Worried about Digital Evidence Tampering? 292
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
Only solution (Score:3, Insightful)
This shouldn't change anything (Score:4, Insightful)
Chain of custody (Score:5, Insightful)
DIGITAL evidence ? (Score:5, Insightful)
Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.
Tamper vs Analyse (Score:5, Insightful)
There are actually cases of people photoshopping fingerprints to "bring them out".
Is that evidence tampering?
What if they just use a large burn/dodge tool? what if they just use a small one?
Where is the line?
Fear of false tampering claims (Score:5, Insightful)
In practice, the rejection of valid evidence will probably be a bigger problem than the creation of invalid evidence.
Re:Chain of custody (Score:1, Insightful)
Seems kinda funny (Score:4, Insightful)
It's only a matter of time (Score:2, Insightful)
At first, photography wasn't accepted right away, and it shouldn't have been. I mean, if I were to persuade you in trying my new revolutionary kind of car, which could put your life at risk, wouldn't you want to have enough details about the risks involved before making the decision of buying the vehicule? I sure would.
partial answers to issues raisedin articles (Score:5, Insightful)
modify ONLY copies
originals all go onto read-only media
checksum religiously
WRITE GOOD POLICY for maintaining digital evidence...and post it before you start using digital media. Review it once a year, or more often to revise for unforeseen issues. Educate your detectives, and your Asst. DA's.
Rinse, later, repeat.
Market opportunity... (Score:4, Insightful)
Precedent Set by Common Sense? (Score:5, Insightful)
Lawmakers should take this into account and require the prosecution or plaintiff show beyond a reasonable doubt that the data can in fact be reasonably trusted and has not been handled by an untrusted or malicious party.
Overall, this question raises a lot of issues. But I feel the courts need to decide on a set of guidelines that can be used to assure the jury and the defense that the evidence presented to support accusations can in fact be trusted.
Because who's to say an overzaelous prosecuter didn't hire someone to "put" something on the suspect HD?
But even then the courts might have a hard time ahead. Already we've seen cases that raise this question in which there can be no "safe-guard" and in fact the defense relies upon the exploitablity of software. This was demonstrated in the kiddie porn trial in the UK in which the defendant got aquitted because his lawyers successfully argued that a virus planted the porn on his PC.
Ulitmately, it is double-sided issues such as this that are leading us down the path of Microsofts Secure Computing initiative. But that is a mission that is doomed from the start... history shows us that no matter how secure they make it, some one will break it.
Re:Only solution (Score:5, Insightful)
Please clarify your point, because you either didn't think your comment through, or meant something entirely different than what you wrote.
Re:Seems kinda funny (Score:3, Insightful)
We need people who will look at the computers output and say, "That can't be right. I don't care if it came from the computer, it can't be right!" Like especially the doctor who is just about to remove a cancerous lymph node, and the computer is telling him/her to amputate your leg.
Also, "ownership" of events (Score:5, Insightful)
But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:
- secrets can be observed.
- "evidence" can be planted.
- activities can be spoofed.
Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.
Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).
Scary stuff...
Re:Only solution (Score:5, Insightful)
Re:DRM? (Score:4, Insightful)
Someone who is highly skilled in photoshop can easily manipulate an image well enough that even people in the image can't quite tell what if anything is different. This is quite common with photos used for magazine covers, advertising and the like.
Your Honor, the prosecution submits... (Score:3, Insightful)
And here is Exhibit C, film footage where President Kennedy can clearly be seen saying "Congratulations, how does it feel to be an All-American?" to Forrest Gump.
Re:DRM? (Score:2, Insightful)
Re:Nothing new here. Move along. (Score:3, Insightful)
It's happened with DNA, fingerprints, computer cracking.... Hopefully the technology is eventually ironed out such that this stops happening.]
Meantime, this is cold comfort to victims of such miscarriages of justice, or their families.
But it's two edged:
DNA evidence is now being used to clear people who have spent decades in prison for crimes they didn't commit.
At least if you have the death penalty the vctim of the miscarriage of justice (eventually) isn't in too much of a position to care.
And it puts them beyond reach of ANY correction, when technology advances to the point where it can discover and prove their innocence, winning them release (and millions in restitution for the false imprisonment).
See The Innocence Project for more.
I, at least, am totally opposed to the death penalty. Not because the crooks don't deserve it - most of 'em do. But because it's administered by a government, with at least the usual levels of incompetence, corruption, and misuse for oppression of any government project.
Mandatory life without parole has the advantage that you CAN bring somebody back if it turns out they were innocent. It's really hard to do that once they're dead. Also: It's cheaper, since you don't get as many appeals. And you don't get so many innocents plea-barganing themselves into long jail terms rather than risk death for a crime they didn't commit but can't prove it.
Re:Only solution (Score:5, Insightful)
Then the images could be copied to cdrom along with the md5 sums. If the defense feels that the images have been tampered with, they can always be verified against the md5sum and then if so, the archived memory card.
Re:Digital sound evicence (Score:4, Insightful)
And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.
Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.
Re:Wrong (Score:4, Insightful)
Ah, but they were written by someone who broke into your machine, used a keylogger to get your passphrase, and were sent by this other individual while you were out having a beer with your buddies.
Sure, you have a good record that the email was sent at 8:30pm, but, then you can't really prove that you were at the corner bar at that time. After all, will the jury believe the testamony of your drinking buddies, or a cold, cryptographically-secure computer log?
(Admittedly, this is less likely to be an issue in investigating a crime that has already been committed... but if it's a computer-related crime, the probability goes up.)
Do you trust the system administrator? (Score:5, Insightful)
Now let's say that the person who did this is found because he forgot to modify/erace the system logs and a criminal trial begins.
Now let's also say he hires Jacky Childs as his lawyer who asks the system admins, under oath, if the system logs are nothing more than common text files. Then he asks if it is possible that any of the admins could log on and edit that text file log. Unless they got the logs being directed to a line printer an constantly printed out, Jacky Childs just found his reasonable doubt. Good luck with the civil suits!
Seriously though, this could be a real problem one day soon.
That's why (Score:1, Insightful)
If DNA wasn't enough to convict OJ Simpson of murder then how can some digital numbers on a piece of paper be enough to find anyone guilty of sharing a file?
After all, the numbers could be forged, spoofed, mistranlated....and the burden of proof is with the plaintiff.
The scary part... (Score:5, Insightful)
Um, yeah. Well, if they're encrypted, you either:
I think what he meant to say was checksummed and encrypted. While this does provide a reasonable degree of security against tampering, it in no way establishes that the pictures were real in the first place. It is a very trivial matter to write a CD today with a date of 01/01/1998.
Yes, checksumming does provide a reasonable degree of security provided other safegaurds are taken. However, defeating this scheme is still too simple. Consider:
Tell me I'm more secure now. Evidence fakery has been around since mankind learned to lie. The digital age just makes it more convenient.
Re:The scary part... (Score:2, Insightful)
Oy! The parent poster has described a delightfully paranoid scenario--that the system is already designed to guard against. It's already supposed to be difficult to tamper with physical evidence. Chain of custody must always be carefully maintained. Checking out and then replacing a CD full of evidence? Nonsense. You can't just sneak a CD into a storage locker and expect it to be allowed anywhere near a jury. If you could do that, you might as well just plant a hair from the suspect on an old piece of clothing, or something similar--except you can't do that either, because the evidence bag is signed and sealed.
The CD would be harder to tamper with, because there would likely be multiple copies in secure locations. You can't do that with physical evidence. Further, there would be no reason for anyone to be allowed to take the CD with them--any investigator who wanted to look at the evidence could have a copy burned for their use, leaving the original safely stored away.
Yes, some sort of evidence tampering could in principle take place before the CD was burned, but tampering after the fact is going to be more difficult than with 'conventional' evidence.
Re:Only solution (Score:2, Insightful)
My job is editing video. the only tool I have is Final Cut Pro. Sometimes a person on a program will say something wrong, make a mistake, or I just need to cut for time. I have to make choices all the time about what to cut, and the most difficult thing is often preserving good grammar and the original sense of what the person was saying. Gatekeeping and simple editing are huge, and can't be detected at all if everyone keeps their mouth shut.
More on point, seamless, untraceable sound editing can be done right now and cheaply. I have made someone "say" they were in one town, when they originally said they were in another. I wasn't sure if I had it right until I ran the edit past my boss and he said "what edit?" That's with the primitive sound editing tools built into FCP. That's today!
Obviously it's going to be difficult to put an AK-47 into the hands of a person that really was carrying a beach ball. Manipulation doesn't have to be that obvious. What about changing a single letter on a license plate, or making painting an inconvenient bullet hole out of a wall? I submit that stuff like that can and is being done. Take Hollywood, for instance. OK, they put out 90% crap, but their fakery skills are unmatched, and they are for hire.
It isn't difficult to notice low grade Photoshop chicanery. My brother showed me some of his work in a printed magazine and said to point out the fake. It took me just seconds. He had put a guy in a group photo that was never in that room. That was a rush job in a low resolution printed picture, but it got past his bosses and the audience. Photoshop isn't my area, (yet, hopefully,) but I bet an expert could blow simple manipulations past anyone, everytime.
This ignores your more cryptographic honesty helpers, somebody else is probably going to talk about that at length.
The above, parent post is right, I think. Dot it right and nobody will notice. If you don't notice, what's the chance of doubting it?
Personally, I only trust pictures and audio to the degree that I trust the person that made them and everyone downstream from the creator. Luckily most people are too lazy to make a really good fake.
Re:Do you know nothing about Technology? (Score:3, Insightful)
Re:Only solution (Score:3, Insightful)
Damn Straight!!!
When it is not possible to prove that a crime was committed, how can it be reasonable to advocate prosecution of said "crime"?
Isn't that just asking for abuse?
Disassociate the REAL issue (lack of provability) with the EMOTIONAL plea (save the children, stop kiddy porn).
-dave-
PS:
Do you advocate Illegalizing the Hollywood movie industry? After all, since "consuming Kiddyporn leads to child abuse" (hence its need to be illegalized), doesn't consuming visual violence, abuse, and nudity do the same, leading to physical and mental abuse?
If not, you are as hypocritical as everyone else who arbitrarily supports "save the kids"-style legislation. The same rationalization applies in both cases.
I bet you think the USA-PATRIOT act is a good idea, too! =)
Those who would trade essential freedoms for temporary, illusory, "children's safety" will receive neither, and deserve naught!!
Re:Do you trust the system administrator? (Score:3, Insightful)
Second, you seem a bit upset. Calm down. You got the point of the whole thing although you seem to be upset that in my scenario they cought the guy that did it. I only made the crime a severe one to give the trial importance. You seem to think I am saying something that I am not.
Interesting that you bring up DNA. If enough criminals figure out how to harvest dna from like hospital medical waste or such and leaving it at crime scenes I could see Lawyers trying to get DNA inadmissible in court.
About that last part you wrote Dave. How did we get from is the system admin trustworthy to evidence of an assassination on somebody's machine? Through worms and rooting machines files get dumped places all the time. However in court the word of a system admin and his logs is considered truth. This will likely change. Maybe it should change. Actually I probably should have brought this up in my origonal post. My bad.
What if the admin used his job to alter the logs himself to hide a crime he committed? I have yet to meet an evil sys admin, but it could happen.
Mrhandstand brought up some interesting software and ideas on how to do things, but a lawyer doesn't need to prove the system is flawed; he just needs to get one person on a jury to think it might be flawed.
Re:This shouldn't change anything (Score:3, Insightful)
Re:having porn is not against law (Score:3, Insightful)
No, we're talking about the legalities of digital evidence under US law.
However i was talking this example to my friend, US based psychologist who is working for as an officially appointed expert. She said i would be probably OK. But she may be wrong, of course.
There are a lot of viriables to consider, but here's the basic situation:
If you never show those pictures to anyone else you would certainly be OK. Even if you did allow someone else to see them, you would probably still be OK, unless that person were EXTREMELY uptight and reported you. If you were to make them publicly available, like on the web for example, you would quite likely be arrested.
If it went to trial, I'd say you'd have an even chance in general, but it would depend very much on the community from which the jury was drawn and the laws of that area. Standards and laws regarding decency, obsenity, pornography, etc vary wildly from state to state. Indeed, the legal definition of obscenity is based on the standards of the community.
Age of consent is 15 in Czech and it is going to be lowered. It is as low as 12 in some European countries, including catholic Vatican. However it is OK to have sex if both partners are under this limit. I would bet, however I do not know any official statistic, that average age to lose virginity for a czech girl is under 15 these days, at least in large cities and certainly counting non coital sex pratices.
As I said, age of consent is determined by state law, not federal law. Here in California I believe it's 16, I know there are some states where it is 14, and there may be states where it is 12, though I don't know that for sure. 16 or 17 is always a safe bet, though if the age difference is more than 4 years it could still be statutory rape. Again, though, that varies by state.
Perhaps I should also note that it was illegal to produce pornography at all in California until less than 30 years ago (I don't know the exact date), when that law was challenged and struck down by the court.
That said, the average age when an American girl loses her virginity is probably also about 15.
The age for creating porn is however 18 but again, it is not used (or may be even does not apply) if people are taking pictures of themselves for their personal usage.
I've heard of people being prosecuted for child porn for having pictures of their infant taking a bath. That's an extreme case, and most of the time those pictures would be perfectly OK, but one always has to remember that it's based on the standards of the community as represented by the 12 people on the jury, and that the jury consists of 12 people who're too dumb to get out of jury duty.
it is either a country of hypocrites or a country of ascetics.
I wouldn't say we're any more hypocritical than the people of any other nation, just in our own particular way. The first colonists were Puritans, who known for being extremely uptight, and our laws still reflect that to a large extent, even though our society in general is rapidly degenerating into vulgar hedonism.