just because, but if they have reason they will review everything you have done.

This is, obviously, a much different situation than what you do on your personal computer.

Cheers,

Bobby

paladin
01-15-2009, 07:28 PM
TimH....that data and the burst transmitters has been around for 30 years, and although my computer is not encrypted I do have another system where there's only 2 people(organizations) in the world with the assets to break the system and that would involve disassembling the physical memory and reading the program directly from the silicon. That is the way the Nuke stuff is stored. I worked on that program 25 years ago.

The Bigfella
01-15-2009, 08:27 PM
I was talking to the CIO of a major corporation where I was doing a job a couple of years back. He was complaining about his bedtime reading. He had a printout of every website access by all employees. He had to go through it looking to see who had accessed inappropriate sites.

Another company - a major business advisory firm - I was doing an induction course and this issue was covered. They pointed out that a new employee had been terminated that day for accessing inappropriate material.