A Linux-Based "Breath Test" For Porn On PCs

Gwaihir the Windlord writes "A university in Western Australia has started beta testing a tool that's described as 'a random breath test' to scan computers for illicit images. According to this article it's a clean bootable Linux environment. Since it doesn't write to the hard drive, the evidence is acceptable in court, at least in Australia. They're also working on versions to search for financial documents in fraud squad cases, or to search for terrorist keywords. Other than skimming off the dumb ones, does anyone really expect this to make a difference?" The article offers no details on what means the software uses to identify suspicious files.

Randoms searches, Yay.

[denis-The-menace]

Now everybody in Australia is guilty until proven innocent!

forensics

[Lord Ender]

Computer forensics is hard, expensive, and time-consuming. I would guess this is just a tool for cops to save cash in criminal investigations compared to hiring an expert, or at least to triage which systems need to be investigated by an expert.

Also, if your friends are IT staff and your online watercooler is slashdot.org, you may think everyone but the "dumb ones" knows how to encrypt a drive. But the reality is that the vast majority of criminals have never heard of Truecrypt.

Re:Australia seems to be a pretty repressed countr

[Spatial]

Might want to avoid the US and the UK as well.

Re:Can't be challenged forensically?

[faloi]

IANAL, but the summary (at least) gives no indication that the forensic tool is going to be the last word. It's a bootable distro, so presumably the system has already been confiscated by whatever organization cares most about the potential crime. The forensic examiner(s) responsible for looking for data with the evil bit set boot to this CD and see if it flags anything. Then they examine anything that's flagged, and prep it for court.

Doing a thorough exam of an average drive can be time consuming, even if the user is kind enough to leave all their documents handily in the "My Documents" folder. Trying to examine several machines in a timely fashion would benefit greatly from a tool like this. If the disk flags something, and it's really illegitimate, the data just needs to get cataloged. Think of it as helping go for "low hanging fruit" that can be used to convict someone, without being as resource intensive as a full manual scan. I'm guessing that if the disk doesn't turn up anything, there will still be a long manual process involved to see if there's something there.

Illicit?

[reidconti]

Last time I checked, porn was not illegal.

Re:forensics

[Jabbrwokk]

I think you are correct. Most criminals are dumb. And I think you're right about this being a cash-saving tool. From the article:

The design concept is that any police person with adequate training could use the tool, so that when they go into a crime scene they can quickly review a computer for illicit images or videos.

Sounds like it relies more on officers' eyeballs than algorithms to do a quick scan for anything obvious. This tool will help them quickly move through the easy stuff, and allow them to focus time and resources on the more sophisticated criminals. [gulf-times.com]

Re:About the only way it COULD work...

[blueg3]

It looks like it's just a tool for previewing media on the drive while maintaining forensic integrity. Certainly something a person trained in computer forensics could do without the tool, but this is targeted at people with minimal training, it seems.

Of course there are plenty of easy anti-forensic measures, but the goal is probably to cut down the time spent per case on the low-hanging fruit (which is the majority of cases) to reduce backlog.

Re:A "random breath test" for computers?

[gstoddart]

Oh great, expect that in a few years they will be running this on international travellers as a standard part of customs.

Sadly, this seems to be a part of a trend. Part of travel now means that you need to be subjected to complete search and inspection to make sure you haven't done anything wrong.

This includes fingerprinting, gathering of biometrics, and having all of your personal stuff exhaustively searched to ensure you have no porn, terrorist material, copyrighted material you can't prove you bought, or anything critical of the government of the country you're entering.

If you have probable cause that I'm smuggling something, maybe. But, in the case you point out where we scan everyone so they can prove themselves innocent ... well, modern society is pretty much hosed in that case. However, that seems to be where we're going lately.

Cheers

Re:Illicit?

[gstoddart]

Since when was porn illegal? If some nosy cunt wanted to "breath test" my pc for porn, i'd just hold up a nice gynacological centrefold and say "look! i think i can see her kidneys! Now fuck off!"

Ah, but once crossing a border requires you to be scanned for any infractions, you won't have a choice.

Soon, it will be considered perfectly normal to subject yourself to full scrutiny in order to prove that you don't have anything they deem unacceptable.

Me, I find it appalling, as we throw away most forms of civil liberties in Western countries on the presumption that someone might have done something wrong, so we inspect everyone.

Cheers

Re:About the only way it COULD work...

[ucblockhead]

An even better way is to get a machine that will boot off of a USB key, and put all the "interesting" pictures on such a key, perhaps encrypted. It is a lot easier to hide a USB key, and this gives you a computer that is itself completely clean so you don't have to deal with demands for encryption keys.

The real criminals can easily avoid

[RichMan]

Anyone serious enough can hide the data. As usual we all get hassled and only the stupid get caught.

1) install a game with huge data files
        - Example World of Warcraft
2) make a dummy side directory off the game install
3) drop in a huge binary file with the same extension as the game data or patch
4) mount dummy file as encrypted file system
5) delete mount line before crossing the border

"No idea what that file is. Looks like part of the game to me."

No way they can have a database of all possible good binary files to ignore.

Breath test for porn?

[dannys42]

I don't get it. How's this software gonna tell if I was looking at porn by checking my breath?

Not just child porn

[fatalGlory]

it seems fairly widely accepted and that people who regularly view pornography are more likely to be involved in sex-related crimes than people who don't (or that sex-offenders are more likely to have porn than non-sex-offenders, whichever way you want to spin it).

This means that even if the computer is found to have pornographic content on it of people who are "of age", this still raises a red flag (and IMO rightly so). Porn is the scourge of the internet. When a person's first exposure to internet porn is typically around 10 years old - it has gone way beyond "free speech". Young minds are being forcibly indoctrinated.

Re:Randoms searches, Yay.

[Fulcrum of Evil]

Granted, they might have been killed if they stayed in Europe but they were not being forced to America like criminals were being forced to Australia. Besides, we had plenty of criminals who were forced to come to America.

Not likely - the religious groups were mostly interested in making everybody follow their morality and got booted for it - basically, they were too obnoxious to be around. So they came to the US, hijacked a boat to plymouth (actually, bribed the captain or something), and set up a colony far from virginia, which is where most of the people on the boat wanted to go.

Re:About the only way I it COULD work...

[mcalwell]

In fact, the whole point of hashes is that they give completely different results even with the smallest differences between files or strings. Think about it. Imagine if the hash for the word "foo" was 45Ht56B, and you knew that. If the hash for "f001" was 45Ht56C or 45Ht56B4, then you could deduce a password simply by looking at a hash.

Re:About the only way I it COULD work...

[jaseuk]

The whole point of a hashing algorithm like MD5 is that even a single bit change should change lots of random bits in the resulting hash. If it was predictable it wouldn't be suitable for it's purpose.

Jason

Re:Quick! Whats the...

[Reziac]

Invert colour spectrum on porn images. Now all the skin is green or purple or some other decidedly un-skin colour.

Transmit images.

Re-invert colour spectrum. Skin is all skin-coloured again.

.
.
.
.

Okay, so this might not work so well if the images are from after a major S&M session ;)

Bzzzt. Correlation != Causation

[jonaskoelker]

it seems fairly widely accepted and that people who regularly view pornography are more likely to be involved in sex-related crimes than people who don't (or that sex-offenders are more likely to have porn than non-sex-offenders, whichever way you want to spin it).

I'll keep the citation-needed tag to myself, and go to the heart of the matter: what's the causality relation here?

Is it that viewing porn makes you commit sexual offenses? Or that something (say, an ultra high sex drive and a lack of restraint) makes you commit sexual offenses and also view porn? Or is it that something causes you to commit sexual offenses, which causes you to look at porn [because you have to escape but are not satisfied].

This means that even if the computer is found to have pornographic content on it of people who are "of age", this still raises a red flag (and IMO rightly so).

It raises a red flag indicating what?

There's an urban legend that wanking blinds you. All boys and men who weren't blind as they entered puberty knows this to be false.

Having porn is very common, I would think.

Without knowing what's causing what, and what the conditional probabilities are, seeing porn doesn't say anything at all about whether there's something worth investigating.

Some terrorists play the piano. Look, this guy has a piano. He's probably a terrorist! Stone him!