Forgot your password?
typodupeerror
Graphics Software Government The Courts Your Rights Online News

Worried about Digital Evidence Tampering? 292

Posted by michael
from the she-blinded-me-with-science dept.
2marcus writes "As digital technology continues to improve and is used in more and more applications, the ease of tampering with digital files becomes more pertinent. This is especially important in the field of criminal justice, where even the appearance of possible impropriety can sway a jury. CNN has an article on the issues with digital photos being used for fingerprints and other forensics evidence."
This discussion has been archived. No new comments can be posted.

Worried about Digital Evidence Tampering?

Comments Filter:
  • Only solution (Score:3, Insightful)

    by Anonymous Coward on Tuesday February 10, 2004 @03:14PM (#8240568)
    make digital evidence inadmissable. Photoshopping/gimping/email fraud/video editing is becoming too easy and too difficult to trace.
    • Re:Only solution (Score:5, Insightful)

      by metallicagoaltender (187235) on Tuesday February 10, 2004 @03:32PM (#8240790) Homepage
      Uhhhhh...you just made it next to impossible to prosecute a lot of crimes. Take kiddie porn for example - you're saying that a hard drive full of kiddie porn images shouldn't be admissable?

      Please clarify your point, because you either didn't think your comment through, or meant something entirely different than what you wrote.
      • four words (Score:5, Interesting)

        by Anonymous Coward on Tuesday February 10, 2004 @03:49PM (#8240960)

        (referring to the parent post, not the grandparent): b b witch hunt.

        ok, so the FBI raids someone's PC on suspicion of kiddie porn. Now, the PC has been out of the hands of the suspect. What's to stop the FBI from planting kiddie porn on the hard drive? And will it, in the end, even be neccessary to find porn on the hard drive? Links might be enough (links that might have resulted from IE's insecurities, for example?) ... after all, THINK OF THE CHILDREN!

        I truly despise child pornographers, but are we heading for a police state in the name of anti-terrorism and anti-kiddie porn?

        Maybe DRM actually makes sense in this context. I would rather be unable to get porn at all than be prosecuted for planted porn. (the OS could be programmed to reject any files that have porno-like meta-data in their headers, or however DRM works). Granted, this solution would keep all porn (including "legal" porn) out, but it would solve the problem.

        • Re:four words (Score:3, Interesting)

          by BitterOak (537666)
          Maybe DRM actually makes sense in this context. I would rather be unable to get porn at all than be prosecuted for planted porn. (the OS could be programmed to reject any files that have porno-like meta-data in their headers, or however DRM works).

          This is so obviously a troll, I'm tempted not to respond, but in case anyone takes this seriously, I'll pose the following obvious question. If someone were making kiddie porn for the purpose of selling or distributing it, why would they include metadata tags w

      • Re:Only solution (Score:4, Interesting)

        by JimBobJoe (2758) <swiftheart@NOSPam.gmail.com> on Tuesday February 10, 2004 @05:55PM (#8242374)
        you're saying that a hard drive full of kiddie porn images shouldn't be admissable?


        There are quite a lot of issues with kiddie porn prosecution.

        So I read about this article saying they got person X on kiddie porn charges, and yet I wonder how much of that is real kiddie porn, as opposed to

        *photoshopped kiddie porn
        *18 and over porn, but with really young looking girls

        the latter is of interest to me, there's a lot of really young looking girls used in porn, and I assume that the photographer and webmasters have done their duty to make sure the person is 18. However, those credentials don't pass over the net to the photo sitting on the hard drive, how does law enforcement know or not know if the girl really is over 18, though she could pass for 14?

        As for the former, the idea of photoshopped kiddie porn is that it's kiddie porn without, hyptohetically speaking, having hurt a chlid in the process. Should that be illegal in that a person who consumed photoshopped kiddie porn is very likely to commit such an act? That's an ugly precedent.

        Of course, this doesn't even touch the surface of what the difference is between kiddie porn and children who happen not to have any clothes on. Apparently the standard is some sorta fuzzy concept of one type of pic was taken specifically for the purpose of getting off, and the other was not.

        Really odd case from Australia: a guy there makes videos of himself getting kicked in the jewels--that's the sexual fetish. He made one of a 14 year old kicking him, and was brought in on kiddie porn charges (though the girl was completely clothed.) The idea here is that a girl was being used for sexual satisfaction, though, under normal circumstances, it hardly is a sexual situation. (Dunno what happened to the case.)

        Honestly, this is a mine field of questions that no one wants to talk about or answer.

      • Re:Only solution (Score:3, Insightful)

        by vDave420 (649776)

        Uhhhhh...you just made it next to impossible to prosecute a lot of crimes. Take kiddie porn for example - you're saying that a hard drive full of kiddie porn images shouldn't be admissable?

        Damn Straight!!!

        When it is not possible to prove that a crime was committed, how can it be reasonable to advocate prosecution of said "crime"?

        Isn't that just asking for abuse?

        Disassociate the REAL issue (lack of provability) with the EMOTIONAL plea (save the children, stop kiddy porn).

        -dave-

        PS:
        Do you

    • Re:Only solution (Score:5, Insightful)

      by gcaseye6677 (694805) on Tuesday February 10, 2004 @03:39PM (#8240860)
      With our society relying on more digitized information all the time, it is not practical to make it all inadmissable as evidence. There's no way in the world that you could prosecute computer crime or for that matter almost any fraud without digital evidence. As for the photo example, non digital photos can be doctored as well. For example, you could doctor a photo digitally, recapture the picture with film and develop the non-digital photo of the digitally altered image. If its done well, it would be very hard to detect. Bottom line is, we need better evidence authentication, not exclusion of all digital evidence.
      • Re:Only solution (Score:5, Insightful)

        by Mysticalfruit (533341) on Tuesday February 10, 2004 @03:46PM (#8240926) Journal
        Possibly, here's one expensive solution. Some solid state memory card company should start making write once memory that would work in a digital camera. Along with the image would be an md5 sum.

        Then the images could be copied to cdrom along with the md5 sums. If the defense feels that the images have been tampered with, they can always be verified against the md5sum and then if so, the archived memory card.
        • by micromoog (206608) on Tuesday February 10, 2004 @04:13PM (#8241215)
          Your solution is entirely too concise, simple, and complete. Law enforcement will never go for it.
        • Re:Only solution (Score:2, Informative)

          by Jim_Maryland (718224)
          Some solid state memory card company should start making write once memory that would work in a digital camera.

          Unfortunately the benefits of the digital camera are lost then. If I wanted write once media, I would use film. On the other hand, I see where your trying to go with this in setting up a tamper resistant protection scheme. Even so, one could still do some elaborate tampering to bypass security methods. They'd almost have to do it, just for the challenge. Look at all the protection schemes p
        • Re:Only solution (Score:5, Interesting)

          by jandrese (485) * <kensama@vt.edu> on Tuesday February 10, 2004 @04:52PM (#8241637) Homepage Journal
          The thing is, if someone can tamper with the image, they can tamper with the md5sum as well. In your solution, the md5sum is useless, it's the write only memory on the camera that is actually providing your security.
        • Of course... (Score:3, Interesting)

          by Kjella (173770)
          ...if you're playing the Devil's advocate and expect someone like the FBI to frame you, why wouldn't they replace the write-only chip? Simply duplicate all the MD5 sums except those you want to plant.

          Unless you want the camera to digitally sign them as well. Might work, if you have the secret key in a WOM not directly readable (i.e. you may sign the MD5 and verify the signature, but not read the actual key).

          Kjella
        • CD-R? (Score:3, Informative)

          by TubeSteak (669689)
          What about writing to those Mini-CDRs? They have digital camcorders that write to Mini-DVD-R (Sony [kelkoo.co.uk] and DVD-RAM (Hitachi [techtv.com], Sony [digitalfotoclub.com]). I imagine Mini-DVDRs are a much better deal $$$ considering they're 1.47GB/disc and roughly 2 bucks a pop. 1.47 Gigs should go a long way, even on an extremely high end camera.

          The article does bring up a very good point:

          a negative shot on traditional 200-speed film can produce the equivalent of 18 megapixels of resolution. Only highly specialized, expensive digital cameras approach

      • Is the same thing as with physical evidence: At some point, we have to trust our law enforcement. No matter what safeguards we put in place, they can be circumvented. So what we have to do is develop a system that is as good as possable and work with it. This should include all the facets of the physical system such as a complete chain of evidence, sworn statements, ability for indepentand reanaylsis, and then also new things like MD5 signing and such.

        But yes, ultimately, the police will be able to manufac
    • Re:Only solution (Score:5, Informative)

      by JoeBuck (7947) on Tuesday February 10, 2004 @04:05PM (#8241134) Homepage

      It's not hard for experts to detect Photoshop fakery, even if amateurs can be fooled. If you move objects around in the picture, you'll never be able to get every cast shadow right, or get the lighting of the removed objects right. The analysis process that the experts use is analogous to ray tracing run backwards: given the images, figure out where the lighting is. Then boundaries between regions that have been altered and regions that have not come out clearly.

      Furthermore, as its name implies, many of the Photoshop tools correspond to tricks that photographers have traditionally played in darkrooms, it just makes it easier.

      • Re:Only solution (Score:5, Informative)

        by guacamolefoo (577448) on Tuesday February 10, 2004 @04:56PM (#8241668) Homepage Journal
        It's not hard for experts to detect Photoshop fakery, even if amateurs can be fooled.

        I work in wholesale justice -- I do a lot of court-appointed work. There is no way that an expert will be approved in every case to authenticate or detect alterations of digital images. At the basic level of the legal system, the people who most need this sort of protection (accused criminals) will not be able to afford it.

        I like the idea of digital photographs with some sort of cryptographic self-authentication. It would reduce the risk of cowboy cops faking evidence and putting it over on juries and judges. Someone needs to police the police, and this might help.

        GF.
      • Re:Only solution (Score:3, Interesting)

        by NanoGator (522640)
        "It's not hard for experts to detect Photoshop fakery, even if amateurs can be fooled. If you move objects around in the picture, you'll never be able to get every cast shadow right, or get the lighting of the removed objects right."

        Sadly, 'experts' proved that the moon landing was faked, too. Shadows cannot be easily disproven because of things that are happening off-camera.

        The best you can do is detect use of a filter algorithm. Gaussian blur, for example, should be easy to detect. Clone tool? Yo
  • by Anonymous Coward on Tuesday February 10, 2004 @03:14PM (#8240573)
    There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.
    • Wrong (Score:5, Interesting)

      by FreeUser (11483) on Tuesday February 10, 2004 @03:24PM (#8240698)
      There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do. It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.

      Bullshit.

      This should matter a lot.

      Mark Furman's bigotry was enough to create the appearance of "reasonable" doubt as to the veracity of the DNA evidence that unequivocably linked O.J. Simpson to the murder of his ex wife and her friend. Nevermind that the evidence was almost certainly NOT tainted or modified ... the fact that the jury recognized (and weighed most heavilly) was that the honesty of the law enforcement offical(s) was in serious doubt ... and quite frankly, often is.

      Digital evidence is as fleeting as the wind. I can copy a file to your hard drive, make a phone call, and the assumption will be you're guilty. Or a cop could walk in with a CD, do the same thing, and convict you.

      Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).

      Similiar schemes might be applicable to preserving the integrity of digital imagry, video, etc., and it is very important that these issues be addressed.

      We know that the police and the FBI do tamper with evidence. We know that they bear false witness in court ... indeed, we even know of at least one case where the FBI insured that an innocent man was convicted of murder and sent to prison in order to protect their own informant.

      Law enforcement will tamper evidence on occasion, and making it easier for them to do so virtually insures that it will be tampered more often. In order to maintain (or even improve) the integrity of our justice system, we need to make modifying digital evidence as difficult (or impossible) as is possible, and we have numerous tools already to do so.

      Dismissing this issue is foolish ... unless you want a scenerio where any Jury with any technical knowhow whatsoever will always vote to acquit, on the grounds that digital evidence is no more valuable than a he-said/she-said argument.
      • Re:Wrong (Score:4, Insightful)

        by angst_ridden_hipster (23104) on Tuesday February 10, 2004 @03:49PM (#8240970) Homepage Journal
        Gnupg and similiar encryption tools, combined with date and time stamping (perhaps even authenticated date and time stamping via ntp servers) could be deployed relatively simply and make data tampering virtually impossible (e-mails are certain to be real, and have been created on such-and-such a date, etc).

        Ah, but they were written by someone who broke into your machine, used a keylogger to get your passphrase, and were sent by this other individual while you were out having a beer with your buddies.

        Sure, you have a good record that the email was sent at 8:30pm, but, then you can't really prove that you were at the corner bar at that time. After all, will the jury believe the testamony of your drinking buddies, or a cold, cryptographically-secure computer log?

        (Admittedly, this is less likely to be an issue in investigating a crime that has already been committed... but if it's a computer-related crime, the probability goes up.)

      • Nevermind that the evidence was almost certainly NOT tainted or modified

        Almost certainly?

        Excellent, then justice was served, he was almost convicted :-)

    • There has always been the possibility that the evidence could have been tampered with before. Since it is digital this only makes it slightly easier to do.

      Slightly? Right now, I can take a picture of myself and make it look like I'm drinking a beer with Bill Clinton and George W. Bush while we all sit around a table at a titty bar. This wasn't possible 30 years ago.

      It shouldn't matter however because it is always based on the honesty of the law enforcement official to do what is right.

      Law enforcement
      • *Slightly? Right now, I can take a picture of myself and make it look like I'm drinking a beer with Bill Clinton and George W. Bush while we all sit around a table at a titty bar. This wasn't possible 30 years ago.*

        it was. it was slightly harder but it still was possible.

        usually the more important evidence is backed up with somebody saying(under oath) that it's truthful(logs&etc..).
      • by squiggleslash (241428) on Tuesday February 10, 2004 @03:38PM (#8240855) Homepage Journal
        Slightly? Right now, I can take a picture of myself and make it look like I'm drinking a beer with Bill Clinton and George W. Bush while we all sit around a table at a titty bar. This wasn't possible 30 years ago.
        Erm, the old Soviet Union (no jokes please) used to play these kinds of stunt all the time, adding people to pictures where they weren't there, and removing them when they were. Airbrushing and other techniques date back to Stalin, and probably earlier.

        Sure, it's a little easier, but it's not something we suddenly can do that we weren't able to do previously.

        • Erm, the old Soviet Union (no jokes please) used to play these kinds of stunt all the time, adding people to pictures where they weren't there, and removing them when they were. Airbrushing and other techniques date back to Stalin, and probably earlier.

          Actually, the KGB tended to prefer actually kidnapping you, drugging you, and actually sitting you down at a titty bar.

          It's a lot easier than airbrushing someone out, and impossible to disprove(whereas the airbrushed photos were usually very obviously air

        • So what you're saying is that one of the most powerful governments on the planet (30 years ago) could do things that lay people such as myself can do today...

    • Chain of Evidence (Score:4, Informative)

      by Anonymous Coward on Tuesday February 10, 2004 @03:35PM (#8240823)
      No, law enforcement officers are required to maintain strict control and tracking of evidence now ("Chain of Evidence") to try and prove the evidence has not been tampered with. The mutability of digital records adds extra considerations, in some cases.

      One way of hardening the chain is to burn the digital record onto a CD-R, with a least two witnesses and recording the serial number of the CD-R onto the evidence log.
  • by B3ryllium (571199) on Tuesday February 10, 2004 @03:15PM (#8240582) Homepage
    "How to commit the perfect murder, using Microsoft's debug.exe"
  • It was supposed to be about the upcoming Snorx/3.2 window manager! You can't trust any sources any more.

    Seriously, this has been coming for a long time and there is plenty of material about the impact of a totally digital, totally manipulable reality in the SciFi archives.

    It's a cycle anyhow. Eventually paper and touch will become valuable again because they mean something. Anyone want to buy a signed printout of this comment? Only $0.02!
  • Chain of custody (Score:5, Insightful)

    by LostCluster (625375) * on Tuesday February 10, 2004 @03:16PM (#8240590)
    Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept. Everybody who had control of that evidence from the point it was discovered to the courtroom needs to testify that they didn't nothing funny, and they saw to it that nobody else did anything funny. That makes tampered evidence just as bad as any other lie to the court, somebody's on the hook for perjury.
    • Tamper vs Analyse (Score:5, Insightful)

      by nuggz (69912) on Tuesday February 10, 2004 @03:19PM (#8240634) Homepage
      Yes, but then the question of "what is tampering".

      There are actually cases of people photoshopping fingerprints to "bring them out".

      Is that evidence tampering?
      What if they just use a large burn/dodge tool? what if they just use a small one?

      Where is the line?
    • correct, the digital media SHOULD be locked away and only brought out when it is necessary to show it off. Problem is that the "teams" are using "enhancements" via Photoshop (or the like) to create a better image (or supposedly what the image would have looked like if natural damage had not occured).

      If you had read the article you would have noticed that Photoshop can do 100x more "damage"/"good" than a photographer in a dark room.
    • Re:Chain of custody (Score:2, Informative)

      by rotomonkey (198436)
      Any form of physical evidence can be tampered with. That's why the chain of custody is such an important concept.

      That is also why I applaud the Oregon State Police's efforts at ensuring chain of custody by keeping an encrypted version of the original image locked away on CD. It also makes any mods reproducible in front of a jury, if necessary.

      The potential for modification doesn't scare me as much as the ability to permanently archive evidence. I can go back to a negative shot in 1930 and print it (provi
    • Chain of custody is very important, no doubt. But, what if the digital evidence is planted prior to the chain of custody going into effect? Some one could conceivably plant incriminating files on your computer, make a call, and then CLANK! Hello cellmate Bubba.

      Chain of custody is one small part of the overall picture.
  • I love it (Score:5, Funny)

    by DarkHand (608301) on Tuesday February 10, 2004 @03:16PM (#8240591)
    Ahh, digital evidence tampering, where would I be without you! I was quite good a creating doctors office letterhead for getting out of school. :)
  • by lukewarmfusion (726141) on Tuesday February 10, 2004 @03:17PM (#8240614) Homepage Journal
    We all know how convincing digitally altered photos or videos can be. I mean, what jury wouldn't be convinced that those dinosaurs in Jurassic park were real? They sure looked real to me.
  • DIGITAL evidence ? (Score:5, Insightful)

    by cwernli (18353) on Tuesday February 10, 2004 @03:17PM (#8240621) Homepage
    Heck, where I come from not even regular (=non-digital) photos et al. are admitted as evidence in court - because they are too easily tampered with.

    Basically only human intel is admitted as evidence (witnesses) - if you want to admit other evidence (such as footprints etc.) you show photos (as an illustration, not as the proof) of course, but _always_ backed up by witnesses (fellow officers, forensics guy) who could be called to testify under oath.
    • Witnesses (Score:5, Informative)

      by ParticleGirl (197721) <SlashdotParticle ... m ['l.c' in gap]> on Tuesday February 10, 2004 @03:32PM (#8240789) Journal
      Witnesses [harristechnical.com] credibility [boisestate.edu] has been under debate [udayton.edu] for years. Witnesses can be influenced by suggestive questioning, their own backgrounds and prejudices, or the amount of sleep they have had on a given day. And how do you quantify or qualify that kind of tampering? Witness testimony has been used for millenia. No evidence is foolproof. The problem is 1. to know what kind of tampering can be done and be aware and wary of it and 2. to get the trust of the public [cbsnews.com] in that type of evidence so it can be admitted, falible or not.
    • by stratjakt (596332)
      You can prove through cryptographic means, md5 sums, etc, that the odds a digital file has been tampered with are billions-to-one. Some cameras designed for LEOs have such stuff built in, you can prove that the file hasnt changed since the camera took it.

      With analog, you end up with a dozen 'experts' with magnifying glasses who cant decide if its bigfoot or a guy in a gorilla outfit.

      Besides, cases are built on actual physical evidence. That freak who kidnapped the little girl from the carwash will get t
    • > if you want to admit other evidence (such as
      > footprints etc.) you show photos (as an
      > illustration, not as the proof) of course, but
      > _always_ backed up by witnesses (fellow officers,
      > forensics guy) who could be called to testify
      > under oath.

      That's how it works in the US.
  • personally (Score:2, Funny)

    by Savatte (111615)
    I try to hide the evidence after I tamper with my digits. The hamper is a good hiding place.

    Thank you. I'll be here till im modded down.
  • by astrashe (7452) on Tuesday February 10, 2004 @03:19PM (#8240639) Journal
    If tampering is possible, even if it's unlikely, there will always be an out for people who don't want to believe evidence.

    In practice, the rejection of valid evidence will probably be a bigger problem than the creation of invalid evidence.
  • by hazman (642790) on Tuesday February 10, 2004 @03:19PM (#8240641)
    Simply require all digital evidence to be encrypted. That way anybody who has a thought of tampering would have to consider the wrath of DMCA.

    Nobody would tamper with digital evidence given THAT outcome.
  • DRM? (Score:4, Funny)

    by onyxruby (118189) <onyxruby@[ ]cast.net ['com' in gap]> on Tuesday February 10, 2004 @03:19PM (#8240648)
    Have we finally found a legitimate use for DRM?
    • by garcia (6573) *
      OMFG, do you people even bother to read the articles?

      They are using Photoshop to ENHANCE photographs. Bring out details that would not have been there (the example given was a fingerprint on the inside of a piece of duct-tape used to wrap someone up).

      Sure Photoshop makes photos look good but do we want to put people away when there's a good chance that the modifications made to the photo changed the print?
      • Re:DRM? (Score:4, Insightful)

        by onyxruby (118189) <onyxruby@[ ]cast.net ['com' in gap]> on Tuesday February 10, 2004 @03:40PM (#8240872)
        Actually, I found and read the article before slashdot posted a link to it. I also happen to know how tempting it could be for a lab tech to be told that the bad guy of the month could get off, and by the way just how clear can you make that photo with photoshop? It's ok to enhance a photo to give the cops a pointer on what direction to go in a case, as long as the enhanced photo isn't used for evidence. If you read the article you'll see they were talking specificly about enhancing photos that were to be used as evidence in trials. You did read the article, right?

        Someone who is highly skilled in photoshop can easily manipulate an image well enough that even people in the image can't quite tell what if anything is different. This is quite common with photos used for magazine covers, advertising and the like.
    • And I'm sure it would work exactly well for the Justice Department as it does now for the music industry.
    • Re:DRM? (Score:2, Insightful)

      by Apreche (239272)
      It seems like it except for one thing. This isn't a digital rights management issue. While the technologies may be similar they are not for the same purpose. DRM is used to make sure that people who do not have a right to a piece of data are unable to access it. This is an issue of information assurance. You want to assure that the image originally taken by the digital camera is the same one that you are looking at in the courtroom. One possible way to do this is to apply DRM to the image, but that isn
  • by 31415926535897 (702314) on Tuesday February 10, 2004 @03:20PM (#8240656) Journal
    My second-to-last year of college, I had signed a lease for a house just off campus for the next school year. It was looking forward to it because it was a nice house and I'd be rooming with my closest buddies.

    Unfortunately, when we went to move in, the place was trashed and grossly out of code for the city/county. In an effort to be released from the lease, I took a bunch of photographs of everything that was wrong with the house, but I took them on my digital camera. I even brought my camera to a developer and had the photos professionally developed.

    Nevertheless, I brought my pictures to a lawyer (school-subsidized, provided for student lessor/lessee problems) and he said that if I wanted to use them in any practical way, I had to go take the pictures again with a real camera (and you could _barely_ tell it was digital).

    Fortunately, we had enough evidence that the landlord caved (and we all learned many valuable lessons about leasing, and the law in that time period).
  • by Anonymous Coward

    [This message has been deleted by the administrator]
  • Who needs evidence? (Score:4, Interesting)

    by SparafucileMan (544171) on Tuesday February 10, 2004 @03:21PM (#8240673)
    A huge swarth of people who get convicted for life or death are poor and stupid minorities who are sentenced with usually little more than one person saying "I swear I saw the defendent...sure it was dark but I swear it!" The criminal justice system in the country (U.S.) is in such a poor state that I don't see how digital evidence is such a huge step backwards. Do you really think it would have been easier to free (or convict) O.J. if the photos of the crimescene were digital?
  • logs (Score:2, Interesting)

    by LordMyren (15499)
    is there any way - besides dedicated locked up printers with numbered pages - that one can use to date and verify the authenticity of information? in such a way that will stand up at all in court? so far the only cheap way i know of verifying an idea is mailing it to yourself, but that requires going to the store for stamps... how 1998.

    Myren
  • Seems kinda funny (Score:4, Insightful)

    by onyxruby (118189) <onyxruby@[ ]cast.net ['com' in gap]> on Tuesday February 10, 2004 @03:23PM (#8240693)
    Seems kinda funny, the more you know about technology, the less trusting of it you are. Seems a bit like long time cops that remain paranoid for years after leaving the job. Witness electronic voting regularly get scoured here, as do other forms of tech that are supposed to be accepted as "unquestionable".
    • by rewt66 (738525)
      No, it's because as you learn more about the technology, you learn that it isn't perfect. And this is a good thing.

      We need people who will look at the computers output and say, "That can't be right. I don't care if it came from the computer, it can't be right!" Like especially the doctor who is just about to remove a cancerous lymph node, and the computer is telling him/her to amputate your leg.

    • 'cause our current ways go back to when technology was so primative, that it was impossible. Over time, we grew to trust it more and more. Due to human conservative nature, anything new is scrutanized.


      It's expected considering our past stupidity.. or naiveness.. or what have you.

  • by glaqua (572332) on Tuesday February 10, 2004 @03:24PM (#8240707)
    Canon has a kit called "DVK-E1" that goes along with their EOS 1Ds camera, that they say is 'Available to verify that EOS 1Ds image files are absolutely unaltered". They have done this specifically for use in law enforcement. The details are buried in a Flash presentation. You can follow this link [canon.jp] to find the details.

    So technology has answered, its back in the hands of law enforcement to present their case properly.

  • Currently, digital imaging may be considered a "new technology". It is obviously not known as well as traditional photography and it is a good thing that people question themselves as to regard the possible issues of such technology, especially if this technology is used in cases where it could make a difference between a guilty verdict and a non-guilty.

    At first, photography wasn't accepted right away, and it shouldn't have been. I mean, if I were to persuade you in trying my new revolutionary kind of ca

  • by mrhandstand (233183) on Tuesday February 10, 2004 @03:25PM (#8240716) Journal
    changelogs

    modify ONLY copies

    originals all go onto read-only media

    checksum religiously


    WRITE GOOD POLICY for maintaining digital evidence...and post it before you start using digital media. Review it once a year, or more often to revise for unforeseen issues. Educate your detectives, and your Asst. DA's.

    Rinse, later, repeat.

  • Not a worry.. (Score:5, Interesting)

    by stratjakt (596332) on Tuesday February 10, 2004 @03:26PM (#8240726) Journal
    I work in the field, I create and deploy records management systems for police.

    There's always an auditable chain of custody with all eveidence, digitally the product i use accomplishes it with encryptions and checksums. If an officer takes a pic out to alter it (they have to crop/lighten/darken mugshots so they look consistent for use in a lineup), his actions are logged, and a copy of the original is always kept. Just like checking stuff in and out of any CVS.

    There are some digicams out there specially designed for the task which create special checksums and hashes to prove, mathematically that the image on a disk is the same one the camera took.

    This is all tied to the officer who took the picture and entered it into the system, and ultimately would be held accountable for it.

    If needed, I could be called on to swear an affidavid that the file hadn't been altered since taken/entered.

    Now, for the most part, the agencies I've dealt with only use digital imagine for mugshots, and a few take digital shots of traffic accidents. But more and more are expanding the use of technology. 911 calls, and police radio chatter, being encoded to mp3 and permanently attached to the case file, stills from dashboard cameras, crime scene photos.

    Frankly, you can prove mathematically with some simple tech these days that not even a single pixel in a digital photograph had been altered. It'd much easier to fake an old-fashioned analog photograph.

    Of course, sleazy lawyers will wow clueless jury members with how easy it is to change things in photoshop, which they'll understand. And those jury members will be asleep when the mathemetician demonstrates that there's only a 1 in 400 kajillion chance of altering time image without changing the checksums...

    • sleazy lawyers will wow clueless jury members

      Sleazy lawyers are just like the rest of us - they'll take the path of least resistance.

      Presented with some staggering insurmountable pile of scientific evidence (eg, odds of matching DNA), they'll search out for a Mark Fuhrman and suggest to the jury that there's "reasonable doubt".

  • by BigBadBri (595126) on Tuesday February 10, 2004 @03:26PM (#8240728)
    I see an opportunity of an enterprising digital camera manufacturer here - Sony already do a DV camera that records to DVD - adding some tagging information (GPS coordinates + date/time + operators security code) to each image should be feasible, and given that one PD was saving $6000 per month in Polaroid costs, I'd have thought that even at $10K per throw, a high quality camera could be produced that would provide adequate traceability of the images taken.

  • by l0ungeb0y (442022) on Tuesday February 10, 2004 @03:29PM (#8240758) Homepage Journal
    I think anyone who knows ANYTHING about computers would tell you that there is no guarantee of security or stability.

    Lawmakers should take this into account and require the prosecution or plaintiff show beyond a reasonable doubt that the data can in fact be reasonably trusted and has not been handled by an untrusted or malicious party.

    Overall, this question raises a lot of issues. But I feel the courts need to decide on a set of guidelines that can be used to assure the jury and the defense that the evidence presented to support accusations can in fact be trusted.
    Because who's to say an overzaelous prosecuter didn't hire someone to "put" something on the suspect HD?

    But even then the courts might have a hard time ahead. Already we've seen cases that raise this question in which there can be no "safe-guard" and in fact the defense relies upon the exploitablity of software. This was demonstrated in the kiddie porn trial in the UK in which the defendant got aquitted because his lawyers successfully argued that a virus planted the porn on his PC.

    Ulitmately, it is double-sided issues such as this that are leading us down the path of Microsofts Secure Computing initiative. But that is a mission that is doomed from the start... history shows us that no matter how secure they make it, some one will break it.
  • by Clarencex (204858)
    There is another problem for concern in this area. Law enforcement personnel are now relying almost entirely on digital recording for witness statements and suspect interviews. If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.
    • by djh101010 (656795) on Tuesday February 10, 2004 @03:47PM (#8240942) Homepage Journal
      If you think digital photos are easily tampered with, think about how easy it is to tamper with a WAV file. "I did not do it," can become "I did do it" with the flip of wrist.

      And yet, with a simple md5 checksum or any other of dozens of other techniques, such a change is impossible to make undetectable. The chain of evidence would need to show that at time of recording the md5 checksum of the file was 258c2891488526d239077559ae4fabab, and that the md5 checksum of the current file is still the same. Show the chain is intact, you've got that part of it covered. Get some mathematician to explain to the sheep of the jury that these are better odds than DNA, hell, call it "Digital Fingerprint" or something, and get on with the case.

      Demonstrate this, since they won't get it from the math guy, by taking an image, changing a single pixel, and recalculating the checksum showing that it changes entirely. Don't _tell_ them, _show_ them that if you change the digital information, the "Digital Fingerprint" changes drastically.
  • by Detritus (11846) on Tuesday February 10, 2004 @03:35PM (#8240818) Homepage
    I've often thought it would be useful for digital cameras to provide an option of signing all images with a camera-specific private key stored in a tamper-resistant chip. That would allow third parties to verify that the image file had not been altered after the fact.
  • How ironic... (Score:5, Interesting)

    by Aardpig (622459) on Tuesday February 10, 2004 @03:37PM (#8240844)

    that CNN is publishing this story; back in the late 1990s, they stole a frame from one of my computer generated animations of a pulsating star, and put it in a story [cnn.com] on their website. They tweaked the colourmap a little, but apart from that the image is identical to my original animations [ucl.ac.uk].

    They even had the gall to claim the copyright for themselves. Bastards.

  • by angst_ridden_hipster (23104) on Tuesday February 10, 2004 @03:39PM (#8240859) Homepage Journal
    We've already seen a few kiddie-porn cases in Great Britain thrown out because the machines had been compromised, thus making it impossible to conclusively prove that the individual arrested was responsible for the crime.

    But this points up a scary possibility, one which has already been hinted at in various places, which is that there's no robust trace of events. Once there's a backdoor in your system, there are a lot of things that can happen:

    - secrets can be observed.
    - "evidence" can be planted.
    - activities can be spoofed.

    Say you live under a repressive government, and somehow offend someone with 'l33t h@x0r skillz. You may find, for example, that you published a series of articles critical of the leadership. Yup, it came from your personalized copy of Word, and was sent from your IP address. If they've planted a keylogger, it could even be digitally signed with your PGP key. In a less oppressive environment, you might discover that you just mailed a collection of kiddie porn to the FBI.

    Now the person screwing you could be some vicious script kiddie, but there's also the potential for abuse in the political world. Like the case in Malaysia, where an opposition leader was tarred with a faked sex scandal, political operatives can be neutralized by opponents through these means (please don't let Karl Rove read this posting!).

    Scary stuff...
  • Your honor (Score:3, Funny)

    by mustangsal66 (580843) on Tuesday February 10, 2004 @03:39PM (#8240864)
    I would like to subimt this photo into evidence. It clearly shows Bert and Ernie as the true culprits behind this heinous act!

    If the image don't fit you must acquit.

  • by The I Shing (700142) * on Tuesday February 10, 2004 @03:42PM (#8240887) Journal
    Your Honor, the prosecution submits to the court Exhibit B, a photograph of the shark in question attacking a man dangling from the helicopter.

    And here is Exhibit C, film footage where President Kennedy can clearly be seen saying "Congratulations, how does it feel to be an All-American?" to Forrest Gump.
  • veripic (Score:3, Interesting)

    by caliento (727735) * on Tuesday February 10, 2004 @03:44PM (#8240910)
    If you are interested in verifying images I'd check out veripic. I don't know all the details behind it, but it seems like they are able to tell if the image has been modifed. From what I remember, the requirement is that you have to specify which digital camera it was taken with.

    http://www.veripic.com/certified [veripic.com]

    My guess on how they do it would be by checking how the image was encoded? any ideas?
    • Re:veripic (Score:2, Informative)

      by caliento (727735) *
      sorry, bad link: http://www.veripic.com/certified.htm [veripic.com]
    • Re:veripic (Score:3, Interesting)

      by JoeBuck (7947)

      An altered photograph will often be mathematically inconsistent. Real photos are formed by light sources reflecting and refracting off objects. Mess with it, and you create regions that have inconsistent lighting. Furthermore, Photoshop (or Gimp) tools have specific mathematical properties which can be detected; for example, if you use the Clone tool, there will be little circles of pixels that are highly correlated (not exactly because of the fuzzy edge of the brush). So, with an autocorrelation appro

  • by MrNybbles (618800) on Tuesday February 10, 2004 @03:49PM (#8240973) Journal
    So let's say someone breaks into the MegaCorp computer and causes billions of dollars in damage and causes a few powerplants to go off line in the East Coast of the US during a heatwave causing many people to die.

    Now let's say that the person who did this is found because he forgot to modify/erace the system logs and a criminal trial begins.

    Now let's also say he hires Jacky Childs as his lawyer who asks the system admins, under oath, if the system logs are nothing more than common text files. Then he asks if it is possible that any of the admins could log on and edit that text file log. Unless they got the logs being directed to a line printer an constantly printed out, Jacky Childs just found his reasonable doubt. Good luck with the civil suits!

    Seriously though, this could be a real problem one day soon.
  • It is discussed here [dpreview.com].
  • by Anonymous Coward on Tuesday February 10, 2004 @03:57PM (#8241057)
    I was told by a lawyer to get photographic evidence , not in digital, or film but Instant film format.

    Jury's, and judges consider the instant developed photos of the instamatic camera are considered unalterable because of how they are made /developed.

    usually the oldest technology is the most accepted in the court of law.
  • We sell software (Score:3, Informative)

    by JohnnyGTO (102952) on Tuesday February 10, 2004 @04:13PM (#8241210) Homepage
    at BrightNoise Inc [brightnoise.com] that works with IP based cameras and video "servers" to stream images and detect motion, alarms, etc in sensitive areas . One of the biggest concerns I have had is tampering with jpegs or avi files exported from these softwares. AFAIK none has been challenged in a court of law here in the states, but we have had several schools and companies use it as proof of guilt for thieving and extortion!! The approach Milestone took was to make it exceedingly difficult to tamper with the original recording but allow exports. I train users to immediatly remove the original drives or enter server when there is an event of serious enough magnitude, lets face it whats a few thousand dollars when your talking about firing someone or worse? Personally I would like to see water marks or some embedded checksum in the images.
  • The theory here is that, if somebody keysigns evidence to be entered, alterations to the evidence should be foregone. Granted this only works after the fact, but you can probably branch from there.
  • The scary part... (Score:5, Insightful)

    by gillbates (106458) on Tuesday February 10, 2004 @04:37PM (#8241466) Homepage Journal

    ...original pictures of fingerprints and other evidence are encrypted so they can't be changed, and burned onto a CD, giving the lab the equivalent of a film negative to reference later.

    Um, yeah. Well, if they're encrypted, you either:

    • have the key and can change the image, or
    • don't have the key, and you can't see the image

    I think what he meant to say was checksummed and encrypted. While this does provide a reasonable degree of security against tampering, it in no way establishes that the pictures were real in the first place. It is a very trivial matter to write a CD today with a date of 01/01/1998.

    Yes, checksumming does provide a reasonable degree of security provided other safegaurds are taken. However, defeating this scheme is still too simple. Consider:

    • Murder takes place in 1998. Detective has a hunch that suspect X has done it, but can't prove it.
    • It's 2004 - suspect X is arrested on an unrelated charge, and fingerprinted.
    • Said detective takes pictures of X's fingerprints.
    • He then sets the clock on his PC back to 1998, a few days after the murder.
    • Then he downloads the fingerprints he's just photographed to the machine, and burns the photos to CD. When he's done, he sets the PC's date back to the current date.
    • Said detective files the freshly minted CD in the 1998 storage locker.
    A few days later, the detective suggests to his subordinate that he run X's fingerprints against the crime-scene database. Lo and behold! - suspect X's fingerprints match those found at the crime scene!

    Tell me I'm more secure now. Evidence fakery has been around since mankind learned to lie. The digital age just makes it more convenient.

  • by dpbsmith (263124) on Tuesday February 10, 2004 @04:40PM (#8241513) Homepage
    ...was, if I recall correctly, the headline on a story that appeared in Whole Earth Review [wholeearthmag.com] in the 1980s. The article concerned Scitex's image-processing workstations, and their use to move pyramids on the cover of Time Magazine in order to achieve a more pleasing composition, to add or remove people from a picture, and so forth and so on. The cover, as I recall, showed a UFO landing on the street where Whole Earth's offices were located.

    Now we can do it with Photoshop Elements on a home computer.

    Yes, juries ''should'' be cautious in their approach toward photographic evidence. It was never true that "the camera doesn't lie," but the ease and inexpensiveness with which digital images can be altered certainly ought to alter the jury's Bayesian estimates of the likelihood that tampering could have occurred.
  • by Frobozz0 (247160) on Tuesday February 10, 2004 @04:41PM (#8241523)
    I think the public, as a whole, doesn't understand the real possibilities and liklihoods of digital tampering. It's like magic to some people because it can't be "seen" in many circumstances without a lot of frightenly intelligent people interpreting the evidence FOR them. That scares people, because people don't like what they don't understand. Period.

    If you asked the average juror what the signs of digital photo tamering are, they be baffled to answer. The bottom line is that this will be used by defense lawyers to plant the seed of doubt in otherwise ignorant minds (concerning digital media.)

    Just because it is (perhaps) easier to tamper with pixels than crystals on substrate, doesn't mean it's going to happen more often. Better yet, if people don't understand that digital evidence is subject, but not PRONE, to tampering this myth will continue to perpetuate.

    Maybe I'm wrong with my conclusion that it is not more likely, but it certainly isn't a new issue. In fact, I worries me that it's brought up in the context of a new issue because that just perpetuates a legacy of ignorance... and if you read the article you will find out that the issue is MUCH more a case of poor evidence. If the only evidence a prosecutor has is a previously unidentifyable fingerprint, and suddenly they can identify it, you're going to get skepticism. Furthermor, if that's the only evidence they had on the guy then there's no way you can prosecute on inconclusive evidence.

    The professor was able to reproduce the visual effect that occured when the scientific software processed the finger print. I hate to say it, but SO WHAT? I happen to be an experienced photoshop guy, and artist, but just because I can reproduce what I see, doesn't mean the scientific process involved is invalid. I'm concerned about this kind of defense approach, because it involves voodoo...

    I'd propose that a series of laws clearly define what is digitally permissable based on established algorthms. If a new one is created, it must pass through a panel of reviewers and eventually be passed into law before it can be permissable. In this way, there would be far less "reinvention of doubt" every time a digital photograph is brought into a court room that has a couple filters run on it.

    It would probably involve a series of check and balances at each stage of processing, too.
  • by Kaa (21510) on Tuesday February 10, 2004 @04:44PM (#8241558) Homepage
    Look here: http://www.dpreview.com/news/0401/04012903canondvk e2.asp

    Basically, the way it works is that the camera computes a cryptographically strong hash of the image file at the time the picture is taken and stores it on a tamper-proof secure card. The kit is specifically targeted at law enforcement.

  • by R2.0 (532027) on Tuesday February 10, 2004 @04:58PM (#8241683)
    NIST has a test spec for drive imaging software for forensic use.

    http://www.cftt.nist.gov/documents/Atlanta.pdf

    They have been testing a bunch of programs, and so far dd on Free BSD has performed best:

    http://www.ojp.usdoj.gov/nij/pubs-sum/203095.htm

  • by Exocet (3998) on Tuesday February 10, 2004 @06:06PM (#8242550) Homepage Journal
    http://www.dpreview.com/news/0401/04012903canondvk e2.asp

    Canon has a "Data Verification Kit" (DVK-E2) for law enforcement and related types that worry about tampering.

    From DPReview's copy of Canon's press release, "The kit consists of a dedicated SM (secure mobile) card reader/writer and verification software. When the appropriate function (Personal Function 31) on the EOS-1D Mark II or EOS-1Ds is activated, a code based on the image contents is generated and appended to the image. When the image is viewed, the data verification software determines the code for the image and compares it with the attached code. If the image contents have been manipulated in any way, the codes will not match and the image cannot be verified as the original."

    So it looks like, when you combine the EOS-1D/1Ds w/ the "Secure Mobile" card and put the camera in to a special data verification mode, it probably generates a MD5 or similar hash for each image that is generated.

    This seems to be a fairly obvious way to defeat cries of tampering, although I have no idea how well this software/hardware has been pushed. Perhaps there is a hole somewhere? Hard to say. Hopefully Canon will release similar products for all of their higher-end (300D and up) cameras.

Computers will not be perfected until they can compute how much more than the estimate the job will cost.

Working...