US District Court Says Calculating a Hash Value = Search 623
bfwebster writes "Orin Kerr over at The Volokh Conspiracy (a great legal blog, BTW) reports on a US District Court ruling issued just last week which finds that doing hash calculations on a hard drive is a form of search and thus subject to 4th Amendment limitations. In this particular case, the US District Court suppressed evidence of child pornography on a hard drive because proper warrants were not obtained before imaging the hard drive and calculating MD5 hash values for the individual files on the drive, some of which ended up matching known MD5 hash values for known child pornography image and video files. More details at Kerr's posting." Update: 10/28 16:23 GMT by T : Headline updated to reflect that this is a Federal District Court located in Pennsylvania, rather than a court of the Commonwealth itself.
Bad way to search for kiddie porn (Score:5, Interesting)
I dont see how the 4th amendment applies here (Score:5, Interesting)
Law Enforcement Storage of Naughty Things (Score:4, Interesting)
Re:that's basically what they were doing. (Score:1, Interesting)
Re:Bad way to search for kiddie porn (Score:4, Interesting)
More than likely the hashes are generated against the picture not the file data, and are 'fuzzy' enough that minute changes in the image are ignored. That was many 'Usenet duplicate image detectors' do. For instance, one of the old programs I used to use did this:
* Render image and convert it to grayscale.
* Resize image to 128x128 or some other 'thumbnail' size.
* Create a hash based on the thumbnail.
You'd have to mangle a picture a good amount for it not to show up as a positive match. The problem is you'd have a good number of false positives. On the other hand, if you are using this as a fishing expedition to find an excuse for a more through search, that really isn't a problem... is it?
Re:good point (Score:4, Interesting)
The problem I have here is I would think that this would come under reasonable cause.
Someone calling the police and saying "Hey I found kiddie porn on this computer." seems to be reasonable cause to me.
Re:It's good to see. (Score:4, Interesting)
Or, a good excuse to turn a neighbor or family member in to the party. It wouldn't be hard for private citizens to plant evidence in that manner, either.
Incidentally, your tagline: "Ein Volk, Ein Reich, Ein Messiah." Is that an inept slam against Obama?
Actually, given that the Nazi's brand of national socialism was ideologically very similar to Soviet Communism in many ways, I think I prefer this [youtube.com].
Re:MD5 Collisions... (Score:4, Interesting)
Re:that's basically what they were doing. (Score:3, Interesting)
In either case, I at least like the idea that they say calculating MD5s is considered protected by the 4th.
Re:That's a terrible argument (Score:4, Interesting)
Odds of one innocent file's md5 hash matching one identified file's hash md5 is insignificant. But in this case we are talking about and entire hard drive's worth of files compared to a database of all known digital kiddie porn.
Take a PC that has been in heavy use for a few years, you might have a couple hundred thousand files, each of which could collide with any of the hundreds of thousands (millions?) of hashes for every known kiddie porn related file on the internet.
Think of it like rolling dice. Rolling a double 6 on a pair of 6 sided dice is a 1/36 chance, but rolling any doubles is a 1/6 chance.
The odds of any single file on your hard drive matching any single file they have on record is significantly better than a specific file on your hard drive matching a specific file they have on record.
-Rick
Re:Law Enforcement Storage of Naughty Things (Score:3, Interesting)
Actually, it's a terrible job. There's a guy out there who has to look at all the child porn and verify that it is in fact child porn. There's also a guy out there who has to look at videos of brutal murders to try and figure out who did what. I'm sure these guys aren't too happy about their jobs but realize it's a necessary evil if you want to hunt down those who commit these crimes.
I know a guy who works for Google. His job is to look at porn all the time. He has to verify that SafeSearch has accurately censored out sexual images but leaves women in bikinis alone. You think it'd be a good job, but it actually has desensitized him to sex. He is now blase towards sex, much to the consternation of his gf.
Re:It's good to see. (Score:5, Interesting)
You have to set the bar somewhere, and then stick to it. Sure, you can be more lenient on edge cases, but you still need to say "the limit is X", or the whole legal system is a farce made out of "fuzzy rules we're kind of supposed to follow".
In particular, when we get to the 17-yo case, it's as simple as this: did you think, in good faith, that she was of age? If yes, you should be home free. We're talking reasonable doubt here. It's reasonable to think a 17-yo is 18 or 19. If it was publicized as kiddie porn in any way, I don't care if she's 15 or day shy of 18. You had the information available, you're screwed.
Re:It's good to see. (Score:5, Interesting)
Actually, it looks like a pretty good search technique. It's fast, easy to automate, probably a low percentage of false positives, and can be used to link perps together through shared files. As you note, it would be easy for the pervs to block, by dropping a few bits, but I suspect it would be effective for a while.
It's still a search, with all that goes along with that. But it's probably better than having Officer O'Reilly deciding that your picture of your daughter playing at the beach sans diaper is porn.
Re:It's good to see. (Score:4, Interesting)
Indeed. There can be people with child porn on their machines who are totally innocent. ... and a myriad of other possibilities.
I can envision at least a dozen scenarios, including (but not limited to):
- Irate ex-wife planting the stuff.
- Refurbished drive which had only been deleted, not reformatted. Old stuff still (invisibly) in the \RECYCLER directory.
- Someone running a transparent proxy for their open wi-fi, to increase speeds and minimize the impact of sharing.
- Browser cache, where a remote site has put child porn in a sprite sheet or similar used to display ads. The user has never seen it, and thus not deleted it either.
- The user might be the rightful owner of the material, which is illegal only in other people's possession. A father having a picture of his own children, nude, will usually not be child porn. If someone copies the images and uploads them somewhere, they become child porn. But the original images aren't.
But that, or whether the guy is guilty or not is all besides the point, which is that without a warrant based on reasonable suspicion, no-one should have a right to inspect anything. The heinousness of the crime must never be allowed as an excuse to bend rules, or innocents will suffer.
Re:It's good to see. (Score:5, Interesting)
Yes, easy, but many of the porn collectors aren't going to be bothered with actually doing the edit...
So, go out and make a program that will automatically change a few bits in each file in a directory. Make it a TSR, and watch for all files in a directory. Sell it, profit.
Then the fbi will be after your list of customers (child porn collectors) because it's more complete than theirs.
Shit, the FBI should write this program and sell it from a fake company.
Hate to rain on your parade... (Score:4, Interesting)
But the recent civil forfeiture provisions for copyright infringement they're trying to get signed (maybe already signed?) into law will allow them to do the same thing. The Feds can already seize your property on the mere suspicion that it is being used for illegal drug activity, and are not required to even file charges. When said seizure happens, the burden of proof is on the owner prove that it wasn't used for illegal activity.
Re:that's basically what they were doing. (Score:2, Interesting)
Landlords have different 'possession' of renter's stuff than people others have loaned stuff to. Depending on the state, they can sometimes authorize searches, sometimes they can't, sometimes property left behind becomes theirs, but only after X days, etc.
Just because the landlord was legally holding the drive doesn't mean he could legally authorize a search of it. Or, possibly he could, but he couldn't legally give it away, which he did, and that person thus couldn't authorize a search.
It sounds like the police thought they needed a warrant, or they wouldn't have gone through the silliness of an 'MD5 search' to start with.
OTOH, I thought someone testifying to a judge 'I saw child porn on this computer' was enough for a warrant in the first place, regardless of the ownership rights. That's what happened here. I mean, it sounds like probable cause to me.
Incidentally, why did the judge slap it down? It's possible he did it because an MD5 search requires looking (via a computer program) at every byte of the file, and thus it's hard to see how it's different than a straight up comparison. It's possible he'd have been okay with a filename comparison.
Of course, as someone else pointed out, the chain of custody at this point is near nonsense. A friend of a friend of the landlord. They couldn't prove whose files those were anyway, especially as at least one of the people, the landlord, is plausibly hostile to the person who failed to pay his rent.
No/few warrants is conceivable (Score:3, Interesting)
I wish I could remember the author and book name but I can't so take this as anecdotal until someone comes up with references.
A while back, there was a book getting some attention on CSPAN and in the literary and legal press that posited warrants were not conceived as common things. A warrant, so the thinking went, would indemnify the police from damages if they searched an innocent party. If the police searched someone without first getting a warrant and that person turned out to be guilty, then the search was fine in a "no harm, no foul" sense. If the police did not get a warrant and searched someone innocent, then the person searched would take legal action and be directly awarded large penalties from the police.
The position of the book was that warrants were originally conceived to be rare things, only gotten when there was an edge case where the police reasonably suspected wrongdoing but weren't absolutely sure of their facts. Supposedly, if the police were absolutely sure, they should be free to go ahead and kick in doors. Generally, though, the police were assumed to be unwilling to do so in any but the most obvious cases because to do so incorrectly would bring major penalties down on their heads.
The book cited old English and colonial cases where police made mistakes and courts then ordered the police to directly pay damages to the former suspect.
Such a system could have worked back in the day. Nowadays, not so much. So much of what is illegal these days is invisible or not easily discernible that the need for warrants, even under the old criteria, is huge. Add to that the common practice of police not acting with integrity (I came of age in Houston, Texas in the 1970s. If you learned to deal with cops in that time and place, you'll never, ever, ever trust any cop to tell the truth about anything. You will forever assume that any evidence found by cops was planted. Period.), and the whole "Cops won't hurt innocents because they're afraid of the repercussions" notion simply falls apart.
I said all that to say this - I have some appreciation of the reasonableness of the attitude that if evidence of a crime is found, it doesn't really matter how it was obtained. On balance, I don't agree with that position but I do believe that it should not dismissed out of hand. It has some theoretical merit. It has no practical utility these days, but the theory isn't all crap.
Re:It's good to see. (Score:4, Interesting)
Or, just replace "victim" with "victim or legal representative of victim".
I don't think his point was that the victim needed to necessarily be present, just that the consequences should be compensatory, not punitive.
(Note: I am not endorsing his point of view, just trying to clarify his position.)
Re:It's good to see. (Score:4, Interesting)
As a parent, I disagree. What's in the best interest of my daughter is growing up in a society that is free from the type of madness and baseless hysteria that forms the remainder of your post.
They are the hopes and dreams of the parents who raised them, the future of our society, innocent and worthy of our very best efforts to protect them.
Absolutely, and that includes remaining a society and not a festering mob. It includes not throwing out civil liberties and due process of law just to punish people we don't like. I don't like presidents that spy on Americans, and feel that it's in my best interest that Bush be brought to trial, but I don't see any slavering "conservative" mobs backing me up. It's much more likely that she'll live in a police state than she'll be molested by a stranger.
Honestly, I'd have to question the humanity of someone who is NOT outraged by any crime against a child
Who isn't outraged by this crime? But, that doesn't mean I can't be outraged if the perp's civil rights were violated, especially in this case. There are other shades than just black and white. How often have we read stories of people who went through "the system" for child porn that they could provide reasonable explanations for being there, such as malware? The law's priority IS to ensure the innocent aren't harmed...even if they've been falsely accused of having child porn.
That being said, pedophilia is a mental disorder that needs to be treated, not punished. I question the humanity of any person that can't see that some things can't just be wished, or locked, away and forgotten about.
and least we can understand now that, that, given the active choice to let child molestors walk, that, all this other so-called liberal talk about children is a lie.
Actually, it's the conservative churchies who are more likely to scream "think about the children" than the liberals. Despite what the Ministry of Truth (Fox News) tells you, "liberal" is not a dirty word. Liberals gave women and blacks equal rights. Liberals ensure that you, as a citizen, get a fair day in court. If, however, you're stinking rich, the 'pubs will be happy to bail you out...even if you ARE a child molester as lot of them have been found to be of late.
They aren't interested in trying to save anyone, not the working man or the children. They are a cancer who deliberately brings countries down and ruins cultures in order to secure power for themselves.
I thought you were talking about liberals here? This description matches the actions of the "conservative" party over the last decade and a half.
You just wait until Obama pardons Mumia
Having grown up in Philadelphia and having a fair number of relatives who serve on the Philadelphia police force, and the police forces of neighboring areas of New Jersey...well, I'm not going to defend Mumia...but I can tell you first hand that brutal racism is rampant in the people who are sworn to serve and protect in that area. My own family members and their friends on the force are sufficient proof to me. I know we like to live in a fantasyland where that's not true, but until you see it firsthand, you have no idea what you're talking about. But, given your other statements, that's not a hard argument to make.
Re:It's good to see. (Score:3, Interesting)
In addition is should be noted that almost by definition, the smart ones aren't caught. Thus making the assumption that most criminals are !smart, it would follow that they do not alter the exif field to create false MD5 sigs.
On a flip side, would it be possible to get the known "bad" MD5's then using a rainbow table, create innocuous files that equate to the "bad" hash, similar to the self recursive web page that pretends to host madonna.mp3 to trap RIAA spiders?
-nB
Re:It's good to see. (Score:3, Interesting)
The French and others have an entirely different concept of justice that doesn't give a rats ass about individual rights but instead seeks to arrive at the truth. I'm not advocating the French justice system, I'm just pointing out that there are others and that the societies that use them haven't crashed and burned.
The US justice system is a mess and has only been getting worse. DAs act like Monty Hall. Punishment doesn't even come close to fitting the crime. Aggravated assault is more harshly punished then murder, so if you attack someone with a weapon, make sure you kill them. Sentences are too long and jails are too soft. We don't even pretend to rehabilitate, which is why sentences were increased and while in jail, criminals just become better at not getting caught. Borrow a page from the Japanese and have them pound rocks while subsisting on fish heads and rice.
Re:It's good to see. (Score:3, Interesting)
You have to set the bar somewhere, and then stick to it. Sure, you can be more lenient on edge cases, but you still need to say "the limit is X", or the whole legal system is a farce made out of "fuzzy rules we're kind of supposed to follow".
In particular, when we get to the 17-yo case, it's as simple as this: did you think, in good faith, that she was of age? If yes, you should be home free. We're talking reasonable doubt here. It's reasonable to think a 17-yo is 18 or 19. If it was publicized as kiddie porn in any way, I don't care if she's 15 or day shy of 18. You had the information available, you're screwed.
First off, the fact that the bar must be set somewhere is not a total defense of the law. At least two issues jump out at me.
First, the question that should be asked is the bar in the right place? On its face, 18 appears to be a rather irrational cutoff. 17 year olds are well into the realm of sexuality in terms of their own desires, and only a liar or a gay man would claim that there are no 17 year olds he is sexually attracted to.
Second, there is a long-standing understanding of rules versus standards in law, with rules used in some places and standards used in others. Rules are bright line, and easy to follow. Standards are sensible, but more administratively burdensome and less consistent. An example of a standard in law is the civil claim of intentional infliction of emotional distress (i.e. you can sue someone for being a real asshole, but they better be a real asshole). It is not obvious on the face of the issue to me that the rules approach we have been using in the case of the 18 rule is better than a standards approach (for example, maybe setting the cutoff at onset of puberty).
With regards to your second point, are you suggesting that is the approach we should take, or that is the approach that is taken? Since I'm not sure that a subjective belief can get you off of a charge of possession of kiddie porn, though I haven't researched this and am no expert on the subject.
Lastly, with your approach, assuming that it is a statement of how you believe things should be, what if someone has pictures of naked 18 year olds, but was duped into thinking they were of 16 year olds and hence kiddie porn. If we're going to only look at the mental state of the perpetrator, should we send him to jail on a totally victimless crime?
Re:It's good to see. (Score:3, Interesting)
There are states where 16 is legal. However, the Protect Act will kick in if the partner is under 18. We have one Supreme Court Justice who went on record as saying the age ought to be set at 12, so opinions vary widely about how things *ought* to be. Thus, the laws on the subject are a crazy-quilt of seemingly conflicting provisions.
Just a few years ago, the age in Hawaii was 14. It's a cultural conflict thing that would take too long to explain, but a few people got up in arms about it and claimed that Hawaii was in danger of becoming a haven for perverts. Notwithstanding the fact that a significant portion of the population felt that the age of 14 was set too HIGH already (there's that cultural thing) and that the governor went on record as saying the legislation addressed a non-existent problem, the law was changed and the age of consent was raised. What was most interesting about the change was the way the proponents of the change acted like anyone who disagreed with them was a sub-human pervert not worth debating. There was just no allowance AT ALL made for any discussion. If you didn't go along with the change, you were a closeted molestor. Period.
I found the whole tenor of that process quite unseemly and essentially anti-democratic. I guess it's true what they say about people who love the law or sausages shouldn't see how they're made.
Re:It's good to see. (Score:3, Interesting)
That is weird. Here in Canada I remember reading (in about 1982) about a famous case where the guy picked up the girl at the bar (when the drinking age was 21) went back to her place and bonked her. Her parents came home, freaked about what their 15 yr old was doing and the guy got charged with statutory rape. The judge was very apologetic when he sentenced the poor guy to the minimum 5 yrs.
After this the law was changed so that if you honestly believed the girl was of age, that was a legitimate defense.
Not sure what the law is now though. The sex crime laws have been rewritten a few times and statutory rape isn't on the books any more, at least with that name.